一、漏洞概述
9月11日,绿盟科技CERT监测到微软发布9月安全更新补丁,修复了79个安全问题,涉及Windows、Microsoft SQL Server、Microsoft Office、Microsoft SharePoint Server、Azure等广泛使用的产品,其中包括权限提升、远程代码执行等高危漏洞类型。
本月微软月度更新修复的漏洞中,严重程度为关键(Critical)的漏洞有7个,重要(Important)漏洞有71个。其中包括4个存在在野利用的漏洞:
Windows Installer权限提升漏洞(CVE-2024-38014)
Microsoft Publisher安全功能绕过漏洞(CVE-2024-38226)
Microsoft Windows Update远程代码执行漏洞(CVE-2024-43491)
Windows Mark of the Web安全功能绕过漏洞(CVE-2024-38217)
请相关用户尽快更新补丁进行防护,完整漏洞列表请参考附录。
参考链接:
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2024-Sep
二、重点漏洞简述
根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:
Microsoft Windows Update远程代码执行漏洞(CVE-2024-43491):
Microsoft Windows Update存在远程代码执行漏洞,由于Microsoft Windows更新服务中的释放后重使用(UAF)问题。未经身份认证的攻击者可以向目标系统发送特制的数据包,成功利用该漏洞可执行任意代码。该漏洞存在在野利用,CVSS评分为9.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43491
Windows Installer权限提升漏洞(CVE-2024-38014):
Windows Installer中存在权限提升漏洞,由于Windows Installer中的权限管理不当,经过普通用户身份认证的本地攻击者通过运行特制的程序来利用此漏洞。成功利用此漏洞的攻击者可以获得目标系统的SYSTEM权限。该漏洞存在在野利用,CVSS评分7.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38014
Microsoft SharePoint Server远程代码执行漏洞(CVE-2024-38018/CVE-2024-43464):
Microsoft SharePoint Server中存在多个远程代码执行漏洞,由于在Microsoft SharePoint Server中处理序列化数据时输入验证不安全。拥有站点所有者权限或更高权限的攻击者可以将特制文件上传到目标 SharePoint Server,并制作专门的API请求触发文件参数的反序列化,从而在SharePoint Server上下文中执行任意代码。CVSS评分8.8。
官方链接通告:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-38018
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43464
Windows Network Address Translation (NAT) 远程代码执行漏洞(CVE-2024-38119):
Windows Network Address Translation (NAT) 存在远程代码执行漏洞,由于Windows 网络地址转换 (NAT)存在释放后重使用(UAF)漏洞,未经身份验证的攻击者可以在相邻网络中利用该漏洞在目标系统上执行任意代码,成功利该漏洞需要赢得竞争条件,CVSS评分为7.5。。
官方通告链接:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-38119
Microsoft Publisher安全功能绕过漏洞(CVE-2024-38226):
Microsoft Publisher存在安全功能绕过漏洞,由于安全措施实施不足,攻击者可通过诱导受害者下载并打开特制文件来进行利用,成功利用此漏洞可绕过用于阻止不受信任或恶意文件的Office宏策略,该漏洞存在在野利用,CVSS评分为7.3。
官方通告链接:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-38226
Windows Mark of the Web安全功能绕过漏洞(CVE-2024-38217):
Windows Mark of the Web存在安全功能绕过漏洞,由于MOTW保护机制失效问题,未经身份验证的攻击者通过在其控制的服务器上托管一个文件,然后诱导目标用户下载并打开该文件来进行利用。成功利用此漏洞能够绕过Windows网络标记(MOTW)安全功能。该漏洞存在在野利用,CVSS评分5.4。
官方通告链接:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-38217
Azure Stack Hub权限提升漏洞(CVE-2024-38216/CVE-2024-38220):
Azure Stack Hub存在多个权限提升漏洞,CVE-2024-38216:由于Azure Stack Hub对用户提供的输入验证不足,未经身份验证的攻击者可以将特制的输入传递给应用程序并获得对系统资源的访问权限,CVSS评分为8.2。CVE-2024-38220:由于 Azure Stack Hub 中的访问限制不当,经过普通用户身份认证的攻击者可以绕过已实施的安全限制并获得系统的访问权限,并可能允许以与受感染进程相同的权限执行操作。攻击者必须等待受害者发起连接才能利用此漏洞,CVSS评分为9.0。
官方通告链接:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-38216
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-38220
三、影响范围
以下为部分重点关注漏洞的受影响产品版本,其他漏洞影响产品范围请参阅官方通告链接。
| 漏洞编号 | 受影响产品版本 |
| CVE-2024-43491 | Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems |
| CVE-2024-38014
CVE-2024-38217 |
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 |
| CVE-2024-38018
CVE-2024-43464 |
Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 |
| CVE-2024-38119 | Windows 11 Version 24H2 for ARM64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 11 Version 24H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
| CVE-2024-38226 | Microsoft Publisher 2016 (64-bit edition)
Microsoft Publisher 2016 (32-bit edition) Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for 32-bit editions |
| CVE-2024-38216
CVE-2024-38220 |
Azure Stack Hub |
四、漏洞防护
- 补丁更新
目前微软官方已针对受支持的产品版本发布了修复以上漏洞的安全补丁,强烈建议受影响用户尽快安装补丁进行防护,官方下载链接:
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2024-Sep
注:由于网络问题、计算机环境问题等原因,Windows Update的补丁更新可能出现失败。用户在安装补丁后,应及时检查补丁是否成功更新。
右键点击Windows图标,选择“设置(N)”,选择“更新和安全”-“Windows更新”,查看该页面上的提示信息,也可点击“查看更新历史记录”查看历史更新情况。
针对未成功安装的更新,可点击更新名称跳转到微软官方下载页面,建议用户点击该页面上的链接,转到“Microsoft更新目录”网站下载独立程序包并安装。
附录:漏洞列表
| 影响产品 | CVE编号 | 漏洞标题 | 严重程度 |
| Windows | CVE-2024-43491 | Microsoft Windows Update 远程代码执行漏洞 | Critical |
| Microsoft Office | CVE-2024-43464 | Microsoft SharePoint Server 远程代码执行漏洞 | Critical |
| Azure | CVE-2024-38220 | Azure Stack Hub 权限提升漏洞 | Critical |
| Azure | CVE-2024-38216 | Azure Stack Hub 权限提升漏洞 | Critical |
| Azure | CVE-2024-38194 | Azure Web Apps 权限提升漏洞 | Critical |
| Windows | CVE-2024-38119 | Windows Network Address Translation (NAT) 远程代码执行漏洞 | Critical |
| Microsoft Office | CVE-2024-38018 | Microsoft SharePoint Server 远程代码执行漏洞 | Critical |
| Windows | CVE-2024-43495 | Windows libarchive 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2024-43492 | Microsoft AutoUpdate (MAU) 权限提升漏洞 | Important |
| Microsoft Office | CVE-2024-43482 | Microsoft Outlook for iOS 信息披露漏洞 | Important |
| Microsoft Dynamics | CVE-2024-43479 | Microsoft Power Automate Desktop 远程代码执行漏洞 | Important |
| Microsoft Dynamics | CVE-2024-43476 | Microsoft Dynamics 365 (on-premises) 跨站脚本漏洞 | Important |
| Windows | CVE-2024-43475 | Microsoft Windows Admin Center 信息披露漏洞 | Important |
| Microsoft SQL Server | CVE-2024-43474 | Microsoft SQL Server 信息披露漏洞 | Important |
| Azure | CVE-2024-43470 | Azure Network Watcher VM Agent 权限提升漏洞 | Important |
| Azure | CVE-2024-43469 | Azure CycleCloud 远程代码执行漏洞 | Important |
| Windows | CVE-2024-43467 | Windows Remote Desktop Licensing Service 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2024-43466 | Microsoft SharePoint Server 拒绝服务漏洞 | Important |
| Microsoft Office | CVE-2024-43465 | Microsoft Excel 权限提升漏洞 | Important |
| Microsoft Office | CVE-2024-43463 | Microsoft Office Visio 远程代码执行漏洞 | Important |
| Windows | CVE-2024-43461 | Windows MSHTML Platform 欺骗漏洞 | Important |
| Windows | CVE-2024-43458 | Windows Networking 信息披露漏洞 | Important |
| Windows | CVE-2024-43457 | Windows Setup and Deployment 权限提升漏洞 | Important |
| Windows | CVE-2024-43455 | Windows Remote Desktop Licensing Service 欺骗漏洞 | Important |
| Windows | CVE-2024-43454 | Windows Remote Desktop Licensing Service 远程代码执行漏洞 | Important |
| Windows | CVE-2024-38263 | Windows Remote Desktop Licensing Service 远程代码执行漏洞 | Important |
| Windows | CVE-2024-38260 | Windows Remote Desktop Licensing Service 远程代码执行漏洞 | Important |
| Windows | CVE-2024-38259 | Microsoft Management Console 远程代码执行漏洞 | Important |
| Windows | CVE-2024-38258 | Windows Remote Desktop Licensing Service 信息披露漏洞 | Important |
| Windows | CVE-2024-38257 | Microsoft AllJoyn API 信息披露漏洞 | Important |
| Windows | CVE-2024-38256 | Windows Kernel-Mode Driver 信息披露漏洞 | Important |
| Windows | CVE-2024-38254 | Windows Authentication 信息披露漏洞 | Important |
| Windows | CVE-2024-38253 | Windows Win32 Kernel Subsystem 权限提升漏洞 | Important |
| Windows | CVE-2024-38252 | Windows Win32 Kernel Subsystem 权限提升漏洞 | Important |
| Windows,Microsoft Office | CVE-2024-38250 | Windows Graphics Component 权限提升漏洞 | Important |
| Windows | CVE-2024-38249 | Windows Graphics Component 权限提升漏洞 | Important |
| Windows | CVE-2024-38248 | Windows Storage 权限提升漏洞 | Important |
| Windows | CVE-2024-38247 | Windows Graphics Component 权限提升漏洞 | Important |
| Windows | CVE-2024-38246 | Win32k 权限提升漏洞 | Important |
| Windows | CVE-2024-38245 | Kernel Streaming Service Driver 权限提升漏洞 | Important |
| Windows | CVE-2024-38244 | Kernel Streaming Service Driver 权限提升漏洞 | Important |
| Windows | CVE-2024-38243 | Kernel Streaming Service Driver 权限提升漏洞 | Important |
| Windows | CVE-2024-38242 | Kernel Streaming Service Driver 权限提升漏洞 | Important |
| Windows | CVE-2024-38241 | Kernel Streaming Service Driver 权限提升漏洞 | Important |
| Windows | CVE-2024-38240 | Windows Remote Access Connection Manager 权限提升漏洞 | Important |
| Windows | CVE-2024-38239 | Windows Kerberos 权限提升漏洞 | Important |
| Windows | CVE-2024-38238 | Kernel Streaming Service Driver 权限提升漏洞 | Important |
| Windows | CVE-2024-38237 | Kernel Streaming WOW Thunk Service Driver 权限提升漏洞 | Important |
| Windows | CVE-2024-38236 | DHCP Server Service 拒绝服务漏洞 | Important |
| Windows | CVE-2024-38235 | Windows Hyper-V 拒绝服务漏洞 | Important |
| Windows | CVE-2024-38234 | Windows Networking 拒绝服务漏洞 | Important |
| Windows | CVE-2024-38233 | Windows Networking 拒绝服务漏洞 | Important |
| Windows | CVE-2024-38232 | Windows Networking 拒绝服务漏洞 | Important |
| Windows | CVE-2024-38231 | Windows Remote Desktop Licensing Service 拒绝服务漏洞 | Important |
| Windows | CVE-2024-38230 | Windows Standards-Based Storage Management Service 拒绝服务漏洞 | Important |
| Microsoft Office | CVE-2024-38228 | Microsoft SharePoint Server 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2024-38227 | Microsoft SharePoint Server 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2024-38226 | Microsoft Publisher 安全功能绕过漏洞 | Important |
| Microsoft Dynamics | CVE-2024-38225 | Microsoft Dynamics 365 Business Central 权限提升漏洞 | Important |
| Windows | CVE-2024-38217 | Windows Mark of the Web 安全功能绕过漏洞 | Important |
| Azure | CVE-2024-38188 | Azure Network Watcher VM Agent 权限提升漏洞 | Important |
| Windows | CVE-2024-38046 | PowerShell 权限提升漏洞 | Important |
| Windows | CVE-2024-38045 | Windows TCP/IP 远程代码执行漏洞 | Important |
| Windows | CVE-2024-38014 | Windows Installer 权限提升漏洞 | Important |
| Microsoft SQL Server | CVE-2024-37980 | Microsoft SQL Server 权限提升漏洞 | Important |
| Microsoft SQL Server | CVE-2024-37966 | Microsoft SQL Server Native Scoring 信息披露漏洞 | Important |
| Microsoft SQL Server | CVE-2024-37965 | Microsoft SQL Server 权限提升漏洞 | Important |
| Microsoft SQL Server | CVE-2024-37342 | Microsoft SQL Server Native Scoring 信息披露漏洞 | Important |
| Microsoft SQL Server | CVE-2024-37341 | Microsoft SQL Server 权限提升漏洞 | Important |
| Microsoft SQL Server | CVE-2024-37340 | Microsoft SQL Server Native Scoring 远程代码执行漏洞 | Important |
| Microsoft SQL Server | CVE-2024-37339 | Microsoft SQL Server Native Scoring 远程代码执行漏洞 | Important |
| Microsoft SQL Server | CVE-2024-37338 | Microsoft SQL Server Native Scoring 远程代码执行漏洞 | Important |
| Microsoft SQL Server | CVE-2024-37337 | Microsoft SQL Server Native Scoring 信息披露漏洞 | Important |
| Microsoft SQL Server | CVE-2024-37335 | Microsoft SQL Server Native Scoring 远程代码执行漏洞 | Important |
| Windows | CVE-2024-30073 | Windows Security Zone Mapping 安全功能绕过漏洞 | Important |
| Microsoft SQL Server | CVE-2024-26191 | Microsoft SQL Server Native Scoring 远程代码执行漏洞 | Important |
| Microsoft SQL Server | CVE-2024-26186 | Microsoft SQL Server Native Scoring 远程代码执行漏洞 | Important |
| Windows | CVE-2024-21416 | Windows TCP/IP 远程代码执行漏洞 | Important |
| Windows | CVE-2024-43487 | Windows Mark of the Web 安全功能绕过漏洞 | Moderate |
声明
本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。
绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。