安全通告-微软1月安全更新补丁和多个高危漏洞风险提示-信息技术中心

网络安全

/ 网络安全

网络安全

安全通告-微软1月安全更新补丁和多个高危漏洞风险提示

发布时间：2023-01-12 阅读次数：9701

一、漏洞公告

微软官方发布了1月安全更新公告，包含了微软家族多个软件的安全更新补丁，包括：Microsoft Office、Microsoft Exchange Server、Windows Installer、Windows Kernel、Windows ALPC等多个CVE安全漏洞补丁。请相关用户及时更新对应补丁修复漏洞。

参考链接：

https://msrc.microsoft.com/update-guide/releaseNote/2023-Jan

根据公告，此次更新中修复的Windows Win32内核子系统权限提升漏洞(CVE-2023-21541)、Windows GDI权限提升漏洞(CVE-2023-21552)、Windows高级本地过程调用 (ALPC)权限提升漏洞(CVE-2023-21674)、Windows凭据管理器用户界面权限提升漏洞(CVE-2023-21726)、Windows Ancillary Function Driver for WinSock权限提升漏洞(CVE-2023-21768)风险较大。其中CVE-2023-21674 Windows高级本地过程调用(ALPC)权限提升漏洞存在在野利用，建议尽快安装安全更新补丁或采取临时缓解措施加固系统。

相关链接参考：

https://msrc.microsoft.com/update-guide/vulnerability/

二、影响范围

Windows高级本地过程调用(ALPC)权限提升漏洞（CVE-2023-21674）

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Win32内核子系统权限提升漏洞（CVE-2023-21541）

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows GDI权限提升漏洞（CVE-2023-21552）

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows凭据管理器用户界面权限提升漏洞（CVE-2023-21726）

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Ancillary Function Driver for WinSock权限提升漏洞（CVE-2023-21768）

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows Server 2022

Windows Server 2022 (Server Core installation)

1月安全公告列表，包含的其他漏洞快速阅读指引（非全部）：

https://msrc.microsoft.com/update-guide/releaseNote/2023-Jan

CVE-2023-21538 | .NET 拒绝服务漏洞

CVE-2023-21792 | 3D Builder远程代码执行漏洞

CVE-2023-21780 | 3D Builder远程代码执行漏洞

CVE-2023-21789 | 3D Builder远程代码执行漏洞

CVE-2023-21788 | 3D Builder远程代码执行漏洞

CVE-2023-21787 | 3D Builder远程代码执行漏洞

CVE-2023-21785 | 3D Builder远程代码执行漏洞

CVE-2023-21783 | 3D Builder远程代码执行漏洞

CVE-2023-21781 | 3D Builder远程代码执行漏洞

CVE-2023-21790 | 3D Builder远程代码执行漏洞

CVE-2023-21782 | 3D Builder远程代码执行漏洞

CVE-2023-21793 | 3D Builder远程代码执行漏洞

CVE-2023-21791 | 3D Builder远程代码执行漏洞

CVE-2023-21786 | 3D Builder远程代码执行漏洞

CVE-2023-21784 | 3D Builder远程代码执行漏洞

CVE-2023-21531 | Azure Service Fabric Container特权提升漏洞

CVE-2023-21739 | Windows蓝牙驱动程序特权提升漏洞

CVE-2023-21763 | Microsoft Exchange Server特权提升漏洞

CVE-2023-21745 | Microsoft Exchange Server欺骗漏洞

CVE-2023-21764 | Microsoft Exchange Server特权提升漏洞

CVE-2023-21761 | Microsoft Exchange Server信息泄露漏洞

CVE-2023-21762 | Microsoft Exchange服务器欺骗漏洞

CVE-2023-21552 | Windows GDI特权提升漏洞

CVE-2023-21532 | Windows GDI特权提升漏洞

CVE-2023-21680 | Windows Win32k特权提升漏洞

CVE-2023-21728 | Windows Netlogon拒绝服务漏洞

CVE-2023-21537 | Microsoft Message Queuing(MSMQ)特权提升漏洞

CVE-2023-21735 | Microsoft Office远程代码执行漏洞

CVE-2023-21734 | Microsoft Office远程代码执行漏洞

CVE-2023-21744 | Microsoft SharePoint Server远程代码执行漏洞

CVE-2023-21742 | Microsoft SharePoint Server远程代码执行漏洞

CVE-2023-21743 | Microsoft SharePoint Server安全功能绕过漏洞

CVE-2023-21737 | Microsoft Office Visio远程代码执行漏洞

CVE-2023-21741 | Microsoft Office Visio信息泄露漏洞

CVE-2023-21738 | Microsoft Office Visio远程代码执行漏洞

CVE-2023-21736 | Microsoft Office Visio远程代码执行漏洞

CVE-2023-21681 | Microsoft WDAC OLE DB provider for SQL Server远程代码执行漏洞

CVE-2023-21779 | Visual Studio Code远程代码执行漏洞

CVE-2023-21674 | Windows高级本地过程调用 (ALPC) 特权提升漏洞

CVE-2023-21768 | Windows Ancillary Function Driver for WinSock特权提升漏洞

CVE-2023-21539 | Windows身份验证远程代码执行漏洞

CVE-2023-21752 | Windows备份服务特权提升漏洞

CVE-2023-21733 | Windows绑定筛选器驱动程序特权提升漏洞

CVE-2023-21563 | BitLocker安全功能绕过漏洞

CVE-2023-21560 | Windows启动管理器安全功能绕过漏洞

CVE-2023-21726 | Windows凭据管理器用户界面特权提升漏洞

CVE-2023-21540 | Windows密码信息泄露漏洞

CVE-2023-21550 | Windows密码信息泄露漏洞

CVE-2023-21730 | Microsoft加密服务特权提升漏洞

CVE-2023-21551 | Microsoft加密服务特权提升漏洞

CVE-2023-21559 | Windows密码信息泄露漏洞

CVE-2023-21561 | Microsoft Cryptographic Services特权提升漏洞

CVE-2023-21724 | Microsoft DWM核心库特权提升漏洞

CVE-2023-21558 | Windows Error Reporting Service特权提升漏洞

CVE-2023-21536 | Event Tracing for Windows信息泄漏漏洞

CVE-2023-21758 | Windows Internet密钥交换 (IKE) 扩展拒绝服务漏洞

CVE-2023-21683 | Windows Internet密钥交换 (IKE) 扩展拒绝服务漏洞

CVE-2023-21677 | Windows Internet密钥交换 (IKE) 扩展拒绝服务漏洞

CVE-2023-21542 | Windows Installer特权提升漏洞

CVE-2023-21547 | Internet Key Exchange (IKE) 协议拒绝服务漏洞

CVE-2023-21527 | Windows iSCSI服务拒绝服务漏洞

CVE-2023-21755 | Windows内核特权提升漏洞

CVE-2023-21753 | Window信息泄露漏洞事件追踪

CVE-2023-21556 | Windows第二层隧道协议(L2TP) 远程代码执行漏洞

CVE-2023-21546 | Windows第二层隧道协议 (L2TP) 远程代码执行漏洞

CVE-2023-21679 | Windows第二层隧道协议 (L2TP) 远程代码执行漏洞

CVE-2023-21543 | Windows第二层隧道协议(L2TP) 远程代码执行漏洞

CVE-2023-21555 | Windows第二层隧道协议 (L2TP) 远程代码执行漏洞

CVE-2023-21676 | Windows轻型目录访问协议 (LDAP) 远程代码执行漏洞

CVE-2023-21557 | Windows轻型目录访问协议 (LDAP) 拒绝服务漏洞

CVE-2023-21524 | Windows Local Security Authority (LSA) 特权提升漏洞

CVE-2023-21771 | Windows本地会话管理器 (LSM) 特权提升漏洞

CVE-2023-21725 | Windows Malicious Software Removal Tool特权提升漏洞

CVE-2023-21754 | Windows内核特权提升漏洞

CVE-2023-21746 | Windows NTLM特权提升漏洞

CVE-2023-21732 | Microsoft ODBC驱动程序远程代码执行漏洞

CVE-2023-21767 | Windows Overlay Filter 特权提升漏洞

CVE-2023-21766 | Windows Overlay Filter 信息泄露漏洞

CVE-2023-21682 | Windows点对点协议 (PPP) 信息泄露漏洞

CVE-2023-21765 | Windows后台打印程序特权提升漏洞

CVE-2023-21678 | Windows后台打印程序特权提升漏洞

CVE-2023-21760 | Windows后台打印程序特权提升漏洞

CVE-2023-21757 | Windows第二层隧道协议 (L2TP) 拒绝服务漏洞

CVE-2023-21525 | Remote Procedure Call Runtime拒绝服务漏洞

CVE-2023-21535 | Windows安全套接字隧道协议 (SSTP) 远程代码执行漏洞

CVE-2023-21548 | Windows安全套接字隧道协议 (SSTP) 远程代码执行漏洞

CVE-2023-21759 | Windows Smart Card Resource Management Server安全功能绕过漏洞

CVE-2023-21541 | Windows Task Scheduler特权提升漏洞

CVE-2023-21750 | Windows内核特权提升漏洞

CVE-2023-21772 | Windows内核特权提升漏洞

CVE-2023-21749 | Windows内核特权提升漏洞

CVE-2023-21773 | Windows内核特权提升漏洞

CVE-2023-21748 | Windows内核特权提升漏洞

CVE-2023-21747 | Windows内核特权提升漏洞

CVE-2023-21776 | Windows内核信息泄露漏洞

CVE-2023-21675 | Windows内核特权提升漏洞

CVE-2023-21774 | Windows内核特权提升漏洞

CVE-2023-21549 | Windows SMB Witness Service特权提升漏洞

三、漏洞描述

Windows高级本地过程调用(ALPC)中存在一处权限提升漏洞(CVE-2023-21674)，本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞，成功利用此漏洞可在目标系统上以SYSTEM权限执行任意代码。此漏洞可能导致浏览器沙箱逃逸，并且已发现针对该漏洞的在野利用攻击。

Windows Win32内核子系统中存在一处权限提升漏洞(CVE-2023-21541)，本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞，成功利用此漏洞可在目标系统上以SYSTEM权限执行任意代码。

Windows GDI中存在一处权限提升漏洞(CVE-2023-21552)，本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞，成功利用此漏洞可在目标系统上以SYSTEM权限执行任意代码。

Windows凭据管理器用户界面中存在一处权限提升漏洞(CVE-2023-21726)，本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞，成功利用此漏洞可在目标系统上以SYSTEM权限执行任意代码。

Windows Ancillary Function Driver for WinSock中存在一处权限提升漏洞(CVE-2023-21768)，本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞，成功利用此漏洞可在目标系统上以SYSTEM权限执行任意代码。

四、缓解措施

高危：目前漏洞细节虽未公开，但是恶意攻击者可以通过补丁对比方式分析出漏洞触发点，并进一步开发漏洞利用代码，Microsoft已发布相关安全更新，鉴于漏洞的严重性，建议受影响的用户尽快修复。

（一）Windows 更新：

自动更新：

Microsoft Update默认启用，当系统检测到可用更新时，将会自动下载更新并在下一次启动时安装。

手动更新：

1、点击“开始菜单”或按Windows快捷键，点击进入“设置”。

2、选择“更新和安全”，进入“Windows更新”（Windows 8、Windows 8.1、Windows Server 2012以及Windows Server 2012 R2可通过控制面板进入“Windows更新”，具体步骤为“控制面板”->“系统和安全”->“Windows更新”）。

3、选择“检查更新”，等待系统将自动检查并下载可用更新。

4、重启计算机，安装更新系统重新启动后，可通过进入“Windows更新”->“查看更新历史记录”查看是否成功安装了更新。

（二）目前微软针对支持的产品已发布升级补丁修复了上述漏洞，请用户参考官方通告及时下载更新补丁。

补丁获取：https://msrc.microsoft.com/update-guide/vulnerability

来源：微软官方

TOP