近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞86个,影响到微软产品的其他厂商漏洞3个。包括Microsoft Windows 权限许可和访问控制问题漏洞(CNNVD-202207-1061、CVE-2022-22022)、Microsoft Windows Fax Service 输入验证错误漏洞(CNNVD-202207-1096、CVE-2022-22024)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2022年7月12日,微软发布了2022年7月份安全更新,共89个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Visual Studio、Microsoft Windows Shell、Microsoft Graphics Component、 Microsoft Azure、Microsoft Internet Information Services等。CNNVD对其危害等级进行了评价,其中高危漏洞40个,中危漏洞47个,低危漏洞2个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问
https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。
二、漏洞详情
此次更新共包括82个新增漏洞的补丁程序,其中高危漏洞38个,中危漏洞44个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Windows 权限许可和访问控制问题漏洞 | CNNVD-202207-1061 | CVE-2022-22022 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22022 |
2 | Microsoft Windows Fax Service 输入验证错误漏洞 | CNNVD-202207-1096 | CVE-2022-22024 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22024 |
3 | Microsoft Internet Information Services 输入验证错误漏洞 | CNNVD-202206-904 | CVE-2022-22025 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22025 |
4 | Microsoft Windows 权限许可和访问控制问题漏洞 | CNNVD-202207-1021 | CVE-2022-22026 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22026 |
5 | Microsoft Windows Fax Service 输入验证错误漏洞 | CNNVD-202207-1023 | CVE-2022-22027 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22027 |
6 | Microsoft Windows NFS 输入验证错误漏洞 | CNNVD-202207-1029 | CVE-2022-22029 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22029 |
7 | Microsoft Windows Credential Guard 权限许可和访问控制问题漏洞 | CNNVD-202207-1030 | CVE-2022-22031 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22031 |
8 | Microsoft Graphics Component 权限许可和访问控制问题漏洞 | CNNVD-202207-1017 | CVE-2022-22034 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22034 |
9 | Microsoft Windows 权限许可和访问控制问题漏洞 | CNNVD-202207-996 | CVE-2022-22036 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22036 |
10 | Microsoft Windows 权限许可和访问控制问题漏洞 | CNNVD-202207-976 | CVE-2022-22037 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22037 |
11 | Microsoft Azure Site Recovery 输入验证错误漏洞 | CNNVD-202207-966 | CVE-2022-22038 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22038 |
12 | Microsoft Windows NFS 输入验证错误漏洞 | CNNVD-202207-949 | CVE-2022-22039 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22039 |
13 | Microsoft Internet Information Services 输入验证错误漏洞 | CNNVD-202207-938 | CVE-2022-22040 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22040 |
14 | Microsoft Windows Fast FAT Driver 权限许可和访问控制问题漏洞 | CNNVD-202207-910 | CVE-2022-22043 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22043 |
15 | Microsoft Windows Media Player 权限许可和访问控制问题漏洞 | CNNVD-202207-900 | CVE-2022-22045 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22045 |
16 | Microsoft Windows 缓冲区错误漏洞 | CNNVD-202207-898 | CVE-2022-22047 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22047 |
17 | Microsoft Windows 权限许可和访问控制问题漏洞 | CNNVD-202207-897 | CVE-2022-22049 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22049 |
18 | Microsoft Windows Fax Service 权限许可和访问控制问题漏洞 | CNNVD-202207-894 | CVE-2022-22050 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22050 |
19 | Microsoft Windows 权限许可和访问控制问题漏洞 | CNNVD-202207-889 | CVE-2022-30202 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30202 |
20 | Microsoft Windows 安全特征问题漏洞 | CNNVD-202207-888 | CVE-2022-30203 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30203 |
21 | Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 | CNNVD-202207-885 | CVE-2022-30206 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30206 |
22 | Microsoft Internet Information Services 权限许可和访问控制问题漏洞 | CNNVD-202207-906 | CVE-2022-30209 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30209 |
23 | Microsoft Windows Point-to-Point Tunneling Protocol 输入验证错误漏洞 | CNNVD-202207-887 | CVE-2022-30211 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30211 |
24 | Microsoft Windows Active Directory 权限许可和访问控制问题漏洞 | CNNVD-202207-972 | CVE-2022-30215 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30215 |
25 | Microsoft Windows Server 输入验证错误漏洞 | CNNVD-202207-879 | CVE-2022-30216 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30216 |
26 | Microsoft Windows 权限许可和访问控制问题漏洞 | CNNVD-202207-880 | CVE-2022-30220 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30220 |
27 | Microsoft Graphics Component 输入验证错误漏洞 | CNNVD-202207-878 | CVE-2022-30221 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30221 |
28 | Microsoft Windows Shell 输入验证错误漏洞 | CNNVD-202207-877 | CVE-2022-30222 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30222 |
29 | Microsoft Windows 权限许可和访问控制问题漏洞 | CNNVD-202207-893 | CVE-2022-30224 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30224 |
30 | Microsoft Windows Media Player 权限许可和访问控制问题漏洞 | CNNVD-202207-875 | CVE-2022-30225 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30225 |
31 | Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 | CNNVD-202207-873 | CVE-2022-30226 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30226 |
32 | Microsoft Skype for Business Server and Lync Server 输入验证错误漏洞 | CNNVD-202207-867 | CVE-2022-33633 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33633 |
33 | Microsoft XBox 权限许可和访问控制问题漏洞 | CNNVD-202207-870 | CVE-2022-33644 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33644 |
34 | Microsoft Azure 权限许可和访问控制问题漏洞 | CNNVD-202207-973 | CVE-2022-33674 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33674 |
35 | Microsoft Azure Site Recovery 权限许可和访问控制问题漏洞 | CNNVD-202207-969 | CVE-2022-33675 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33675 |
36 | Microsoft Azure 输入验证错误漏洞 | CNNVD-202207-971 | CVE-2022-33676 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33676 |
37 | Microsoft Azure Site Recovery 权限许可和访问控制问题漏洞 | CNNVD-202207-968 | CVE-2022-33677 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33677 |
38 | Microsoft Azure Site Recovery 权限许可和访问控制问题漏洞 | CNNVD-202207-967 | CVE-2022-33678 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33678 |
39 | Microsoft Windows Kernel 信息泄露漏洞 | CNNVD-202207-1010 | CVE-2022-21845 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21845 |
40 | Microsoft Windows 安全特征问题漏洞 | CNNVD-202207-1093 | CVE-2022-22023 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22023 |
41 | Microsoft Windows NFS 信息泄露漏洞 | CNNVD-202207-1032 | CVE-2022-22028 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22028 |
42 | Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 | CNNVD-202207-930 | CVE-2022-22041 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22041 |
43 | Microsoft Hyper-V 信息泄露漏洞 | CNNVD-202207-921 | CVE-2022-22042 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22042 |
44 | Microsoft Windows BitLocker 安全特征问题漏洞 | CNNVD-202207-899 | CVE-2022-22048 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22048 |
45 | Microsoft Windows BitLocker 信息泄露漏洞 | CNNVD-202207-896 | CVE-2022-22711 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22711 |
46 | Microsoft Azure Site Recovery 信息泄露漏洞 | CNNVD-202204-3222 | CVE-2022-26896 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26896 |
47 | Microsoft Azure 权限许可和访问控制问题漏洞 | CNNVD-202207-1008 | CVE-2022-30181 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30181 |
48 | Microsoft Azure 信息泄露漏洞 | CNNVD-202207-1024 | CVE-2022-30187 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30187 |
49 | Microsoft Windows 权限许可和访问控制问题漏洞 | CNNVD-202207-886 | CVE-2022-30205 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30205 |
50 | Microsoft Windows Security Account Manager 输入验证错误漏洞 | CNNVD-202207-883 | CVE-2022-30208 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30208 |
51 | Microsoft Windows 竞争条件问题漏洞 | CNNVD-202207-884 | CVE-2022-30212 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30212 |
52 | Microsoft Graphics Component 信息泄露漏洞 | CNNVD-202207-882 | CVE-2022-30213 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30213 |
53 | Microsoft DNS Server 竞争条件问题漏洞 | CNNVD-202207-881 | CVE-2022-30214 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30214 |
54 | Microsoft Hyper-V 信息泄露漏洞 | CNNVD-202207-876 | CVE-2022-30223 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30223 |
55 | Microsoft Office 安全特征问题漏洞 | CNNVD-202207-868 | CVE-2022-33632 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33632 |
56 | Microsoft Defender 输入验证错误漏洞 | CNNVD-202207-1015 | CVE-2022-33637 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33637 |
57 | Microsoft Azure 权限许可和访问控制问题漏洞 | CNNVD-202207-1007 | CVE-2022-33641 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33641 |
58 | Microsoft Azure 权限许可和访问控制问题漏洞 | CNNVD-202207-1004 | CVE-2022-33642 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33642 |
59 | Microsoft Azure 权限许可和访问控制问题漏洞 | CNNVD-202207-1003 | CVE-2022-33643 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33643 |
60 | Microsoft Azure Site Recovery 权限许可和访问控制问题漏洞 | CNNVD-202207-960 | CVE-2022-33650 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33650 |
61 | Microsoft Azure Site Recovery 权限许可和访问控制问题漏洞 | CNNVD-202207-959 | CVE-2022-33651 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33651 |
62 | Microsoft Azure Site Recovery 权限许可和访问控制问题漏洞 | CNNVD-202207-957 | CVE-2022-33652 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33652 |
63 | Microsoft Azure Site Recovery 权限许可和访问控制问题漏洞 | CNNVD-202207-955 | CVE-2022-33653 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33653 |
64 | Microsoft Azure Site Recovery 权限许可和访问控制问题漏洞 | CNNVD-202207-954 | CVE-2022-33654 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33654 |
65 | Microsoft Azure 权限许可和访问控制问题漏洞 | CNNVD-202207-951 | CVE-2022-33655 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33655 |
66 | Microsoft Azure Site Recovery 权限许可和访问控制问题漏洞 | CNNVD-202207-948 | CVE-2022-33656 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33656 |
67 | Microsoft Azure Site Recovery 权限许可和访问控制问题漏洞 | CNNVD-202207-1012 | CVE-2022-33657 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33657 |
68 | Microsoft Azure Site Recovery 权限许可和访问控制问题漏洞 | CNNVD-202207-963 | CVE-2022-33658 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33658 |
69 | Microsoft Azure 权限许可和访问控制问题漏洞 | CNNVD-202207-1001 | CVE-2022-33659 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33659 |
70 | Microsoft Azure 权限许可和访问控制问题漏洞 | CNNVD-202207-998 | CVE-2022-33660 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33660 |
71 | Microsoft Azure 权限许可和访问控制问题漏洞 | CNNVD-202207-995 | CVE-2022-33661 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33661 |
72 | Microsoft Azure 权限许可和访问控制问题漏洞 | CNNVD-202207-999 | CVE-2022-33662 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33662 |
73 | Microsoft Azure Site Recovery 权限许可和访问控制问题漏洞 | CNNVD-202207-990 | CVE-2022-33663 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33663 |
74 | Microsoft Azure Site Recovery 权限许可和访问控制问题漏洞 | CNNVD-202207-987 | CVE-2022-33664 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33664 |
75 | Microsoft Azure 权限许可和访问控制问题漏洞 | CNNVD-202207-989 | CVE-2022-33665 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33665 |
76 | Microsoft Azure 权限许可和访问控制问题漏洞 | CNNVD-202207-983 | CVE-2022-33666 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33666 |
77 | Microsoft Azure 权限许可和访问控制问题漏洞 | CNNVD-202207-981 | CVE-2022-33667 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33667 |
78 | Microsoft Azure Site Recovery 权限许可和访问控制问题漏洞 | CNNVD-202207-965 | CVE-2022-33668 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33668 |
79 | Microsoft Azure Site Recovery 权限许可和访问控制问题漏洞 | CNNVD-202207-979 | CVE-2022-33669 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33669 |
80 | Microsoft Azure Site Recovery 权限许可和访问控制问题漏洞 | CNNVD-202207-977 | CVE-2022-33671 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33671 |
81 | Microsoft Azure Site Recovery 权限许可和访问控制问题漏洞 | CNNVD-202207-975 | CVE-2022-33672 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33672 |
82 | Microsoft Azure 权限许可和访问控制问题漏洞 | CNNVD-202207-974 | CVE-2022-33673 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33673 |
此次更新共包括4个更新漏洞的补丁程序,其中高危漏洞2个,中危漏洞2个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Windows Digital TV Tuner 权限许可和访问控制问题漏洞 | CNNVD-202112-1141 | CVE-2021-43245 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43245 |
2 | Microsoft Graphics Component 信息泄露漏洞 | CNNVD-202205-2784 | CVE-2022-26934 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26934 |
3 | Microsoft Visual Studio 安全漏洞 | CNNVD-202204-3059 | CVE-2022-24513 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24513 |
4 | Azure Site Recovery 信息泄露漏洞 | CNNVD-202204-3222 | CVE-2022-26896 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26896 |
此次更新共包括3个影响微软产品的其他厂商漏洞的补丁程序,其中中危漏洞1个,低危漏洞2个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
1 | curl 信息泄露漏洞 | CNNVD-202204-4522 | CVE-2022-27776 | 中危 | Haxx | https://curl.se/docs/CVE-2022-27776.html |
2 | 多款AMD处理器安全漏洞 | CNNVD-202207-892 | CVE-2022-23816 | 低危 | AMD | https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037 |
3 | 多款AMD处理器安全漏洞 | CNNVD-202207-891 | CVE-2022-23825 | 低危 | AMD | https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037 |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn
声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。
