近日,微软官方发布了多个安全漏洞的公告,包括InternetExplorer安全漏洞(CNNVD-202103-644、CVE-2021-27085)、MicrosoftSharePoint Server 安全漏洞(CNNVD-202103-642、CVE-2021-27076)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、漏洞介绍

2021年3月10日,微软发布了2021年3月份安全更新,共82个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Windows操作系统、Azure、IE和Edge、Exchange Server、Office、SharePoint Server,Visual Studio等多个Windows平台下应用软件和组件。CNNVD对其危害等级进行了评价,其中包括7个超危漏洞,64个高危漏洞。微软多个产品和系统版本受漏洞影响,具体影响范围可访问https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。

二、漏洞详情

此次更新共包括82个漏洞的补丁程序,其中7个超危漏洞,64个高危漏洞。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Windows DNS服务器安全漏洞

CNNVD-202103-615

CVE-2021-26897

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26897

2

Microsoft Windows DNS服务器安全漏洞

CNNVD-202103-613

CVE-2021-26895

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26895

3

Microsoft Windows DNS服务器安全漏洞

CNNVD-202103-618

CVE-2021-26894

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26894

4

Microsoft Windows DNS服务器安全漏洞

CNNVD-202103-612

CVE-2021-26893

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26893

5

Microsoft Windows安全漏洞

CNNVD-202103-607

CVE-2021-26877

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26877

6

Windows Hyper-V安全漏洞

CNNVD-202103-597

CVE-2021-26867

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26867

7

Microsoft Azure Sphere安全漏洞

CNNVD-202103-580

CVE-2021-27080

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27080

8

Microsoft Internet Explorer安全漏洞

CNNVD-202103-644

CVE-2021-27085

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27085

9

Microsoft Visual Studio Code 安全漏洞

CNNVD-202103-643

CVE-2021-27084

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27084

10

Microsoft SharePoint Server安全漏洞

CNNVD-202103-642

CVE-2021-27076

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27076

11

Microsoft Git for Visual Studio安全漏洞

CNNVD-202103-640

CVE-2021-21300

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21300

12

Microsoft Windows DNS服务器安全漏洞

CNNVD-202103-637

CVE-2021-27063

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27063

13

Microsoft HEVC Video扩展程序安全漏洞

CNNVD-202103-638

CVE-2021-27062

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27062

14

Microsoft HEVC Video扩展程序安全漏洞

CNNVD-202103-636

CVE-2021-27061

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27061

15

Microsoft Office安全漏洞

CNNVD-202103-635

CVE-2021-27059

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27059

16

Microsoft Office ClickToRun安全漏洞

CNNVD-202103-634

CVE-2021-27058

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27058

17

Microsoft Office安全漏洞

CNNVD-202103-633

CVE-2021-27057

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27057

18

Microsoft PowerPoint安全漏洞

CNNVD-202103-631

CVE-2021-27056

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27056

19

Microsoft Visio安全漏洞

CNNVD-202103-632

CVE-2021-27055

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27055

20

Microsoft Excel安全漏洞

CNNVD-202103-630

CVE-2021-27054

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27054

21

Microsoft Excel安全漏洞

CNNVD-202103-629

CVE-2021-27053

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27053

22

Microsoft HEVC Video扩展程序安全漏洞

CNNVD-202103-627

CVE-2021-27051

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27051

23

Microsoft HEVC Video扩展程序安全漏洞

CNNVD-202103-626

CVE-2021-27050

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27050

24

Microsoft HEVC Video扩展程序安全漏洞

CNNVD-202103-624

CVE-2021-27049

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27049

25

Microsoft HEVC Video安全漏洞

CNNVD-202103-641

CVE-2021-27048

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27048

26

Microsoft HEVC Video扩展程序安全漏洞

CNNVD-202103-623

CVE-2021-27047

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27047

27

Microsoft HEVC Video扩展程序安全漏洞

CNNVD-202103-625

CVE-2021-26902

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26902

28

Windows事件跟踪安全漏洞

CNNVD-202103-622

CVE-2021-26901

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26901

29

Microsoft Windows Wink安全漏洞

CNNVD-202103-621

CVE-2021-26900

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26900

30

Microsoft Windows UPnP设备主机安全漏洞

CNNVD-202103-619

CVE-2021-26899

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26899

31

Microsoft Windows安全漏洞

CNNVD-202103-617

CVE-2021-26898

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26898

32

Microsoft Windows DNS服务器安全漏洞

CNNVD-202103-616

CVE-2021-26896

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26896

33

Microsoft Windows容器执行代理安全漏洞

CNNVD-202103-650

CVE-2021-26891

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26891

34

Microsoft Application Virtualization安全漏洞

CNNVD-202103-651

CVE-2021-26890

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26890

35

Microsoft Windows Update Stack安全漏洞

CNNVD-202103-649

CVE-2021-26889

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26889

36

Microsoft Windows安全漏洞

CNNVD-202103-648

CVE-2021-26887

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26887

37

Microsoft Windows WalletService安全漏洞

CNNVD-202103-646

CVE-2021-26885

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26885

38

Microsoft Windows安全漏洞

CNNVD-202103-614

CVE-2021-26882

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26882

39

Microsoft Windows Media Foundation安全漏洞

CNNVD-202103-610

CVE-2021-26881

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26881

40

Microsoft Windows安全漏洞

CNNVD-202103-620

CVE-2021-26880

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26880

41

Microsoft Windows NAT安全漏洞

CNNVD-202103-609

CVE-2021-26879

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26879

42

Microsoft Windows打印后台处理程序安全漏洞

CNNVD-202103-608

CVE-2021-26878

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26878

43

Microsoft OpenType字体分析安全漏洞

CNNVD-202103-606

CVE-2021-26876

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26876

44

Microsoft Windows Win32k安全漏洞

CNNVD-202103-605

CVE-2021-26875

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26875

45

Microsoft Windows覆盖筛选器安全漏洞

CNNVD-202103-604

CVE-2021-26874

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26874

46

Microsoft Windows User Profile Service安全漏洞

CNNVD-202103-602

CVE-2021-26873

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26873

47

Windows安全漏洞

CNNVD-202103-603

CVE-2021-26872

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26872

48

Windows安全漏洞

CNNVD-202103-600

CVE-2021-26871

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26871

49

Microsoft Windows投影文件系统安全漏洞

CNNVD-202103-601

CVE-2021-26870

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26870

50

Microsoft Windows图形组件安全漏洞

CNNVD-202103-598

CVE-2021-26868

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26868

51

Microsoft Windows Update服务安全漏洞

CNNVD-202103-596

CVE-2021-26866

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26866

52

Microsoft Windows容器执行代理安全漏洞

CNNVD-202103-595

CVE-2021-26865

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26865

53

Microsoft Windows虚拟注册表提供程序安全漏洞

CNNVD-202103-594

CVE-2021-26864

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26864

54

Microsoft Windows Win32k安全漏洞

CNNVD-202103-593

CVE-2021-26863

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26863

55

Microsoft Windows图形组件安全漏洞

CNNVD-202103-591

CVE-2021-26861

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26861

56

Microsoft Windows App-V覆盖筛选器安全漏洞

CNNVD-202103-589

CVE-2021-26860

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26860

57

Microsoft Power BI信息泄漏漏洞

CNNVD-202103-590

CVE-2021-26859

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26859

58

Microsoft HEVC Video扩展程序安全漏洞

CNNVD-202103-587

CVE-2021-24110

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24110

59

Microsoft Windows错误报告安全漏洞

CNNVD-202103-584

CVE-2021-24090

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24090

60

Microsoft HEVC Video安全漏洞

CNNVD-202103-585

CVE-2021-24089

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24089

61

Visual Studio Code安全漏洞

CNNVD-202103-582

CVE-2021-27083

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27083

62

Microsoft Visual Studio Code 安全漏洞

CNNVD-202103-583

CVE-2021-27082

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27082

63

Microsoft Visual Studio Code ESLint安全漏洞

CNNVD-202103-581

CVE-2021-27081

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27081

64

Microsoft Windows Win32k安全漏洞

CNNVD-202103-579

CVE-2021-27077

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27077

65

Windows 10安全漏洞

CNNVD-202103-575

CVE-2021-27070

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27070

66

Visual Studio Code安全漏洞

CNNVD-202103-576

CVE-2021-27060

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27060

67

Microsoft Internet Explorer安全漏洞

CNNVD-202103-574

CVE-2021-26411

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26411

68

Microsoft Office安全漏洞

CNNVD-202103-573

CVE-2021-24108

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24108

69

Microsoft DirectX安全漏洞

CNNVD-202103-572

CVE-2021-24095

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24095

70

Microsoft Windows Update Stack安装程序安全漏洞

CNNVD-202103-571

CVE-2021-1729

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1729

71

Microsoft Windows打印后台处理程序安全漏洞

CNNVD-202103-570

CVE-2021-1640

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1640

72

Microsoft Windows管理中心安全功能安全漏洞

CNNVD-202103-639

CVE-2021-27066

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27066

73

Microsoft SharePoint Server信息泄露漏洞

CNNVD-202103-628

CVE-2021-27052

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27052

74

Microsoft Windows可扩展固件接口安全漏洞

CNNVD-202103-611

CVE-2021-26892

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26892

75

Microsoft User Profile Service安全漏洞

CNNVD-202103-647

CVE-2021-26886

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26886

76

Microsoft Windows Media照片编解码器信息泄漏漏洞

CNNVD-202103-645

CVE-2021-26884

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26884

77

Microsoft Windows ActiveX安装程序服务信息泄露漏洞

CNNVD-202103-599

CVE-2021-26869

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26869

78

Microsoft Windows Installer安全漏洞

CNNVD-202103-592

CVE-2021-26862

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26862

79

Windows信息泄露漏洞

CNNVD-202103-588

CVE-2021-24107

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24107

80

Microsoft SharePoint安全漏洞

CNNVD-202103-586

CVE-2021-24104

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24104

81

Microsoft Windows虚拟机信息泄露漏洞

CNNVD-202103-578

CVE-2021-27075

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27075

82

Microsoft Azure Sphere安全漏洞

CNNVD-202103-577

CVE-2021-27074

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27074

三、修复建议

目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:

https://msrc.microsoft.com/update-guide/en-us

CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。

联系方式: cnnvd@itsec.gov.cn

声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。