一、漏洞概述
2月15日,绿盟科技CERT监测到微软发布2月安全更新补丁,修复了75个安全问题,涉及Microsoft Exchange Server、Microsoft Word、Windows Graphics Component、Microsoft Publisher等广泛使用的产品,其中包括权限提升、远程代码执行等高危漏洞类型。
本月微软月度更新修复的漏洞中,严重程度为关键(Critical)的漏洞有9个,重要(Important)漏洞有66个,其中包括3个0day漏洞:
Windows Graphics Component远程代码执行漏洞(CVE-2023-21823)
Microsoft Publisher 安全功能绕过漏洞(CVE-2023-21715)
Windows 通用日志文件系统驱动程序特权提升漏洞(CVE-2023-23376)
请相关用户尽快更新补丁进行防护,完整漏洞列表请参考附录。
绿盟远程安全评估系统(RSAS)已具备微软此次补丁更新中大部分漏洞的检测能力(包括CVE-2023-21823、CVE-2023-21715、CVE-2023-23376、CVE-2023-21689、CVE-2023-21690等高危漏洞),请相关用户关注绿盟远程安全评估系统插件升级包的更新,及时升级至 rsas-vulsys-V6.0R02F01.3004.dat,官网链接:http://update.nsfocus.com/update/listRsasDetail/v/vulsys
参考链接:
https://msrc.microsoft.com/update-guide/releaseNote/2023-Feb
二、重点漏洞简述
根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:
Windows Graphics Component远程代码执行漏洞(CVE-2023-21823):
由于Graphics Component中的应用程序未实行正确的安全限制,具有低权限的本地攻击者通过利用该漏洞绕过安全限制,从而在目标系统上提升至SYSTEM权限,且无需用户交互。目前已监测到该漏洞存在在野利用,CVSS评分为7.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823
Microsoft Publisher 安全功能绕过漏洞(CVE-2023-21715):
Microsoft Publisher 中存在安全功能绕过漏洞,攻击者通过诱导用户从网站下载并打开恶意文件,对目标系统进行攻击。成功利用该漏洞的攻击者可以绕过用于阻止不受信任或恶意文件的Office宏策略,进而允许恶意Publisher文档中的宏运行。目前已监测到该漏洞存在在野利用,CVSS评分为7.3。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21715
Windows 通用日志文件系统驱动程序特权提升漏洞(CVE-2023-23376):
Windows 通用日志文件系统驱动程序存在权限提升漏洞,由于Windows公共日志文件系统驱动程序中存在边界错误,本地攻击者通过运行恶意程序从而触发内存损坏,最终可实现在目标系统上以SYSTEM权限任意执行代码。目前已监测到该漏洞存在在野利用,CVSS评分7.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23376
Microsoft Protected Extensible Authentication Protocol (PEAP) 远程代码执行漏洞(CVE-2023-21689):
Microsoft PEAP存在远程代码执行漏洞(CVE-2023-21689)。未经身份验证的远程攻击者通过在网络调用服务器帐户上下文时触发恶意代码,最终导致在目标服务器上执行任意代码。CVSS评分9.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21689
Microsoft Protected Extensible Authentication Protocol (PEAP) 远程代码执行漏洞(CVE-2023-21689/CVE-2023-21690/CVE-2023-21692):
Microsoft PEAP存在远程代码执行漏洞(CVE-2023-21690/CVE-2023-21692)。未经身份验证的远程攻击者通过向目标服务器发送特制的恶意PEAP数据包攻击目标服务器,成功利用漏洞的攻击者可在目标系统上执行任意代码。CVSS评分均为9.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21690
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21692
Microsoft Word 远程执行代码漏洞(CVE-2023-21716):
Microsoft Word中存在远程代码执行漏洞,攻击者可通过发送包含RTF有效负载的恶意电子邮件,当成功诱导用户在受影响的系统访问并打开特制恶意文件后,无需身份验证的攻击者可利用该漏洞在目标系统上执行任意代码,且预览窗格也可作为该漏洞的攻击媒介。CVSS评分为9.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716
Microsoft Exchange Server远程代码执行漏洞(CVE-2023-21707/CVE-2023-21706/CVE-2023-21529):
Microsoft Exchange Server存在远程代码执行漏洞,经过身份验证的远程攻击者通过在网络调用服务器帐户上下文时触发恶意代码,最终导致在目标服务器上执行任意代码。CVSS评分8.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21707
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21706
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529
Microsoft SharePoint Server特权提升漏洞(CVE-2023-21717):
Microsoft SharePoint服务器存在特权提升漏洞,经过身份验证且具有Manage List权限的攻击者通过该漏洞获得创建站点的访问权限,最终可实现在目标服务器上执行任意代码,CVSS评分为8.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21717
三、影响范围
以下为部分重点关注漏洞的受影响产品版本,其他漏洞影响产品范围请参阅官方通告链接。
| 漏洞编号 | 受影响产品版本 |
| CVE-2023-21823 | Microsoft Office for Android
Microsoft Office for iOS Microsoft Office for Universal Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) |
| CVE-2023-21715 | Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems |
| CVE-2023-23376
CVE-2023-21692 |
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) |
| CVE-2023-21689
CVE-2023-21690 |
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) |
| CVE-2023-21716 | SharePoint Server Subscription Edition Language Pack
Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office LTSC 2021 for 64-bit editions Microsoft SharePoint Server Subscription Edition Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC for Mac 2021 Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft Office Web Apps Server 2013 Service Pack 1 Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office 2019 for Mac Microsoft Office Online Server |
| CVE-2023-21707
CVE-2023-21706 CVE-2023-2152
|
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 11 Microsoft Exchange Server 2019 Cumulative Update 12 |
| CVE-2023-21717 | Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 |
四、漏洞防护
- 补丁更新
目前微软官方已针对受支持的产品版本发布了修复以上漏洞的安全补丁,强烈建议受影响用户尽快安装补丁进行防护,官方下载链接:
https://msrc.microsoft.com/update-guide/releaseNote/2023-Feb
注:由于网络问题、计算机环境问题等原因,Windows Update的补丁更新可能出现失败。用户在安装补丁后,应及时检查补丁是否成功更新。
右键点击Windows图标,选择“设置(N)”,选择“更新和安全”-“Windows更新”,查看该页面上的提示信息,也可点击“查看更新历史记录”查看历史更新情况。
针对未成功安装的更新,可点击更新名称跳转到微软官方下载页面,建议用户点击该页面上的链接,转到“Microsoft更新目录”网站下载独立程序包并安装。
附录:漏洞列表
| 影响产品 | CVE编号 | 漏洞标题 | 严重程度 |
| Windows iSCSI | CVE-2023-21803 | Windows iSCSI 发现服务远程代码执行漏洞 | Critical |
| Microsoft Office Word | CVE-2023-21716 | Microsoft Word 远程代码执行漏洞 | Critical |
| Windows Protected EAP (PEAP) | CVE-2023-21692 | Microsoft 受保护的可扩展身份验证协议 (PEAP) 远程代码执行漏洞 | Critical |
| Windows Protected EAP (PEAP) | CVE-2023-21690 | Microsoft 受保护的可扩展身份验证协议 (PEAP) 远程代码执行漏洞 | Critical |
| Windows Protected EAP (PEAP) | CVE-2023-21689 | Microsoft 受保护的可扩展身份验证协议 (PEAP) 远程代码执行漏洞 | Critical |
| Visual Studio | CVE-2023-21815 | Visual Studio 远程代码执行漏洞 | Critical |
| Visual Studio | CVE-2023-23381 | Visual Studio 远程代码执行漏洞 | Critical |
| .NET and Visual Studio | CVE-2023-21808 | .NET 和 Visual Studio 远程代码执行漏洞 | Critical |
| SQL Server | CVE-2023-21718 | Microsoft SQL ODBC 驱动程序远程代码执行漏洞 | Critical |
| Microsoft Graphics Component | CVE-2023-21823 | Windows Graphics Component 远程代码执行漏洞 | Important |
| Microsoft Office Publisher | CVE-2023-21715 | Microsoft Publisher 安全功能绕过漏洞 | Important |
| Windows Common Log File System Driver | CVE-2023-23376 | Windows 通用日志文件系统驱动程序特权提升漏洞 | Important |
| Microsoft Exchange Server | CVE-2023-21707 | Microsoft Exchange Server 远程代码执行漏洞 | Important |
| Microsoft Exchange Server | CVE-2023-21706 | Microsoft Exchange Server 远程代码执行漏洞 | Important |
| Microsoft Exchange Server | CVE-2023-21529 | Microsoft Exchange Server 远程代码执行漏洞 | Important |
| Microsoft Office SharePoint | CVE-2023-21717 | Microsoft SharePoint Server 特权提升漏洞 | Important |
| Microsoft PostScript Printer Driver | CVE-2023-21684 | Microsoft PostScript 打印机驱动程序远程代码执行漏洞 | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2023-21686 | Microsoft WDAC OLE DB provider for SQL Server 远程代码执行漏洞 | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2023-21685 | Microsoft WDAC OLE DB provider for SQL Server 远程代码执行漏洞 | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2023-21799 | Microsoft WDAC OLE DB provider for SQL Server 远程代码执行漏洞 | Important |
| SQL Server | CVE-2023-21713 | Microsoft SQL Server 远程代码执行漏洞 | Important |
| SQL Server | CVE-2023-21705 | Microsoft SQL Server 远程代码执行漏洞 | Important |
| Windows ODBC Driver | CVE-2023-21797 | Microsoft ODBC 驱动程序远程代码执行漏洞 | Important |
| Windows ODBC Driver | CVE-2023-21798 | Microsoft ODBC 驱动程序远程代码执行漏洞 | Important |
| Azure App Service | CVE-2023-21777 | Azure App Service on Azure Stack Hub 特权提升漏洞 | Important |
| Microsoft Dynamics | CVE-2023-21778 | Microsoft Dynamics Unified Service Desk远程代码执行漏洞 | Important |
| Power BI | CVE-2023-21806 | Power BI 报表服务器欺骗漏洞 | Important |
| 3D Builder | CVE-2023-23390 | 3D Builder 远程代码执行漏洞 | Important |
| 3D Builder | CVE-2023-23377 | 3D Builder 远程代码执行漏洞 | Important |
| 3D Builder | CVE-2023-23378 | Print 3D 远程代码执行漏洞 | Important |
| Microsoft Defender for Endpoint | CVE-2023-21809 | Microsoft Defender for Endpoint 安全功能绕过漏洞 | Important |
| Microsoft Graphics Component | CVE-2023-21804 | Windows Graphics Component 特权提升漏洞 | Important |
| Microsoft PostScript Printer Driver | CVE-2023-21801 | Microsoft PostScript 打印机驱动程序远程代码执行漏洞 | Important |
| Microsoft Windows Codecs Library | CVE-2023-21802 | Windows Media 远程代码执行漏洞 | Important |
| SQL Server | CVE-2023-21528 | Microsoft SQL Server 远程代码执行漏洞 | Important |
| SQL Server | CVE-2023-21704 | Microsoft ODBC Driver for SQL Server 远程代码执行漏洞 | Important |
| Visual Studio | CVE-2023-21566 | Visual Studio 特权提升漏洞 | Important |
| Windows ALPC | CVE-2023-21688 | NT 操作系统内核特权提升漏洞 | Important |
| Windows Installer | CVE-2023-21800 | Windows 安装程序特权提升漏洞 | Important |
| Windows Kerberos | CVE-2023-21817 | Windows Kerberos 特权提升漏洞 | Important |
| Windows MSHTML Platform | CVE-2023-21805 | Windows MSHTML 平台远程代码执行漏洞 | Important |
| Windows Win32K | CVE-2023-21822 | Windows Graphics Component 特权提升漏洞 | Important |
| Azure DevOps | CVE-2023-21553 | Azure DevOps Server 远程代码执行漏洞 | Important |
| Windows Active Directory | CVE-2023-21816 | Windows Active Directory 域服务 API 拒绝服务漏洞 | Important |
| Windows Cryptographic Services | CVE-2023-21813 | Windows 安全通道拒绝服务漏洞 | Important |
| Windows Cryptographic Services | CVE-2023-21819 | Windows 安全通道拒绝服务漏洞 | Important |
| Windows iSCSI | CVE-2023-21700 | Windows iSCSI 发现服务拒绝服务漏洞 | Important |
| Windows iSCSI | CVE-2023-21702 | Windows iSCSI 服务拒绝服务漏洞 | Important |
| Windows iSCSI | CVE-2023-21811 | Windows iSCSI 服务拒绝服务漏洞 | Important |
| Windows Protected EAP (PEAP) | CVE-2023-21695 | Microsoft 受保护的可扩展身份验证协议 (PEAP) 远程代码执行漏洞 | Important |
| Windows Protected EAP (PEAP) | CVE-2023-21701 | Microsoft 受保护的可扩展身份验证协议 (PEAP) 拒绝服务漏洞 | Important |
| Windows Protected EAP (PEAP) | CVE-2023-21691 | Microsoft 受保护的可扩展身份验证协议 (PEAP) 信息泄露漏洞 | Important |
| Windows SChannel | CVE-2023-21818 | Windows 安全通道拒绝服务漏洞 | Important |
| Windows Distributed File System (DFS) | CVE-2023-21820 | Windows 分布式文件系统 (DFS) 远程代码执行漏洞 | Important |
| SQL Server | CVE-2023-21568 | Microsoft SQL Server Integration Service (VS extension) 远程代码执行漏洞 | Important |
| Microsoft Exchange Server | CVE-2023-21710 | Microsoft Exchange Server 远程代码执行漏洞 | Important |
| Azure DevOps | CVE-2023-21564 | Azure DevOps Server 跨站点脚本漏洞 | Important |
| Windows Fax and Scan Service | CVE-2023-21694 | Windows 传真服务远程代码执行漏洞 | Important |
| Azure Data Box Gateway | CVE-2023-21703 | Azure Data Box Gateway 远程代码执行漏洞 | Important |
| Azure Machine Learning | CVE-2023-23382 | Azure Machine Learning Compute Instance信息泄露漏洞 | Important |
| Microsoft Dynamics | CVE-2023-21572 | Microsoft Dynamics 365 (本地) 跨站点脚本漏洞 | Important |
| Microsoft Office OneNote | CVE-2023-21721 | Microsoft OneNote 欺骗漏洞 | Important |
| Microsoft Defender for IoT | CVE-2023-23379 | Microsoft Defender for IoT 提权提升漏洞 | Important |
| Internet Storage Name Service | CVE-2023-21697 | Windows Internet 存储名称服务 (iSNS) 服务器信息泄露漏洞 | Important |
| Microsoft Dynamics | CVE-2023-21807 | Microsoft Dynamics 365 (本地) 跨站点脚本漏洞 | Important |
| Microsoft PostScript Printer Driver | CVE-2023-21693 | Microsoft PostScript Printer Driver 信息泄露漏洞 | Important |
| Visual Studio | CVE-2023-21567 | Visual Studio 拒绝服务漏洞 | Important |
| Microsoft Office | CVE-2023-21714 | Microsoft Office 办公信息泄露漏洞 | Important |
| Windows HTTP.sys | CVE-2023-21687 | HTTP.sys 信息泄露漏洞 | Important |
| Microsoft Dynamics | CVE-2023-21573 | Microsoft Dynamics 365 (本地) 跨站点脚本漏洞 | Important |
| Microsoft Dynamics | CVE-2023-21571 | Microsoft Dynamics 365 (本地) 跨站点脚本漏洞 | Important |
| Microsoft Dynamics | CVE-2023-21570 | Microsoft Dynamics 365 (本地) 跨站点脚本漏洞 | Important |
| Internet Storage Name Service | CVE-2023-21699 | Windows Internet 存储名称服务 (iSNS) 服务器信息泄露漏洞 | Important |
| .NET Framework | CVE-2023-21722 | .NET 框架拒绝服务漏洞 | Important |
| Windows Common Log File System Driver | CVE-2023-21812 | Windows 通用日志文件系统驱动程序特权提升漏洞 | Important |
声明
本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。
绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。