Last updated at Fri, 14 Jun 2024 14:15:18 GMT
这是 2024年6月补丁星期二. Microsoft is addressing 51 vulnerabilities today, 和 has evidence of public disclosure for just a single one of those. 在撰写本文时,没有列出今天发布的漏洞 中钢协KEV, although this is always subject to change. 微软今天修补了一个关键的远程代码执行(RCE)漏洞. Seven browser vulnerabilities were published separately this month, 和不包括在总数中.
MSMQ:临界RCE
今天唯一修复的关键RCE是 cve - 2024 - 30080 适用于所有当前版本的Windows. 攻击者需要向MSMQ服务器发送特制的恶意数据包, 补丁星期二的观察者会知道哪个是漏洞的长期来源. 像往常一样, Microsoft points out that the Windows message queuing service is not enabled by default; as usual, Rapid7 笔记 许多应用程序——包括Microsoft Exchange——悄悄地将MSMQ引入到它们自己的安装程序中. As is typical of MSMQ RCE vulnerabilities, 由于网络攻击向量,cve - 2024 - 30080获得了很高的CVSSv3基础分数, 低攻击复杂度, 以及缺乏必要的特权. 代码执行大概是在SYSTEM上下文中进行的,尽管通知没有指定.
Office:恶意文件rce
Microsoft Office收到一对rce -via-恶意文件漏洞的补丁. cve - 2024 - 30101 is a vulnerability in Outlook; although the Preview Pane is a vector, 用户随后必须执行未指定的特定操作来触发漏洞,攻击者必须赢得竞争条件. 另一方面, cve - 2024 - 30104 does not have the Preview Pane as a vector, but nevertheless ends up with a slightly higher CVSS base score of 7.8, since exploitation relies solely on the user opening a malicious file.
SharePoint:远端控制设备
This month also brings a patch for SharePoint RCE cve - 2024 - 30100. 该建议没有详细说明,代码开发的背景也不清楚. The weakness is described as CWE-426: Untrusted 搜索 Path; many (but not all) vulnerabilities associated with CWE-426 lead to elevation of privilege.
DNSSEC NSEC3: CPU耗尽DoS
And now for something completely different: cve - 2023 - 50868, which describes a denial of service vulnerability in DNSSEC. This vulnerability is present in the DNSSEC spec itself, 和 the CVE was assigned by MITRE on behalf of DNSSEC. 因此,微软的DNSSEC实现与其他实现一样受到攻击. 攻击者可以通过要求来自dnssec签名区域的响应来耗尽验证dnssec的DNS解析器上的CPU资源, if the resolver uses NSEC3 to respond to the request. NSEC3旨在为验证dnssec的DNS解析器提供一种安全的方式来指示所请求的资源不存在. 在某些情况下, DNS解析器必须执行数千次哈希函数迭代来计算NSEC3响应, 和 this is the foundation on which this DoS exploit rests. All current versions of Windows Server receive a patch today.
通常, 当微软发布安全公告并将漏洞描述为公开披露时, that public disclosure will have been recent. 然而, 在cve - 2023 - 50868的情况下, the flaw in DNSSEC was first publicly disclosed on 2024-02-13. 该报告承认来自德国国家应用网络安全研究中心(ATHENE)的四位学者。, 这也许很有趣,因为这些研究人员是2024年3月一篇学术论文的作者,该论文淡化了cve - 2023 - 50868的DoS潜力. Those same researchers published another DNSSEC flaw cve - 2023 - 50387 (也被称为KeyTrap)在2024年1月, which they describe as having potentially serious implications; Microsoft patched that one at the next scheduled opportunity in February. The cve - 2023 - 50868 advisory published today does not provide further insight as to why this vulnerability wasn’t patched sooner; a reasonable assumption might be that Microsoft assesses cve - 2023 - 50868 as less urgent/critical than cve - 2023 - 50387, 尽管两者在微软的专利严重性排名中都被评为“重要”. 也有可能微软不希望成为唯一一个没有补丁的主要服务器操作系统供应商.
生命周期更新
本月微软产品的生命周期阶段没有重大变化. In July, Microsoft SQL Server 2014 will 从延长支持期结束开始. 从八月起, 微软只保证为选择参与付费扩展安全更新计划的客户提供SQL Server 2014安全更新.
总结图表
汇总表
Azure的漏洞
CVE | Title | 利用? | 公开披露? | CVSSv3基本分数 |
---|---|---|---|---|
cve - 2024 - 37325 | Azure Science虚拟机(DSVM)特权提升漏洞 | No | No | 8.1 |
cve - 2024 - 35252 | Azure Storage Movement Client Library Denial of Service 脆弱性 | No | No | 7.5 |
cve - 2024 - 35254 | Azure Monitor Agent Elevation of Privilege 脆弱性 | No | No | 7.1 |
cve - 2024 - 35255 | Azure身份库和Microsoft身份验证库特权提升漏洞 | No | No | 5.5 |
cve - 2024 - 35253 | Microsoft Azure File Sync Elevation of Privilege 脆弱性 | No | No | 4.4 |
浏览器的漏洞
CVE | Title | 利用? | 公开披露? | CVSSv3基本分数 |
---|---|---|---|---|
cve - 2024 - 5499 | Chromium: cve - 2024 - 5499 Out of bounds write in Streams API | No | No | N/A |
cve - 2024 - 5498 | Chromium: cve - 2024 - 5498 Use after free in Presentation API | No | No | N/A |
cve - 2024 - 5497 | Chromium: cve - 2024 - 5497 Out of bounds memory access in Keyboard Inputs | No | No | N/A |
cve - 2024 - 5496 | Chromium: cve - 2024 - 5496 Use after free in Media Session | No | No | N/A |
cve - 2024 - 5495 | Chromium: cve - 2024 - 5495 Use after free in Dawn | No | No | N/A |
cve - 2024 - 5494 | Chromium: cve - 2024 - 5494 Use after free in Dawn | No | No | N/A |
cve - 2024 - 5493 | Chromium: cve - 2024 - 5493 Heap buffer overflow in WebRTC | No | No | N/A |
开发人员工具漏洞
CVE | Title | 利用? | 公开披露? | CVSSv3基本分数 |
---|---|---|---|---|
cve - 2024 - 29187 | GitHub: cve - 2024 - 29187基于WiX burn的包在作为SYSTEM运行时容易受到二进制劫持 | No | No | 7.3 |
cve - 2024 - 29060 | Visual Studio Elevation of Privilege 脆弱性 | No | No | 6.7 |
cve - 2024 - 30052 | Visual Studio Remote Code Execution 脆弱性 | No | No | 4.7 |
静电单位漏洞
CVE | Title | 利用? | 公开披露? | CVSSv3基本分数 |
---|---|---|---|---|
cve - 2024 - 30074 | Windows链路层拓扑发现协议远程代码执行漏洞 | No | No | 8 |
cve - 2024 - 30075 | Windows链路层拓扑发现协议远程代码执行漏洞 | No | No | 8 |
Microsoft Dynamics漏洞
CVE | Title | 利用? | 公开披露? | CVSSv3基本分数 |
---|---|---|---|---|
cve - 2024 - 35249 | Microsoft Dynamics 365 Business Central远程代码执行漏洞 | No | No | 8.8 |
cve - 2024 - 35248 | Microsoft Dynamics 365 Business Central特权提升漏洞 | No | No | 7.3 |
cve - 2024 - 35263 | Microsoft Dynamics 365(本地)信息泄露漏洞 | No | No | 5.7 |
Microsoft Office漏洞
CVE | Title | 利用? | 公开披露? | CVSSv3基本分数 |
---|---|---|---|---|
cve - 2024 - 30103 | Microsoft Outlook Remote Code Execution 脆弱性 | No | No | 8.8 |
cve - 2024 - 30100 | Microsoft SharePoint Server Remote Code Execution 脆弱性 | No | No | 7.8 |
cve - 2024 - 30104 | Microsoft Office Remote Code Execution 脆弱性 | No | No | 7.8 |
cve - 2024 - 30101 | Microsoft Office Remote Code Execution 脆弱性 | No | No | 7.5 |
cve - 2024 - 30102 | Microsoft Office Remote Code Execution 脆弱性 | No | No | 7.3 |
Windows操作系统漏洞
CVE | Title | 利用? | 公开披露? | CVSSv3基本分数 |
---|---|---|---|---|
cve - 2024 - 30064 | Windows Kernel Elevation of Privilege 脆弱性 | No | No | 8.8 |
cve - 2024 - 30068 | Windows Kernel Elevation of Privilege 脆弱性 | No | No | 8.8 |
cve - 2024 - 30097 | 微软语音应用程序编程接口(SAPI)远程代码执行漏洞 | No | No | 8.8 |
cve - 2024 - 30085 | Windows Cloud Files迷你过滤器驱动程序特权提升漏洞 | No | No | 7.8 |
cve - 2024 - 30089 | Microsoft Streaming Service Elevation of Privilege 脆弱性 | No | No | 7.8 |
cve - 2024 - 30072 | 微软事件跟踪日志文件解析远程代码执行漏洞 | No | No | 7.8 |
cve - 2024 - 35265 | Windows Perception Service Elevation of Privilege 脆弱性 | No | No | 7 |
cve - 2024 - 30088 | Windows Kernel Elevation of Privilege 脆弱性 | No | No | 7 |
cve - 2024 - 30099 | Windows Kernel Elevation of Privilege 脆弱性 | No | No | 7 |
cve - 2024 - 30076 | Windows Container 经理 Service Elevation of Privilege 脆弱性 | No | No | 6.8 |
cve - 2024 - 30096 | Windows Cryptographic 服务 Information Disclosure 脆弱性 | No | No | 5.5 |
cve - 2024 - 30069 | Windows远程访问连接管理器信息泄露漏洞 | No | No | 4.7 |
Windows ESU漏洞
CVE | Title | 利用? | 公开披露? | CVSSv3基本分数 |
---|---|---|---|---|
cve - 2024 - 30080 | Microsoft Message Queuing (MSMQ) Remote Code Execution 脆弱性 | No | No | 9.8 |
cve - 2024 - 30078 | Windows Wi-Fi Driver Remote Code Execution 脆弱性 | No | No | 8.8 |
cve - 2024 - 30077 | Windows OLE Remote Code Execution 脆弱性 | No | No | 8 |
cve - 2024 - 30086 | Windows Win32 Kernel Subsystem Elevation of Privilege 脆弱性 | No | No | 7.8 |
cve - 2024 - 30062 | 基于Windows标准的存储管理服务远程代码执行漏洞 | No | No | 7.8 |
cve - 2024 - 30094 | Windows路由和远程访问服务(RRAS)远程代码执行漏洞 | No | No | 7.8 |
cve - 2024 - 30095 | Windows路由和远程访问服务(RRAS)远程代码执行漏洞 | No | No | 7.8 |
cve - 2024 - 35250 | Windows Kernel-Mode Driver Elevation of Privilege 脆弱性 | No | No | 7.8 |
cve - 2024 - 30082 | Win32k Elevation of Privilege 脆弱性 | No | No | 7.8 |
cve - 2024 - 30087 | Win32k Elevation of Privilege 脆弱性 | No | No | 7.8 |
cve - 2024 - 30091 | Win32k Elevation of Privilege 脆弱性 | No | No | 7.8 |
cve - 2024 - 30083 | Windows标准存储管理服务拒绝服务漏洞 | No | No | 7.5 |
cve - 2023 - 50868 | MITRE: cve - 2023 - 50868 NSEC3 closest encloser proof can exhaust CPU | No | 是的 | 7.5 |
cve - 2024 - 30070 | DHCP Server Service Denial of Service 脆弱性 | No | No | 7.5 |
cve - 2024 - 30093 | Windows Storage Elevation of Privilege 脆弱性 | No | No | 7.3 |
cve - 2024 - 30084 | Windows Kernel-Mode Driver Elevation of Privilege 脆弱性 | No | No | 7 |
cve - 2024 - 30090 | Microsoft Streaming Service Elevation of Privilege 脆弱性 | No | No | 7 |
cve - 2024 - 30063 | Windows Distributed File System (DFS) Remote Code Execution 脆弱性 | No | No | 6.7 |
cve - 2024 - 30066 | Winlogon Elevation of Privilege 脆弱性 | No | No | 5.5 |
cve - 2024 - 30067 | Winlogon Elevation of Privilege 脆弱性 | No | No | 5.5 |
cve - 2024 - 30065 | Windows Themes Denial of Service 脆弱性 | No | No | 5.5 |
更新
- 2024-06-12: Corrected a typo in a reference to cve - 2023 - 50868.