按Enter到主內容區
:::

法務部行政執行署臺南分署:回首頁

:::

微軟釋出5月份安全性更新,修補3個零時差漏洞(CVE-2023-29325、CVE-2023-29336及CVE-2023-24932)與2個高風險漏洞(CVE-2023-24941與CVE-2023-24943),其中2個漏洞已遭駭客利用,請儘速確認並進行更新或評估採取緩解措施。

  • 發布日期:
  • 最後更新日期:112-05-16
  • 資料點閱次數:75

內容說明        微軟於5月份安全性更新中,共修補3個零時差漏洞與2CVSS9.8分高風險漏洞,請儘速確認並進行更新或評估採取緩解措施。

 

1.CVE-2023-29325(CVSS 8.1)為遠端執行任意程式碼漏洞,攻擊者可寄送刻意變造之電子郵件,當受駭者使用Outlook開啟或預覽惡意RTF文件時,便會觸發漏洞進而達到遠端執行任意程式碼。

 

2.CVE-2023-29336(CVSS 7.8)為權限擴張漏洞,已遭駭客利用,發生於Win32K驅動程式,允許已通過身分鑑別之攻擊者,可透過本漏洞取得系統權限。

 

3.CVE-2023-24932(CVSS 6.7)為安全功能繞過漏洞,已遭駭客利用,允許已取得本機管理權限之攻擊者,可透過本漏洞繞過安全開機(Windows Secure Boot)檢查機制,規避偵測或企圖使惡意程式進駐於系統中。

 

4.CVE-2023-24941(CVSS 9.8)為遠端執行任意程式碼漏洞,允許未經身分鑑別之遠端攻擊者,針對網路檔案系統(Network File System, NFS)發送偽造請求,進而達到遠端執行任意程式碼。

 

5.CVE-2023-24943(CVSS 9.8)為遠端執行任意程式碼漏洞,可使攻擊者藉由發送惡意檔案至啟用訊息佇列服務(Message Queuing Service)之實際通用多播(Pragmatic General Multicast)伺服器環境,進而達到遠端執行任意程式碼。

 

影響平台        Windows 10 for 32-bit Systems

 

Windows 10 for x64-based Systems

 

Windows 10 Version 1607 for 32-bit Systems

 

Windows 10 Version 1607 for x64-based Systems

 

Windows 10 Version 1809 for 32-bit Systems

 

Windows 10 Version 1809 for ARM64-based Systems

 

Windows 10 Version 1809 for x64-based Systems

 

Windows 10 Version 20H2 for 32-bit Systems

 

Windows 10 Version 20H2 for ARM64-based Systems

 

Windows 10 Version 20H2 for x64-based Systems

 

Windows 10 Version 21H2 for 32-bit Systems

 

Windows 10 Version 21H2 for ARM64-based Systems

 

Windows 10 Version 21H2 for x64-based Systems

 

Windows 10 Version 22H2 for 32-bit Systems

 

Windows 10 Version 22H2 for ARM64-based Systems

 

Windows 10 Version 22H2 for x64-based Systems

 

Windows 11 version 21H2 for ARM64-based Systems

 

Windows 11 version 21H2 for x64-based Systems

 

Windows 11 Version 22H2 for ARM64-based Systems

 

Windows 11 Version 22H2 for x64-based Systems

 

Windows Server 2008 for 32-bit Systems Service Pack 2

 

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

 

Windows Server 2008 for x64-based Systems Service Pack 2

 

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

 

Windows Server 2008 R2 for x64-based Systems Service Pack 1

 

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

 

Windows Server 2012

 

Windows Server 2012 (Server Core installation)

 

Windows Server 2012 R2

 

Windows Server 2012 R2 (Server Core installation)

 

Windows Server 2016

 

Windows Server 2016 (Server Core installation)

 

Windows Server 2019

 

Windows Server 2019 (Server Core installation)

 

Windows Server 2022

 

Windows Server 2022 (Server Core installation)

 

影響等級               

建議措施        目前微軟官方已針對弱點釋出修復版本,各機關可聯絡系統維護廠商進行修補

回頁首