近日,微软官方发布了多个安全漏洞的公告,包括MicrosoftExchange Server 安全漏洞(CNNVD-202201-730、CVE-2022-21855)、Microsoft Windows安全漏洞(CNNVD-202201-779、CVE-2022-21907)等99个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、 漏洞介绍

2022年1月11日,微软发布了2022年1月份安全更新,共99个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Graphics、Microsoft Windows Common Log File System Driver、Microsoft Windows Remote Access Connection Manager、Microsoft Office等。CNNVD对其危害等级进行了评价,其中超危漏洞6个,高危漏洞63个,中危漏洞29个,低危漏洞1个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。

二、漏洞详情

此次更新共包括99个漏洞的补丁程序,其中超危漏洞6个,高危漏洞63个,中危漏洞29个,低危漏洞1个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Microsoft Exchange Server 安全漏洞

CNNVD-202201-730

CVE-2022-21855

超危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21855

2

Microsoft Exchange Server 安全漏洞

CNNVD-202201-731

CVE-2022-21969

超危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21969

3

Microsoft Exchange Server 安全漏洞

CNNVD-202201-734

CVE-2022-21846

超危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21846

4

Microsoft Windows安全漏洞

CNNVD-202201-779

CVE-2022-21907

超危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21907

5

Microsoft Hyper-V 权限许可和访问控制问题漏洞

CNNVD-202201-787

CVE-2022-21901

超危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21901

6

Microsoft Windows 安全漏洞

CNNVD-202201-855

CVE-2022-21849

超危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21849

7

Microsoft Office 缓冲区错误漏洞

CNNVD-202201-733

CVE-2022-21841

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21841

8

多款Microsoft产品代码注入漏洞

CNNVD-202201-735

CVE-2022-21840

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21840

9

多款Microsoft产品代码注入漏洞

CNNVD-202201-744

CVE-2022-21842

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21842

10

Microsoft SharePoint代码注入漏洞

CNNVD-202201-764

CVE-2022-21837

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21837

11

Microsoft Kerberos for Windows安全漏洞

CNNVD-202201-769

CVE-2022-21920

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21920

12

多款Microsoft产品缓冲区错误漏洞

CNNVD-202201-773

CVE-2022-21922

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21922

13

Microsoft Windows Common Log File System Driver缓冲区错误漏洞

CNNVD-202201-774

CVE-2022-21916

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21916

14

Microsoft Windows 缓冲区错误漏洞

CNNVD-202201-775

CVE-2022-21919

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21919

15

Microsoft Windows Remote Access Connection Manager权限许可和访问控制问题漏洞

CNNVD-202201-776

CVE-2022-21914

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21914

16

Microsoft Windows DirectX 安全漏洞

CNNVD-202201-778

CVE-2022-21912

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21912

17

Microsoft Windows Installer安全漏洞

CNNVD-202201-781

CVE-2022-21908

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21908

18

Microsoft Windows 安全漏洞

CNNVD-202201-782

CVE-2022-21910

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21910

19

Microsoft Graphics Component 安全漏洞

CNNVD-202201-784

CVE-2022-21904

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21904

20

Microsoft Graphics Components安全漏洞

CNNVD-202201-785

CVE-2022-21903

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21903

21

Microsoft Windows安全漏洞

CNNVD-202201-786

CVE-2022-21902

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21902

22

Microsoft Windows DirectX 安全漏洞

CNNVD-202201-788

CVE-2022-21898

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21898

23

Microsoft Windows Common Log File System Driver 缓冲区错误漏洞

CNNVD-202201-789

CVE-2022-21897

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21897

24

Microsoft Windows 安全漏洞

CNNVD-202201-790

CVE-2022-21896

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21896

25

Microsoft Windows缓冲区错误漏洞

CNNVD-202201-791

CVE-2022-21895

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21895

26

多款Microsoft产品安全漏洞

CNNVD-202201-795

CVE-2022-21893

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21893

27

Microsoft Windows安全漏洞

CNNVD-202201-797

CVE-2022-21890

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21890

28

Microsoft Windows 安全漏洞

CNNVD-202201-798

CVE-2022-21889

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21889

29

Microsoft Windows 安全漏洞

CNNVD-202201-799

CVE-2022-21883

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21883

30

Microsoft Windows Remote Access Connection Manager 权限许可和访问控制问题漏洞

CNNVD-202201-800

CVE-2022-21885

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21885

31

Microsoft Windows Local Security Authority Subsystem Service 缓冲区错误漏洞

CNNVD-202201-801

CVE-2022-21884

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21884

32

Microsoft Windows 安全漏洞

CNNVD-202201-802

CVE-2022-21882

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21882

33

Microsoft Windows 安全漏洞

CNNVD-202201-803

CVE-2022-21887

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21887

34

Microsoft Windows 代码注入漏洞

CNNVD-202201-804

CVE-2022-21888

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21888

35

Microsoft Windows Kernel 缓冲区错误漏洞

CNNVD-202201-805

CVE-2022-21881

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21881

36

Microsoft Graphics Components安全漏洞

CNNVD-202201-806

CVE-2022-21880

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21880

37

Microsoft Windows 代码注入漏洞

CNNVD-202201-808

CVE-2022-21878

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21878

38

Microsoft Windows 代码注入漏洞

CNNVD-202201-810

CVE-2022-21874

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21874

39

Microsoft Windows Event Tracing 权限许可和访问控制问题漏洞

CNNVD-202201-811

CVE-2022-21872

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21872

40

Microsoft Windows 权限许可和访问控制问题漏洞

CNNVD-202201-812

CVE-2022-21873

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21873

41

Microsoft Windows Storage Spaces Controller权限许可和访问控制问题漏洞

CNNVD-202201-814

CVE-2022-21875

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21875

42

多款Microsoft产品权限许可和访问控制问题漏洞

CNNVD-202201-815

CVE-2022-21871

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21871

43

Microsoft Windows 权限许可和访问控制问题漏洞

CNNVD-202201-816

CVE-2022-21870

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21870

44

多款Microsoft产品权限许可和访问控制问题漏洞

CNNVD-202201-817

CVE-2022-21869

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21869

45

Microsoft Windows权限许可和访问控制问题漏洞

CNNVD-202201-818

CVE-2022-21868

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21868

46

Microsoft Windows 权限许可和访问控制问题漏洞

CNNVD-202201-819

CVE-2022-21867

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21867

47

Microsoft Windows 权限许可和访问控制问题漏洞

CNNVD-202201-820

CVE-2022-21864

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21864

48

多款Microsoft产品权限许可和访问控制问题漏洞

CNNVD-202201-821

CVE-2022-21863

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21863

49

Microsoft Windows 权限许可和访问控制问题漏洞

CNNVD-202201-822

CVE-2022-21862

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21862

50

Microsoft Windows 权限许可和访问控制问题漏洞

CNNVD-202201-823

CVE-2022-21865

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21865

51

Microsoft Windows 权限许可和访问控制问题漏洞

CNNVD-202201-824

CVE-2022-21866

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21866

52

Microsoft Windows 权限许可和访问控制问题漏洞

CNNVD-202201-825

CVE-2022-21860

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21860

53

Microsoft Windows权限许可和访问控制问题漏洞

CNNVD-202201-826

CVE-2022-21861

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21861

54

Microsoft Windows 安全漏洞

CNNVD-202201-827

CVE-2022-21852

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21852

55

Microsoft Windows 权限许可和访问控制问题漏洞

CNNVD-202201-828

CVE-2022-21859

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21859

56

Microsoft Dynamics 365和Microsoft Dynamics 跨站脚本漏洞

CNNVD-202201-829

CVE-2022-21932

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21932

57

Microsoft Windows权限许可和访问控制问题漏洞

CNNVD-202201-830

CVE-2022-21858

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21858

58

Microsoft Windows Virtual Machine权限许可和访问控制问题漏洞

CNNVD-202201-831

CVE-2022-21833

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21833

59

Microsoft Windows 权限许可和访问控制问题漏洞

CNNVD-202201-832

CVE-2022-21834

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21834

60

Microsoft Windows Codecs Library代码注入漏洞

CNNVD-202201-833

CVE-2022-21917

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21917

61

Windows Cryptographic Services 权限许可和访问控制问题漏洞

CNNVD-202201-834

CVE-2022-21835

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21835

62

Microsoft Windows Active Directory权限许可和访问控制问题漏洞

CNNVD-202201-835

CVE-2022-21857

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21857

63

Microsoft Windows 安全漏洞

CNNVD-202201-837

CVE-2022-21836

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21836

64

Microsoft Dynamics 安全漏洞

CNNVD-202201-841

CVE-2022-21891

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21891

65

Microsoft Windows 缓冲区错误漏洞

CNNVD-202201-843

CVE-2022-21851

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21851

66

Microsoft Windows 缓冲区错误漏洞

CNNVD-202201-854

CVE-2022-21850

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21850

67

Microsoft Windows 安全漏洞

CNNVD-202201-858

CVE-2022-21843

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21843

68

Microsoft Windows安全漏洞

CNNVD-202201-859

CVE-2022-21848

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21848

69

Microsoft Office和Microsoft SharePoint 安全漏洞

CNNVD-202112-1433

CVE-2021-43876

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43876

70

Microsoft Windows Remote Procedure Call Runtime信息泄露漏洞

CNNVD-202201-758

CVE-2022-21964

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21964

71

多款Microsoft产品安全漏洞

CNNVD-202201-759

CVE-2022-21961

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21961

72

Microsoft Windows安全漏洞

CNNVD-202201-760

CVE-2022-21960

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21960

73

多款Microsoft产品安全漏洞

CNNVD-202201-761

CVE-2022-21959

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21959

74

多款Microsoft产品安全漏洞

CNNVD-202201-762

CVE-2022-21962

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21962

75

多款Microsoft产品安全漏洞

CNNVD-202201-763

CVE-2022-21963

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21963

76

多款Microsoft产品安全漏洞

CNNVD-202201-765

CVE-2022-21958

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21958

77

Microsoft Windows安全漏洞

CNNVD-202201-766

CVE-2022-21928

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21928

78

Microsoft Windows特征问题漏洞

CNNVD-202201-767

CVE-2022-21925

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21925

79

Microsoft Windows Workstation特征问题漏洞

CNNVD-202201-768

CVE-2022-21924

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21924

80

多款Microsoft产品安全漏洞

CNNVD-202201-770

CVE-2022-21918

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21918

81

多款Microsoft产品安全漏洞

CNNVD-202201-771

CVE-2022-21915

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21915

82

Microsoft Windows Defender特征问题漏洞

CNNVD-202201-772

CVE-2022-21921

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21921

83

Microsoft Windows Local Security Authority Subsystem Service 特征问题漏洞

CNNVD-202201-777

CVE-2022-21913

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21913

84

Microsoft Windows Defender特征问题漏洞

CNNVD-202201-780

CVE-2022-21906

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21906

85

Microsoft Hyper-V 特征问题漏洞

CNNVD-202201-783

CVE-2022-21905

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21905

86

Microsoft Windows 特征问题漏洞

CNNVD-202201-792

CVE-2022-21899

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21899

87

Microsoft Hyper-V 特征问题漏洞

CNNVD-202201-793

CVE-2022-21900

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21900

88

Microsoft Windows 特征问题漏洞

CNNVD-202201-794

CVE-2022-21894

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21894

89

Microsoft Windows 安全漏洞

CNNVD-202201-796

CVE-2022-21892

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21892

90

Microsoft Windows Kernel输入验证错误漏洞

CNNVD-202201-807

CVE-2022-21879

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21879

91

Microsoft Windows 信息泄露漏洞

CNNVD-202201-809

CVE-2022-21877

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21877

92

多款Microsoft产品安全漏洞

CNNVD-202201-813

CVE-2022-21876

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21876

93

Microsoft Windows 权限许可和访问控制问题漏洞

CNNVD-202201-836

CVE-2022-21838

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21838

94

Microsoft Windows Event Tracing 输入验证错误漏洞

CNNVD-202201-838

CVE-2022-21839

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21839

95

Microsoft Hyper-V 输入验证错误漏洞

CNNVD-202201-861

CVE-2022-21847

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21847

96

Microsoft Edge 跨站脚本漏洞

CNNVD-202201-401

CVE-2022-21930

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21930

97

Microsoft Edge 跨站脚本漏洞

CNNVD-202201-403

CVE-2022-21931

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21931

98

Microsoft Edge 跨站脚本漏洞

CNNVD-202201-404

CVE-2022-21954

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21954

99

Microsoft Edge 跨站脚本漏洞

CNNVD-202201-405

CVE-2022-21929

低危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21929

三、修复建议

目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:

https://msrc.microsoft.com/update-guide/en-us

CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn

声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。