¡¾Â©¶´Í¨¸æ¡¿Î¢Èí10Ô¶à¸öÄþ¾²Â©¶´

Ðû²¼Ê±¼ä 2024-10-09

Ò»¡¢Â©¶´¸ÅÊö

2024Äê10ÔÂ9ÈÕ£¬¶«É­Æ½Ì¨¼¯ÍÅVSRC¼à²âµ½Î¢ÈíÐû²¼ÁË10ÔÂÄþ¾²¸üУ¬±¾´Î¸üй²ÐÞ¸´ÁË118¸ö©¶´£¨²»°üÂÞ֮ǰÐÞ¸´µÄ3¸öEdge©¶´£©£¬Â©¶´ÀàÐÍ°üÂÞÌØȨÌáÉý©¶´¡¢Äþ¾²¹¦Ð§Èƹý©¶´¡¢Ô¶³Ì´úÂëÖ´ÐЩ¶´¡¢ÐÅϢ鶩¶´¡¢¾Ü¾ø·þÎñ©¶´ºÍÆÛƭ©¶´µÈ¡£

±¾´ÎÄþ¾²¸üÐÂÖаüÂÞ5¸öÒѾ­¹ûÈ»Åû¶µÄ0 day©¶´£¬ÆäÖÐ2¸öÒÑ·¢ÏÖ±»ÀûÓãº

CVE-2024-43573£ºWindows MSHTML PlatformÆÛƭ©¶´

Windows MSHTML ƽ̨£¨¸Ãƽ̨ÒÔÇ°±»Internet Explorer ºÍ¾É°æ Microsoft Edge ʹÓã¬Æä×é¼þÈÔ°²×°ÔÚWindows ÖУ©´æÔÚ¿çÕ¾½Å±¾Â©¶´£¬¸Ã©¶´µÄCVSSÆÀ·ÖΪ6.5¡£ÍþвÕß¿ÉÓÕʹÊܺ¦Õßµã»÷ÌØÖÆÁ´½Ó»òä¯ÀÀ¶ñÒâÒ³Ãæʱ´¥·¢¸Ã©¶´£¬´Ó¶ø¿ÉÄܵ¼Ö¶ñÒâ½Å±¾ÔÚÓû§µÄä¯ÀÀÆ÷ÖÐÖ´ÐС£Ä¿Ç°¸Ã©¶´ÒѾ­¹ûÈ»Åû¶£¬ÇÒÒѼì²âµ½Â©¶´ÀûÓá£

CVE-2024-43572£ºMicrosoft Management ConsoleÔ¶³Ì´úÂëÖ´ÐЩ¶´

Microsoft ¹ÜÀí¿ØÖÆ̨´æÔÚ´úÂëÖ´ÐЩ¶´£¬¸Ã©¶´µÄCVSSÆÀ·ÖΪ7.8£¬ÍþвÕß¿Éͨ¹ýÓÕʹÊܺ¦Õß´ÓÍøÕ¾ÏÂÔز¢´ò¿ªÌØÖƵÄMicrosoft Saved Console (MSC) ÎļþÀ´ÀûÓø鶴£¬ÀÖ³ÉÀûÓÿÉÄܵ¼ÖÂÈÎÒâ´úÂëÖ´ÐС£Ä¿Ç°¸Ã©¶´ÒѾ­¹ûÈ»Åû¶£¬ÇÒÒѼì²âµ½Â©¶´ÀûÓá£

CVE-2024-6197£ºOpen Source Curl Ô¶³Ì´úÂëÖ´ÐЩ¶´

¿ªÔ´ CurlÖдæÔÚ©¶´£¨¸Ã©¶´Ó°Ïìcurl¡¢ÃüÁîÐй¤¾ßºÍǶÈëÔÚÖÖÖÖÈí¼þÖÐµÄ libcurl£¬ÓÉÓÚWindowsÖи½´øcurlÃüÁîÐÐÒò´ËÒ×Êܸ鶴ӰÏ죩£¬¸Ã©¶´µÄCVSSÆÀ·ÖΪ8.8£¬¿ÉÄܵ¼ÖÂÔÚ Curl ʵÑéÁ¬½Óµ½¶ñÒâ·þÎñÆ÷ʱִÐÐÃüÁĿǰ¸Ã©¶´ÒѾ­¹ûÈ»Åû¶£¬Î¢ÈíµÄ¿ÉÀûÓÃÐÔÆÀ¹ÀΪ ¡°±»ÀûÓõĿÉÄÜÐÔ½ÏС¡±¡£

CVE-2024-20659£ºWindows Hyper-V Äþ¾²¹¦Ð§Èƹý©¶´

Windows Hyper-V´æÔÚÄþ¾²¹¦Ð§Èƹý©¶´£¬¸Ã©¶´µÄCVSSÆÀ·ÖΪ7.1£¬ÀÖ³ÉÀûÓø鶴ÐèÒªÓû§ÖØÐÂÆô¶¯Æä»úÆ÷£¬ÔÚijЩÌض¨Ó²¼þÉÏ£¬ÀÖ³ÉÀûÓø鶴¿ÉÄÜ»áÈƹý UEFI£¬Õâ¿ÉÄܵ¼ÖÂÐéÄâ»ú¹ÜÀí·¨Ê½ºÍÄþ¾²Äں˱»ÆÆ»µ¡£Ä¿Ç°¸Ã©¶´ÒѾ­¹ûÈ»Åû¶£¬Î¢ÈíµÄ¿ÉÀûÓÃÐÔÆÀ¹ÀΪ ¡°±»ÀûÓõĿÉÄÜÐÔ½ÏС¡±¡£

CVE-2024-43583£ºWinlogon ÌØȨÌáÉý©¶´

Winlogon´æÔÚÌØȨÌáÉý©¶´£¬¸Ã©¶´µÄCVSSÆÀ·ÖΪ7.8£¬ÀÖ³ÉÀûÓø鶴¿É»ñµÃWindows ÖеÄSYSTEM ȨÏÞ¡£Ä¿Ç°¸Ã©¶´ÒѾ­¹ûÈ»Åû¶£¬Î¢ÈíµÄ¿ÉÀûÓÃÐÔÆÀ¹ÀΪ ¡°±»ÀûÓõĿÉÄÜÐԽϸߡ±¡£

±¾´ÎÄþ¾²¸üÐÂÖÐÐÞ¸´µÄ3¸öÑÏÖØ©¶´Îª£º

CVE-2024-43468£ºMicrosoft Configuration Manager Ô¶³Ì´úÂëÖ´ÐЩ¶´

Microsoft Configuration Manager´æÔÚSQL×¢È멶´£¬¸Ã©¶´µÄCVSSÆÀ·ÖΪ9.8£¬Î´¾­Éí·ÝÑéÖ¤µÄÍþвÕß¿Éͨ¹ýÏòÄ¿±ê»·¾³·¢ËͶñÒâÇëÇóÀ´ÀûÓø鶴£¬ÕâЩÇëÇóÒÔ²»Äþ¾²µÄ·½Ê½´¦Ö㬴Ӷø¿ÉÄܵ¼ÖÂÔÚ·þÎñÆ÷»òµ×²ãÊý¾Ý¿âÉÏÖ´ÐÐÃüÁ΢ÈíµÄ¿ÉÀûÓÃÐÔÆÀ¹ÀΪ ¡°±»ÀûÓõĿÉÄÜÐÔ½ÏС¡±¡£

CVE-2024-43488£ºVisual Studio Code extension for Arduino Ô¶³Ì´úÂëÖ´ÐЩ¶´

Visual Studio Code extension for ArduinoÖÐȱÉÙ¶ÔÒªº¦¹¦Ð§µÄÉí·ÝÑéÖ¤£¬¸Ã©¶´µÄCVSSÆÀ·ÖΪ8.8£¬¿ÉÄܵ¼ÖÂδ¾­Éí·ÝÑéÖ¤µÄÍþвÕßͨ¹ýÍøÂç¹¥»÷µ¼ÖÂÔ¶³Ì´úÂëÖ´ÐС£Ä¿Ç°Microsoft ÒÑÍêÈ«»º½â¸Ã©¶´£¬ÊÜÓ°ÏìÓû§ÎÞÐè½ÓÄÉÈκδëÊ©¡£Î¢ÈíµÄ¿ÉÀûÓÃÐÔÆÀ¹ÀΪ ¡°±»ÀûÓõĿÉÄÜÐÔ½ÏС¡±¡£

CVE-2024-43582£ºRemote Desktop Protocol Server Ô¶³Ì´úÂëÖ´ÐЩ¶´

Remote Desktop Protocol ServerÖдæÔÚUse-After-Free©¶´£¬¸Ã©¶´µÄCVSSÆÀ·ÖΪ8.1£¬Î´¾­Éí·ÝÑéÖ¤µÄÍþвÕß¿Éͨ¹ýÏò RPC Ö÷»ú·¢Ë͸ñʽ´íÎóµÄÊý¾Ý°ü£¬¿ÉÄܵ¼ÖÂÔÚ·þÎñÆ÷¶ËÒÔÓëRPC·þÎñÏàͬµÄȨÏÞÖ´ÐÐÔ¶³Ì´úÂ룬ÀÖ³ÉÀûÓø鶴ÐèÒªÓ®µÃ¾ºÕùÌõ¼þ¡£Î¢ÈíµÄ¿ÉÀûÓÃÐÔÆÀ¹ÀΪ ¡°±»ÀûÓõĿÉÄÜÐÔ½ÏС¡±¡£

³ýCVE-2024-43583Í⣬΢ÈíµÄ¿ÉÀûÓÃÐÔÆÀ¹ÀÖÐÆäËû ¡°±»ÀûÓõĿÉÄÜÐԽϸߡ±µÄ©¶´»¹°üÂÞ£º

l  CVE-2024-43581/ CVE-2024-43615£ºMicrosoft OpenSSH for Windows Ô¶³Ì´úÂëÖ´ÐЩ¶´

Microsoft OpenSSH for WindowsÖдæÔÚÎļþÃû»ò·¾¶µÄÍⲿ¿ØÖÆ£¬ÕâЩ©¶´µÄCVSSÆÀ·Ö¾ùΪ7.1£¬ÀûÓÃÄѶȽϸߣ¬ÐèÒªÊܺ¦ÕßÖ´ÐÐÌض¨µÄÎļþ¹ÜÀí²Ù×÷À´´¥·¢Â©¶´£¬ÀÖ³ÉÀûÓÿÉÄÜÔÚÄ¿±êϵͳÉϵ¼ÖÂÔ¶³Ì´úÂëÖ´ÐС£

l  CVE-2024-43502£ºWindows ÄÚºËÌØȨÌáÉý©¶´

l  CVE-2024-43509£ºWindows Graphics ComponentÌØȨÌáÉý©¶´

l  CVE-2024-43556£ºWindows Graphics ComponentÌØȨÌáÉý©¶´

l  CVE-2024-43560£ºMicrosoft Windows Storage Port DriverÌØȨÌáÉý©¶´

l  CVE-2024-43609£ºMicrosoft Office ÆÛƭ©¶´

΢Èí10Ô¸üÐÂÉæ¼°µÄÍêÕû©¶´ÁбíÈçÏ£º

CVE ID

CVE ±êÌâ

ÑÏÖØÐÔ

CVE-2024-43468

Microsoft   Configuration Manager Ô¶³Ì´úÂëÖ´ÐЩ¶´

ÑÏÖØ

CVE-2024-43488

Visual   Studio Code extension for Arduino Ô¶³Ì´úÂëÖ´ÐЩ¶´

ÑÏÖØ

CVE-2024-43582

Remote   Desktop Protocol Server Ô¶³Ì´úÂëÖ´ÐЩ¶´

ÑÏÖØ

CVE-2024-38229

.NET ºÍ Visual Studio Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43485

.NET ºÍ Visual Studio ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43484

.NET¡¢.NET Framework ºÍ Visual Studio ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43483

.NET¡¢.NET Framework ºÍ Visual Studio ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43591

Azure   Command Line Integration (CLI) ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-38097

Azure   Monitor Agent ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-38179

Azure   Stack Hyperconverged Infrastructure (HCI) ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43506

BranchCache   ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-38149

BranchCache   ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43585

Code   Integrity Guard Äþ¾²¹¦Ð§Èƹý©¶´

¸ßΣ

CVE-2024-43497

DeepSpeed Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43515

Internet   Small Computer Systems Interface (iSCSI) ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43517

Microsoft   ActiveX Data Objects Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43614

Microsoft   Defender for Endpoint for Linux ÆÛƭ©¶´

¸ßΣ

CVE-2024-43534

Windows   Graphics Component ÐÅϢ鶩¶´

¸ßΣ

CVE-2024-43508

Windows   Graphics Component ÐÅϢ鶩¶´

¸ßΣ

CVE-2024-43556

Windows   Graphics Component ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43509

Windows   Graphics Component ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43572

Microsoft   Management Console Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43616

Microsoft   Office Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43576

Microsoft   Office Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43609

Microsoft   Office ÆÛƭ©¶´

¸ßΣ

CVE-2024-43504

Microsoft   Excel Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43503

Microsoft   SharePoint ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43505

Microsoft   Office Visio Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43544

Microsoft   Simple Certificate Enrollment Protocol ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43541

Microsoft   Simple Certificate Enrollment Protocol ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43519

Microsoft   WDAC OLE DB provider for SQL Server Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43574

Microsoft   Speech Application Programming Interface (SAPI) Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43615

Microsoft   OpenSSH for Windows Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43581

Microsoft   OpenSSH for Windows Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-38029

Microsoft   OpenSSH for Windows Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43604

Outlook   for Android ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43612

Power BI   Report Server ÆÛƭ©¶´

¸ßΣ

CVE-2024-43481

Power BI   Report Server ÆÛƭ©¶´

¸ßΣ

CVE-2024-43533

Remote   Desktop Client Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43599

Remote   Desktop Client Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43521

Windows   Hyper-V ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-20659

Windows   Hyper-V Äþ¾²¹¦Ð§Èƹý©¶´

¸ßΣ

CVE-2024-43567

Windows   Hyper-V ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43575

Windows   Hyper-V ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43532

Remote   Registry Service ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43480

Azure   Service Fabric for Linux Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43571

Sudo for   Windows ÆÛƭ©¶´

¸ßΣ

CVE-2024-43590

Visual C++   Redistributable Installer ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43603

Visual   Studio Collector Service ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43601

Visual   Studio Code for Linux Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43563

Windows   Ancillary Function Driver for WinSock ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43513

BitLocker Äþ¾²¹¦Ð§Èƹý©¶´

¸ßΣ

CVE-2024-43501

Windows   Common Log File System Driver ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43546

Windows   Cryptographic ÐÅϢ鶩¶´

¸ßΣ

CVE-2024-6197

Open   Source Curl Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-37982

Windows   Resume Extensible Firmware Interface Äþ¾²¹¦Ð§Èƹý©¶´

¸ßΣ

CVE-2024-37976

Windows   Resume Extensible Firmware Interface Äþ¾²¹¦Ð§Èƹý©¶´

¸ßΣ

CVE-2024-37983

Windows   Resume Extensible Firmware Interface Äþ¾²¹¦Ð§Èƹý©¶´

¸ßΣ

CVE-2024-30092

Windows   Hyper-V Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43547

Windows   Kerberos ÐÅϢ鶩¶´

¸ßΣ

CVE-2024-38129

Windows   Kerberos ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43502

Windows ÄÚºËÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43511

Windows ÄÚºËÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43520

Windows Äں˾ܾø·þÎñ©¶´

¸ßΣ

CVE-2024-43527

Windows ÄÚºËÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43570

Windows ÄÚºËÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-37979

Windows ÄÚºËÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43554

Windows   Kernel-Mode Driver ÐÅϢ鶩¶´

¸ßΣ

CVE-2024-43535

Windows   Kernel-Mode Driver ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43522

Windows   Local Security Authority (LSA) ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43555

Windows   Mobile Broadband Driver ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43540

Windows   Mobile Broadband Driver ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43536

Windows   Mobile Broadband Driver Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43538

Windows   Mobile Broadband Driver ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43525

Windows   Mobile Broadband Driver Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43559

Windows   Mobile Broadband Driver ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43561

Windows   Mobile Broadband Driver ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43558

Windows   Mobile Broadband Driver ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43542

Windows   Mobile Broadband Driver ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43557

Windows   Mobile Broadband Driver ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43526

Windows   Mobile Broadband Driver Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43543

Windows   Mobile Broadband Driver Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43523

Windows   Mobile Broadband Driver Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43524

Windows   Mobile Broadband Driver Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43537

Windows   Mobile Broadband Driver ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-38124

Windows   Netlogon ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43562

Windows ÍøÂçµØַת»» (NAT) ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43565

Windows ÍøÂçµØַת»» (NAT) ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43553

NT OS ÄÚºËÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43514

Windows   Resilient File System (ReFS) ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43545

Windows   Online Certificate Status Protocol (OCSP) ·þÎñÆ÷¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43529

Windows   Print Spooler ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-38262

Windows   Remote Desktop Licensing Service Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43456

Windows   Remote Desktop Services ¸Ä¶¯Â©¶´

¸ßΣ

CVE-2024-43500

Windows   Resilient File System (ReFS) ÐÅϢ鶩¶´

¸ßΣ

CVE-2024-43592

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43589

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-38212

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43593

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-38261

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43611

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43453

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-38265

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43607

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43549

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43608

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43564

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43584

Windows   Scripting Engine Äþ¾²¹¦Ð§Èƹý©¶´

¸ßΣ

CVE-2024-43550

Windows   Secure Channel ÆÛƭ©¶´

¸ßΣ

CVE-2024-43516

Windows   Secure Kernel Mode ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43528

Windows   Secure Kernel Mode ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43552

Windows   Shell Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43512

Windows   Standards-Based Storage Management Service ¾Ü¾ø·þÎñ©¶´

¸ßΣ

CVE-2024-43551

Windows   Storage ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43560

Microsoft   Windows Storage Port Driver ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43518

Windows   Telephony Server Ô¶³Ì´úÂëÖ´ÐЩ¶´

¸ßΣ

CVE-2024-43583

Winlogon ÌØȨÌáÉý©¶´

¸ßΣ

CVE-2024-43573

Windows   MSHTML Platform ÆÛƭ©¶´

ÖÐΣ

CVE-2024-9369

Chromium£ºCVE-2024-9369 Mojo ÖеÄÊý¾ÝÑéÖ¤²»×ã

δ֪

CVE-2024-9370

Chromium£ºCVE-2024-9370 V8 ÖеIJ»Êʵ±ÊµÏÖ

δ֪

CVE-2024-7025

Chromium£ºCVE-2024-7025 ½á¹¹ÖеÄÕûÊýÒç³ö

δ֪

 

¶þ¡¢Ó°Ï췶Χ

ÊÜÓ°ÏìµÄ²úÎï/¹¦Ð§/·þÎñ/×é¼þ°üÂÞ£º

Role: Windows Hyper-V

Windows Hyper-V

Windows EFI Partition

Windows Kernel

OpenSSH for Windows

Azure Monitor

Windows Netlogon

Windows Kerberos

BranchCache

Azure Stack

Windows Routing and Remote Access Service (RRAS)

.NET and Visual Studio

Windows Remote Desktop Licensing Service

Windows Remote Desktop Services

Microsoft Configuration Manager

Service Fabric

Power BI

.NET, .NET Framework, Visual Studio

Visual Studio Code

DeepSpeed

Windows Resilient File System (ReFS)

Windows Common Log File System Driver

Microsoft Office SharePoint

Microsoft Office Excel

Microsoft Office Visio

Microsoft Graphics Component

Windows Standards-Based Storage Management Service

Windows BitLocker

Windows NTFS

Internet Small Computer Systems Interface (iSCSI)

Windows Secure Kernel Mode

Microsoft ActiveX

Windows Telephony Server

Microsoft WDAC OLE DB provider for SQL

Windows Local Security Authority (LSA)

Windows Mobile Broadband

Windows Print Spooler Components

RPC Endpoint Mapper Service

Remote Desktop Client

Windows Kernel-Mode Drivers

Microsoft Simple Certificate Enrollment Protocol

Windows Online Certificate Status Protocol (OCSP)

Windows Cryptographic Services

Windows Secure Channel

Windows Storage

Windows Shell

Windows NT OS Kernel

Windows Storage Port Driver

Windows Network Address Translation (NAT)

Windows Ancillary Function Driver for WinSock

Sudo for Windows

Microsoft Management Console

Windows MSHTML Platform

Microsoft Windows Speech

Microsoft Office

Windows Remote Desktop

Winlogon

Windows Scripting

Code Integrity Guard

Visual C++ Redistributable Installer

Azure CLI

Visual Studio

Outlook for Android

Microsoft Defender for Endpoint

 

Èý¡¢Äþ¾²´ëÊ©

3.1 Éý¼¶°æ±¾

Ŀǰ΢ÈíÒÑÐû²¼Ïà¹ØÄþ¾²¸üУ¬½¨ÒéÊÜÓ°ÏìµÄÓû§¾¡¿ìÐÞ¸´¡£

£¨Ò»£© Windows Update×Ô¶¯¸üÐÂ

Microsoft UpdateĬÈÏÆôÓ㬵±ÏµÍ³¼ì²âµ½¿ÉÓøüÐÂʱ£¬½«»á×Ô¶¯ÏÂÔظüв¢ÔÚÏÂÒ»´ÎÆô¶¯Ê±°²×°¡£Ò²¿ÉÑ¡Ôñͨ¹ýÒÔϲ½ÖèÊÖ¶¯½øÐиüУº

1¡¢µã»÷¡°¿ªÊ¼²Ëµ¥¡±»ò°´Windows¿ì½Ý¼ü£¬µã»÷½øÈë¡°ÉèÖá±

2¡¢Ñ¡Ôñ¡°¸üкÍÄþ¾²¡±£¬½øÈë¡°Windows¸üС±£¨Windows 8¡¢Windows 8.1¡¢Windows Server 2012ÒÔ¼°Windows Server 2012 R2¿Éͨ¹ý¿ØÖÆÃæ°å½øÈë¡°Windows¸üС±£¬¾ßÌå²½ÖèΪ¡°¿ØÖÆÃæ°å¡±->¡°ÏµÍ³ºÍÄþ¾²¡±->¡°Windows¸üС±£©

3¡¢Ñ¡Ôñ¡°¼ì²é¸üС±£¬ÆÚ´ýϵͳ×Ô¶¯¼ì²é²¢ÏÂÔØ¿ÉÓøüС£

4¡¢¸üÐÂÍê³ÉºóÖØÆô¼ÆËã»ú£¬¿Éͨ¹ý½øÈë¡°Windows¸üС±->¡°¼ì²ì¸üÐÂÀúÊ·¼Ç¼¡±¼ì²ìÊÇ·ñÀֳɰ²×°Á˸üС£¶ÔÓÚûÓÐÀֳɰ²×°µÄ¸üУ¬¿ÉÒÔµã»÷¸Ã¸üÐÂÃû³Æ½øÈë΢Èí¹Ù·½¸üÐÂÃèÊöÁ´½Ó£¬µã»÷×îеÄSSUÃû³Æ²¢ÔÚÐÂÁ´½ÓÖеã»÷¡°Microsoft ¸üÐÂĿ¼¡±£¬È»ºóÔÚÐÂÁ´½ÓÖÐÑ¡ÔñÊÊÓÃÓÚÄ¿±êϵͳµÄ²¹¶¡½øÐÐÏÂÔز¢°²×°¡£

£¨¶þ£© ÊÖ¶¯°²×°¸üÐÂ

Microsoft¹Ù·½ÏÂÔØÏàÓ¦²¹¶¡½øÐиüС£

2024Äê10ÔÂÄþ¾²¸üÐÂÏÂÔØÁ´½Ó£º

https://msrc.microsoft.com/update-guide/releaseNote/2024-Oct

²¹¶¡ÏÂÔØʾÀý£¨²Î¿¼£©£º

1.´ò¿ªÉÏÊöÏÂÔØÁ´½Ó£¬µã»÷©¶´ÁбíÖÐÒªÐÞ¸´µÄCVEÁ´½Ó¡£

image.png

Àý1£ºÎ¢Èí©¶´ÁÐ±í£¨Ê¾Àý£©

2.ÔÚ΢Èíͨ¸æÒ³Ãæµ×²¿×ó²à¡¾²úÎï¡¿ÁÐÑ¡ÔñÏàÓ¦µÄϵͳÀàÐÍ£¬µã»÷ÓҲࡾÏÂÔØ¡¿Áдò¿ª²¹¶¡ÏÂÔØÁ´½Ó¡£

image.png

Àý2£ºCVE-2022-21989²¹¶¡ÏÂÔØʾÀý

3.µã»÷¡¾Äþ¾²¸üС¿£¬´ò¿ª²¹¶¡ÏÂÔØÒ³Ã棬ÏÂÔØÏàÓ¦²¹¶¡²¢½øÐа²×°¡£

image.png

Àý3£º²¹¶¡ÏÂÔؽçÃæ

4.°²×°Íê³ÉºóÖØÆô¼ÆËã»ú¡£

3.2 ÁÙʱ´ëÊ©

ÔÝÎÞ¡£

3.3 ͨÓý¨Òé

l  ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬¼õÉÙϵͳ©¶´£¬ÌáÉý·þÎñÆ÷µÄÄþ¾²ÐÔ¡£

l  ¼ÓǿϵͳºÍÍøÂçµÄ·ÃÎÊ¿ØÖÆ£¬Ð޸ķÀ»ðǽ¼Æı£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻò·þÎñ£¬¼õÉÙ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬¼õÉÙ¹¥»÷Ãæ¡£

l  ʹÓÃÆóÒµ¼¶Äþ¾²²úÎÌáÉýÆóÒµµÄÍøÂçÄþ¾²ÐÔÄÜ¡£

l  ¼ÓǿϵͳÓû§ºÍȨÏÞ¹ÜÀí£¬ÆôÓöàÒòËØÈÏÖ¤»úÖƺÍ×îСȨÏÞÔ­Ôò£¬Óû§ºÍÈí¼þȨÏÞÓ¦±£³ÖÔÚ×îµÍÏ޶ȡ£

l  ÆôÓÃÇ¿ÃÜÂë¼Æı²¢ÉèÖÃΪ¶¨ÆÚÐ޸ġ£

3.4 ²Î¿¼Á´½Ó

https://msrc.microsoft.com/update-guide/releaseNote/2024-Oct

https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2024-patch-tuesday-fixes-5-zero-days-118-flaws/

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43581

 

ËÄ¡¢°æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

±¸×¢

V1.0

2024-10-09

Ê×´ÎÐû²¼

 

 

Îå¡¢¸½Â¼

5.1 ¶«É­Æ½Ì¨¼ò½é

¶«É­Æ½Ì¨½¨Á¢ÓÚ1996Ä꣬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ´´½¨µÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢Äþ¾²¸ß¿Æ¼¼ÆóÒµ¡£ÊǹúÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢Äþ¾²²úÎï¡¢Äþ¾²·þÎñ½â¾ö·½°¸µÄÁ캽ÆóÒµÖ®Ò»¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°¶«É­Æ½Ì¨´óÏ㬹«Ë¾Ô±¹¤6000ÓàÈË£¬Ñз¢ÍŶÓ1200ÓàÈË, ¼¼Êõ·þÎñÍŶÓ1300ÓàÈË¡£ÔÚÈ«¹ú¸÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬ÓµÓÐÁýÕÖÈ«¹úµÄÏúÊÛÌåϵ¡¢ÇþµÀÌåϵºÍ¼¼ÊõÖ§³ÖÌåϵ¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐС°å¹ÒÅÆÉÏÊС££¨¹ÉƱ´úÂ룺002439£©

¶àÄêÀ´£¬¶«É­Æ½Ì¨ÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷´´ÐµÄÄþ¾²²úÎïºÍ×î¼Ñʵ¼ù·þÎñ£¬×ÊÖú¿Í»§È«ÃæÌáÉýÆäIT»ù´¡ÉèÊ©µÄÄþ¾²ÐÔºÍÉú²úЧÄÜ£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Äþ¾²¹¤ÒµÁì¾üÆ·Åƶø²»Ð¸Å¬Á¦¡£

5.2 ¹ØÓÚ¶«É­Æ½Ì¨

¶«É­Æ½Ì¨Äþ¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÒÑÐû²¼1000¶à¸ö©¶´Í¨¸æºÍ·çÏÕÔ¤¾¯£¬ÎÒÃǽ«Á¬Ðø¸ú×ÙÈ«Çò×îеÄÍøÂçÄþ¾²Ê¼þºÍ©¶´£¬ÎªÆóÒµµÄÐÅÏ¢Äþ¾²±£¼Ý»¤º½¡£

¹Ø×¢ÎÒÃÇ£º

image.png