近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞158个,影响到微软产品的其他厂商漏洞5个。微软Microsoft Windows、Microsoft Line Printer Daemon Service、Microsoft Internet Explorer、Microsoft Windows BitLocker等多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、漏洞介绍
2025年1月14日,微软发布了2025年1月份安全更新,共163个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Line Printer Daemon Service、Microsoft Internet Explorer、Microsoft Windows BitLocker、Microsoft Windows Security Account Manager、Microsoft Brokering File System等。CNNVD对其危害等级进行了评价,其中超危漏洞3个,高危漏洞99个,中危漏洞60个,低危漏洞1个。
微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:
https://portal.msrc.microsoft.com/zh-cn/security-guidance
二、漏洞详情
此次更新共163个漏洞的补丁程序,包括157个新增漏洞的补丁程序、1个更新漏洞的补丁程序和5个影响微软产品的其他厂商漏洞的补丁程序。
此次更新共包括157个新增漏洞的补丁程序,其中超危漏洞3个,高危漏洞95个,中危漏洞58个,低危漏洞1个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft OLE 资源管理错误漏洞 | CNNVD-202501-1944 | CVE-2025-21298 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21298 |
2 | Microsoft Windows 资源管理错误漏洞 | CNNVD-202501-1953 | CVE-2025-21307 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21307 |
3 | Microsoft NTLM 安全漏洞 | CNNVD-202501-1957 | CVE-2025-21311 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21311 |
4 | Microsoft .NET 安全漏洞 | CNNVD-202501-1853 | CVE-2025-21171 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21171 |
5 | Microsoft Visual Studio和Microsoft .NET 安全漏洞 | CNNVD-202501-1856 | CVE-2025-21172 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172 |
6 | Microsoft .NET 安全漏洞 | CNNVD-202501-1859 | CVE-2025-21173 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173 |
7 | Microsoft .NET、Microsoft .NET Framework和Microsoft Visual Studio 安全漏洞 | CNNVD-202501-1860 | CVE-2025-21176 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176 |
8 | Microsoft Visual Studio 安全漏洞 | CNNVD-202501-1862 | CVE-2025-21178 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21178 |
9 | Microsoft Office Access 安全漏洞 | CNNVD-202501-1857 | CVE-2025-21186 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21186 |
10 | Microsoft Power Automate 代码注入漏洞 | CNNVD-202501-1858 | CVE-2025-21187 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21187 |
11 | Microsoft Windows 资源管理错误漏洞 | CNNVD-202501-1865 | CVE-2025-21207 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21207 |
12 | Microsoft Windows Kerberos 资源管理错误漏洞 | CNNVD-202501-1871 | CVE-2025-21218 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21218 |
13 | Microsoft Message Queuing 安全漏洞 | CNNVD-202501-1874 | CVE-2025-21220 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21220 |
14 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1875 | CVE-2025-21223 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21223 |
15 | Microsoft Line Printer Daemon Service 安全漏洞 | CNNVD-202501-1877 | CVE-2025-21224 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21224 |
16 | Microsoft Message Queuing 安全漏洞 | CNNVD-202501-1882 | CVE-2025-21230 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21230 |
17 | Microsoft IP Helper 资源管理错误漏洞 | CNNVD-202501-1884 | CVE-2025-21231 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21231 |
18 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1885 | CVE-2025-21233 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21233 |
19 | Microsoft Windows PrintWorkflowUserSvc 输入验证错误漏洞 | CNNVD-202501-1886 | CVE-2025-21234 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21234 |
20 | Microsoft Windows PrintWorkflowUserSvc 输入验证错误漏洞 | CNNVD-202501-1887 | CVE-2025-21235 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21235 |
21 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1888 | CVE-2025-21236 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21236 |
22 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1889 | CVE-2025-21237 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21237 |
23 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1891 | CVE-2025-21238 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21238 |
24 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1890 | CVE-2025-21239 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21239 |
25 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1892 | CVE-2025-21240 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21240 |
26 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1897 | CVE-2025-21241 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21241 |
27 | Microsoft Windows Telephony Server 输入验证错误漏洞 | CNNVD-202501-1896 | CVE-2025-21243 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21243 |
28 | Microsoft Windows Telephony Server 输入验证错误漏洞 | CNNVD-202501-1893 | CVE-2025-21244 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21244 |
29 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1895 | CVE-2025-21245 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21245 |
30 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1898 | CVE-2025-21246 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21246 |
31 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1899 | CVE-2025-21248 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21248 |
32 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1905 | CVE-2025-21250 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21250 |
33 | Microsoft Message Queuing 资源管理错误漏洞 | CNNVD-202501-1903 | CVE-2025-21251 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21251 |
34 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1904 | CVE-2025-21252 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21252 |
35 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1911 | CVE-2025-21266 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21266 |
36 | Microsoft Message Queuing 资源管理错误漏洞 | CNNVD-202501-1915 | CVE-2025-21270 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21270 |
37 | Microsoft Windows Cloud Files Mini Filter Driver 安全漏洞 | CNNVD-202501-1916 | CVE-2025-21271 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21271 |
38 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1918 | CVE-2025-21273 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21273 |
39 | Microsoft Windows Installer 授权问题漏洞 | CNNVD-202501-1919 | CVE-2025-21275 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21275 |
40 | Microsoft MapUrlToZone 安全漏洞 | CNNVD-202501-1921 | CVE-2025-21276 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21276 |
41 | Microsoft Message Queuing 安全漏洞 | CNNVD-202501-1922 | CVE-2025-21277 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21277 |
42 | Microsoft Windows COM 资源管理错误漏洞 | CNNVD-202501-1925 | CVE-2025-21281 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21281 |
43 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1926 | CVE-2025-21282 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21282 |
44 | Microsoft Message Queuing 代码问题漏洞 | CNNVD-202501-1928 | CVE-2025-21285 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21285 |
45 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1929 | CVE-2025-21286 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21286 |
46 | Microsoft Windows Installer 安全漏洞 | CNNVD-202501-1931 | CVE-2025-21287 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21287 |
47 | Microsoft Message Queuing 资源管理错误漏洞 | CNNVD-202501-1934 | CVE-2025-21289 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21289 |
48 | Microsoft Message Queuing 资源管理错误漏洞 | CNNVD-202501-1932 | CVE-2025-21290 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21290 |
49 | Microsoft Directx 资源管理错误漏洞 | CNNVD-202501-1933 | CVE-2025-21291 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21291 |
50 | Microsoft Windows 代码注入漏洞 | CNNVD-202501-1936 | CVE-2025-21292 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21292 |
51 | Microsoft Active Directory Domain Services 访问控制错误漏洞 | CNNVD-202501-1938 | CVE-2025-21293 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21293 |
52 | Microsoft Digest Authentication 安全漏洞 | CNNVD-202501-1940 | CVE-2025-21294 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21294 |
53 | Microsoft SPNEGO Extended Negotiation 资源管理错误漏洞 | CNNVD-202501-1941 | CVE-2025-21295 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21295 |
54 | Microsoft BranchCache 资源管理错误漏洞 | CNNVD-202501-1945 | CVE-2025-21296 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21296 |
55 | Microsoft Windows Remote Desktop Services 资源管理错误漏洞 | CNNVD-202501-1942 | CVE-2025-21297 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21297 |
56 | Microsoft Windows Kerberos 安全漏洞 | CNNVD-202501-1943 | CVE-2025-21299 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21299 |
57 | Microsoft Windows 资源管理错误漏洞 | CNNVD-202501-1946 | CVE-2025-21300 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21300 |
58 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1948 | CVE-2025-21302 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21302 |
59 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1950 | CVE-2025-21303 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21303 |
60 | Microsoft DWM Core Library 资源管理错误漏洞 | CNNVD-202501-1949 | CVE-2025-21304 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21304 |
61 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1952 | CVE-2025-21305 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21305 |
62 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1951 | CVE-2025-21306 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21306 |
63 | Microsoft Windows Remote Desktop Services 安全漏洞 | CNNVD-202501-1955 | CVE-2025-21309 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21309 |
64 | Microsoft Brokering File System 资源管理错误漏洞 | CNNVD-202501-1961 | CVE-2025-21315 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21315 |
65 | Microsoft Internet Explorer 安全漏洞 | CNNVD-202501-1970 | CVE-2025-21326 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21326 |
66 | Microsoft Windows Remote Desktop Services 资源管理错误漏洞 | CNNVD-202501-1974 | CVE-2025-21330 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21330 |
67 | Microsoft Windows Installer 后置链接漏洞 | CNNVD-202501-1975 | CVE-2025-21331 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21331 |
68 | Microsoft Hyper-V 安全漏洞 | CNNVD-202501-1977 | CVE-2025-21333 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21333 |
69 | Microsoft Windows 资源管理错误漏洞 | CNNVD-202501-1978 | CVE-2025-21334 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21334 |
70 | Microsoft Hyper-V 资源管理错误漏洞 | CNNVD-202501-1979 | CVE-2025-21335 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21335 |
71 | Microsoft Windows GDI+ 输入验证错误漏洞 | CNNVD-202501-1980 | CVE-2025-21338 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21338 |
72 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1983 | CVE-2025-21339 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21339 |
73 | Microsoft Windows 安全漏洞 | CNNVD-202501-1985 | CVE-2025-21343 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21343 |
74 | Microsoft SharePoint 输入验证错误漏洞 | CNNVD-202501-1986 | CVE-2025-21344 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21344 |
75 | Microsoft Office Visio 资源管理错误漏洞 | CNNVD-202501-1987 | CVE-2025-21345 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21345 |
76 | Microsoft Office 安全漏洞 | CNNVD-202501-1988 | CVE-2025-21346 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21346 |
77 | Microsoft SharePoint 授权问题漏洞 | CNNVD-202501-1989 | CVE-2025-21348 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21348 |
78 | Microsoft Excel 安全漏洞 | CNNVD-202501-1990 | CVE-2025-21354 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21354 |
79 | Microsoft Office Visio 安全漏洞 | CNNVD-202501-1991 | CVE-2025-21356 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21356 |
80 | Microsoft AutoUpdate for Mac 安全漏洞 | CNNVD-202501-1992 | CVE-2025-21360 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21360 |
81 | Microsoft Outlook 安全漏洞 | CNNVD-202501-1995 | CVE-2025-21361 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21361 |
82 | Microsoft Excel 资源管理错误漏洞 | CNNVD-202501-1994 | CVE-2025-21362 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21362 |
83 | Microsoft Word 安全漏洞 | CNNVD-202501-1996 | CVE-2025-21363 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21363 |
84 | Microsoft Excel 代码问题漏洞 | CNNVD-202501-1998 | CVE-2025-21364 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21364 |
85 | Microsoft Office 代码问题漏洞 | CNNVD-202501-1997 | CVE-2025-21365 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21365 |
86 | Microsoft Office 资源管理错误漏洞 | CNNVD-202501-1999 | CVE-2025-21366 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21366 |
87 | Microsoft Windows Virtualization-Based Security Enclave 输入验证错误漏洞 | CNNVD-202501-2000 | CVE-2025-21370 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21370 |
88 | Microsoft Brokering File System 资源管理错误漏洞 | CNNVD-202501-2001 | CVE-2025-21372 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21372 |
89 | Microsoft Windows 安全漏洞 | CNNVD-202501-2003 | CVE-2025-21378 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21378 |
90 | Microsoft Graphics Component 安全漏洞 | CNNVD-202501-2005 | CVE-2025-21382 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21382 |
91 | Microsoft Windows UPnP 资源管理错误漏洞 | CNNVD-202501-2006 | CVE-2025-21389 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21389 |
92 | Microsoft Office Access 安全漏洞 | CNNVD-202501-2007 | CVE-2025-21395 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21395 |
93 | Microsoft Office 安全漏洞 | CNNVD-202501-2008 | CVE-2025-21402 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21402 |
94 | Microsoft Visual Studio 访问控制错误漏洞 | CNNVD-202501-2011 | CVE-2025-21405 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21405 |
95 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-2010 | CVE-2025-21409 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21409 |
96 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1937 | CVE-2025-21411 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21411 |
97 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-1939 | CVE-2025-21413 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21413 |
98 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202501-2012 | CVE-2025-21417 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21417 |
99 | Microsoft MapUrlToZone 安全漏洞 | CNNVD-202501-1861 | CVE-2025-21189 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21189 |
100 | Microsoft Active Directory Federation Services 跨站请求伪造漏洞 | CNNVD-202501-1863 | CVE-2025-21193 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21193 |
101 | Microsoft Windows 访问控制错误漏洞 | CNNVD-202501-1864 | CVE-2025-21202 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21202 |
102 | Microsoft Windows BitLocker 安全漏洞 | CNNVD-202501-1866 | CVE-2025-21210 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21210 |
103 | Microsoft Windows Secure Boot 安全漏洞 | CNNVD-202501-1867 | CVE-2025-21211 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21211 |
104 | Microsoft Windows BitLocker 访问控制错误漏洞 | CNNVD-202501-1869 | CVE-2025-21213 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21213 |
105 | Microsoft Windows BitLocker 信息泄露漏洞 | CNNVD-202501-1868 | CVE-2025-21214 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21214 |
106 | Microsoft Windows Secure Boot 缓冲区错误漏洞 | CNNVD-202501-1872 | CVE-2025-21215 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21215 |
107 | Microsoft Windows 安全漏洞 | CNNVD-202501-1873 | CVE-2025-21217 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21217 |
108 | Microsoft MapUrlToZone 安全漏洞 | CNNVD-202501-1870 | CVE-2025-21219 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21219 |
109 | Microsoft Windows Remote Desktop Services 安全漏洞 | CNNVD-202501-1876 | CVE-2025-21225 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21225 |
110 | Microsoft Windows 缓冲区错误漏洞 | CNNVD-202501-1878 | CVE-2025-21226 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21226 |
111 | Microsoft Windows 缓冲区错误漏洞 | CNNVD-202501-1881 | CVE-2025-21227 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21227 |
112 | Microsoft Windows Digital Media 缓冲区错误漏洞 | CNNVD-202501-1879 | CVE-2025-21228 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21228 |
113 | Microsoft Windows 缓冲区错误漏洞 | CNNVD-202501-1880 | CVE-2025-21229 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21229 |
114 | Microsoft Windows 缓冲区错误漏洞 | CNNVD-202501-1883 | CVE-2025-21232 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21232 |
115 | Microsoft Windows Kerberos 信息泄露漏洞 | CNNVD-202501-1894 | CVE-2025-21242 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21242 |
116 | Microsoft Windows 缓冲区错误漏洞 | CNNVD-202501-1900 | CVE-2025-21249 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21249 |
117 | Microsoft Windows 缓冲区错误漏洞 | CNNVD-202501-1901 | CVE-2025-21255 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21255 |
118 | Microsoft Windows 安全漏洞 | CNNVD-202501-1902 | CVE-2025-21256 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21256 |
119 | Microsoft Windows WLAN AutoConfig Service 缓冲区错误漏洞 | CNNVD-202501-1907 | CVE-2025-21257 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21257 |
120 | Microsoft Windows Digital Media 缓冲区错误漏洞 | CNNVD-202501-1906 | CVE-2025-21258 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21258 |
121 | Microsoft Windows 缓冲区错误漏洞 | CNNVD-202501-1908 | CVE-2025-21260 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21260 |
122 | Microsoft Windows Digital Media 缓冲区错误漏洞 | CNNVD-202501-1909 | CVE-2025-21261 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21261 |
123 | Microsoft Windows 缓冲区错误漏洞 | CNNVD-202501-1910 | CVE-2025-21263 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21263 |
124 | Microsoft Windows 缓冲区错误漏洞 | CNNVD-202501-1912 | CVE-2025-21265 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21265 |
125 | Microsoft MapUrlToZone 安全漏洞 | CNNVD-202501-1913 | CVE-2025-21268 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21268 |
126 | Microsoft MapUrlToZone 安全漏洞 | CNNVD-202501-1914 | CVE-2025-21269 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21269 |
127 | Microsoft Windows COM 安全漏洞 | CNNVD-202501-1917 | CVE-2025-21272 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21272 |
128 | Microsoft Windows Event Tracing 后置链接漏洞 | CNNVD-202501-1920 | CVE-2025-21274 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21274 |
129 | Microsoft Windows Remote Desktop Services 竞争条件问题漏洞 | CNNVD-202501-1923 | CVE-2025-21278 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21278 |
130 | Microsoft Windows 输入验证错误漏洞 | CNNVD-202501-1924 | CVE-2025-21280 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21280 |
131 | Microsoft Windows Virtual Trusted Platform Module 输入验证错误漏洞 | CNNVD-202501-1927 | CVE-2025-21284 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21284 |
132 | Microsoft Windows COM 安全漏洞 | CNNVD-202501-1930 | CVE-2025-21288 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21288 |
133 | Microsoft Windows Geolocation Service 访问控制错误漏洞 | CNNVD-202501-1947 | CVE-2025-21301 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21301 |
134 | Microsoft Windows 信息泄露漏洞 | CNNVD-202501-1954 | CVE-2025-21308 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21308 |
135 | Microsoft Windows 缓冲区错误漏洞 | CNNVD-202501-1956 | CVE-2025-21310 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21310 |
136 | Microsoft Windows Security Account Manager 安全漏洞 | CNNVD-202501-1959 | CVE-2025-21313 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21313 |
137 | Microsoft SmartScreen 安全漏洞 | CNNVD-202501-1960 | CVE-2025-21314 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21314 |
138 | Microsoft Windows Kernel 日志信息泄露漏洞 | CNNVD-202501-1962 | CVE-2025-21316 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21316 |
139 | Microsoft Windows Kernel 日志信息泄露漏洞 | CNNVD-202501-1963 | CVE-2025-21317 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21317 |
140 | Microsoft Windows Kernel 日志信息泄露漏洞 | CNNVD-202501-1964 | CVE-2025-21318 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21318 |
141 | Microsoft Windows Kernel 日志信息泄露漏洞 | CNNVD-202501-1965 | CVE-2025-21319 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21319 |
142 | Microsoft Windows Kernel 日志信息泄露漏洞 | CNNVD-202501-1967 | CVE-2025-21320 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21320 |
143 | Microsoft Windows Kernel 日志信息泄露漏洞 | CNNVD-202501-1966 | CVE-2025-21321 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21321 |
144 | Microsoft Windows Kernel 日志信息泄露漏洞 | CNNVD-202501-1968 | CVE-2025-21323 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21323 |
145 | Microsoft Windows Digital Media 缓冲区错误漏洞 | CNNVD-202501-1969 | CVE-2025-21324 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21324 |
146 | Microsoft Windows 缓冲区错误漏洞 | CNNVD-202501-1972 | CVE-2025-21327 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21327 |
147 | Microsoft Windows 安全漏洞 | CNNVD-202501-1971 | CVE-2025-21328 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21328 |
148 | Microsoft Windows 安全漏洞 | CNNVD-202501-1973 | CVE-2025-21329 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21329 |
149 | Microsoft MapUrlToZone 安全漏洞 | CNNVD-202501-1976 | CVE-2025-21332 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21332 |
150 | Microsoft Windows Cryptographic Services 安全漏洞 | CNNVD-202501-1981 | CVE-2025-21336 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21336 |
151 | Microsoft Windows Virtualization-Based Security Enclave 访问控制错误漏洞 | CNNVD-202501-1982 | CVE-2025-21340 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21340 |
152 | Microsoft Windows 缓冲区错误漏洞 | CNNVD-202501-1984 | CVE-2025-21341 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21341 |
153 | Microsoft Outlook 安全漏洞 | CNNVD-202501-1993 | CVE-2025-21357 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21357 |
154 | Microsoft Windows 缓冲区错误漏洞 | CNNVD-202501-2002 | CVE-2025-21374 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21374 |
155 | Microsoft SharePoint 跨站脚本漏洞 | CNNVD-202501-2004 | CVE-2025-21393 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21393 |
156 | Microsoft Azure 安全漏洞 | CNNVD-202501-2009 | CVE-2025-21403 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21403 |
157 | Microsoft Windows 安全漏洞 | CNNVD-202501-1958 | CVE-2025-21312 | 低危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21312 |
此次更新共包括1个更新漏洞的补丁程序,其中高危漏洞1个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Windows Remote Desktop Services 安全漏洞 | CNNVD-202412-1238 | CVE-2024-49120 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49120 |
此次更新共包括5个影响微软产品的其他厂商漏洞的补丁程序,其中高危漏洞3个,中危漏洞2个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
1 | Lua 缓冲区错误漏洞 | CNNVD-202304-620 | CVE-2021-45985 | 高危 | LUA团队 | https://www.lua.org/bugs.html#5.4.3-11 |
2 | Git Credential Manager 信息泄露漏洞 | CNNVD-202501-1935 | CVE-2024-50338 | 高危 | Git Ecosystem | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-50338 |
3 | Google Chrome 安全漏洞 | CNNVD-202501-896 | CVE-2025-0291 | 高危 | https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop.html | |
4 | AMD Processors 信息泄露漏洞 | CNNVD-202203-688 | CVE-2022-0001 | 中危 | AMD | https://ubuntu.com/security/notices/USN-5317-1 |
5 | Howyar UEFI Reloader 安全漏洞 | CNNVD-202501-1750 | CVE-2024-7344 | 中危 | Howyar | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7344 |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvd@itsec.gov.cn
声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。