对于普通用户来说,本月补丁星期二活动发布的 Windows 10 累积更新并没有什么新的内容,主要是对系统安全性进行优化。不过对于 Windows 和 Microsoft Exchange 管理员来说,最近几个月一直非常忙碌,4 月累积更新修复了 5 个零日漏洞和更多的 Exchange 漏洞。
在今天的更新中,微软共计修复了 108 处漏洞,其中 19 个标记为“关键漏洞”(Critial),89 个标记为“重要漏洞”(Important)。而且这些漏洞并不包含本月初发布的 6 个 Chromium Edge 漏洞。
此外,今天微软还修复了 5 个公开披露的零日漏洞,其中 1 个已知用于网络攻击。更糟糕的是,微软修复了 NSA 发现的 4 个关键的 Microsoft Exchange 漏洞。作为今天补丁星期二的一部分,微软已经修复了 4 个公开披露的漏洞和一个主动利用的漏洞。
以下 4 个漏洞微软表示已经公开暴露,但没有证据表明被黑客利用。
CVE-2021-27091 - RPC端点映射器服务权限提升的漏洞
CVE-2021-28312 - Windows NTFS 拒绝服务漏洞
CVE-2021-28437 - Windows 安装程序信息泄露漏洞 - PolarBear
CVE-2021-28458 - Azure ms-rest-nodeauth 库的权限提升漏洞
卡巴斯基研究人员 Boris Larin 发现的以下漏洞已经被黑客组织 BITTER APT 利用。
CVE-2021-28310 - Win32k 提升权限漏洞
卡巴斯基在博文中解释道:“不幸的是,我们无法捕捉到一个完整的链条,所以我们不知道该漏洞是否与另一个浏览器零日配合使用,或者与已知的、打过补丁的漏洞结合在一起使用”。
微软 Exchange 的管理员们并没有得到任何休息,因为今天又有 4 个 NSA 发现的关键远程代码执行漏洞在微软 Exchange 中得到了修复。其中两个漏洞是预认证,这意味着它们不需要攻击者先登录服务器。
CVE-2021-28480--微软Exchange服务器远程代码执行漏洞
CVE-2021-28481 - 微软Exchange服务器远程代码执行漏洞
CVE-2021-28482 - 微软Exchange服务器远程代码执行漏洞
CVE-2021-28483 - 微软Exchange服务器远程代码执行漏洞
完整报告如下
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
Azure AD Web Sign-in | CVE-2021-27092 | Azure AD Web Sign-in Security Feature Bypass Vulnerability | Important |
Azure DevOps | CVE-2021-28459 | Azure DevOps Server Spoofing Vulnerability | Important |
Azure DevOps | CVE-2021-27067 | Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability | Important |
Azure Sphere | CVE-2021-28460 | Azure Sphere Unsigned Code Execution Vulnerability | Critical |
Microsoft Edge (Chromium-based) | CVE-2021-21199 | Chromium: CVE-2021-21199 Use Use after free in Aura | Unknown |
Microsoft Edge (Chromium-based) | CVE-2021-21194 | Chromium: CVE-2021-21194 Use after free in screen capture | Unknown |
Microsoft Edge (Chromium-based) | CVE-2021-21197 | Chromium: CVE-2021-21197 Heap buffer overflow in TabStrip | Unknown |
Microsoft Edge (Chromium-based) | CVE-2021-21198 | Chromium: CVE-2021-21198 Out of bounds read in IPC | Unknown |
Microsoft Edge (Chromium-based) | CVE-2021-21195 | Chromium: CVE-2021-21195 Use after free in V8 | Unknown |
Microsoft Edge (Chromium-based) | CVE-2021-21196 | Chromium: CVE-2021-21196 Heap buffer overflow in TabStrip | Unknown |
Microsoft Exchange Server | CVE-2021-28480 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
Microsoft Exchange Server | CVE-2021-28482 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
Microsoft Exchange Server | CVE-2021-28483 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
Microsoft Exchange Server | CVE-2021-28481 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
Microsoft Graphics Component | CVE-2021-28350 | Windows GDI+ Remote Code Execution Vulnerability | Important |
Microsoft Graphics Component | CVE-2021-28318 | Windows GDI+ Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2021-28348 | Windows GDI+ Remote Code Execution Vulnerability | Important |
Microsoft Graphics Component | CVE-2021-28349 | Windows GDI+ Remote Code Execution Vulnerability | Important |
Microsoft Internet Messaging API | CVE-2021-27089 | Microsoft Internet Messaging API Remote Code Execution Vulnerability | Important |
Microsoft NTFS | CVE-2021-28312 | Windows NTFS Denial of Service Vulnerability | Moderate |
Microsoft NTFS | CVE-2021-27096 | NTFS Elevation of Privilege Vulnerability | Important |
Microsoft Office Excel | CVE-2021-28456 | Microsoft Excel Information Disclosure Vulnerability | Important |
Microsoft Office Excel | CVE-2021-28451 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2021-28454 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2021-28449 | Microsoft Office Remote Code Execution Vulnerability | Important |
Microsoft Office Outlook | CVE-2021-28452 | Microsoft Outlook Memory Corruption Vulnerability | Important |
Microsoft Office SharePoint | CVE-2021-28450 | Microsoft SharePoint Denial of Service Update | Important |
Microsoft Office Word | CVE-2021-28453 | Microsoft Word Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-28464 | VP9 Video Extensions Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-28466 | Raw Image Extension Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-27079 | Windows Media Photo Codec Information Disclosure Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-28468 | Raw Image Extension Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2021-28317 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | Important |
Microsoft Windows DNS | CVE-2021-28323 | Windows DNS Information Disclosure Vulnerability | Important |
Microsoft Windows DNS | CVE-2021-28328 | Windows DNS Information Disclosure Vulnerability | Important |
Microsoft Windows Speech | CVE-2021-28351 | Windows Speech Runtime Elevation of Privilege Vulnerability | Important |
Microsoft Windows Speech | CVE-2021-28436 | Windows Speech Runtime Elevation of Privilege Vulnerability | Important |
Microsoft Windows Speech | CVE-2021-28347 | Windows Speech Runtime Elevation of Privilege Vulnerability | Important |
Open Source Software | CVE-2021-28458 | Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability | Important |
Role: Hyper-V | CVE-2021-28441 | Windows Hyper-V Information Disclosure Vulnerability | Important |
Role: Hyper-V | CVE-2021-28314 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
Role: Hyper-V | CVE-2021-28444 | Windows Hyper-V Security Feature Bypass Vulnerability | Important |
Role: Hyper-V | CVE-2021-26416 | Windows Hyper-V Denial of Service Vulnerability | Important |
Visual Studio | CVE-2021-27064 | Visual Studio Installer Elevation of Privilege Vulnerability | Important |
Visual Studio Code | CVE-2021-28457 | Visual Studio Code Remote Code Execution Vulnerability | Important |
Visual Studio Code | CVE-2021-28471 | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | Important |
Visual Studio Code | CVE-2021-28475 | Visual Studio Code Remote Code Execution Vulnerability | Important |
Visual Studio Code | CVE-2021-28473 | Visual Studio Code Remote Code Execution Vulnerability | Important |
Visual Studio Code | CVE-2021-28477 | Visual Studio Code Remote Code Execution Vulnerability | Important |
Visual Studio Code | CVE-2021-28469 | Visual Studio Code Remote Code Execution Vulnerability | Important |
Visual Studio Code - GitHub Pull Requests and Issues Extension | CVE-2021-28470 | Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | Important |
Visual Studio Code - Kubernetes Tools | CVE-2021-28448 | Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability | Important |
Visual Studio Code - Maven for Java Extension | CVE-2021-28472 | Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability | Important |
Windows Application Compatibility Cache | CVE-2021-28311 | Windows Application Compatibility Cache Denial of Service Vulnerability | Important |
Windows AppX Deployment Extensions | CVE-2021-28326 | Windows AppX Deployment Server Denial of Service Vulnerability | Important |
Windows Console Driver | CVE-2021-28438 | Windows Console Driver Denial of Service Vulnerability | Important |
Windows Console Driver | CVE-2021-28443 | Windows Console Driver Denial of Service Vulnerability | Important |
Windows Diagnostic Hub | CVE-2021-28313 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | Important |
Windows Diagnostic Hub | CVE-2021-28321 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | Important |
Windows Diagnostic Hub | CVE-2021-28322 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | Important |
Windows Early Launch Antimalware Driver | CVE-2021-28447 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | Important |
Windows ELAM | CVE-2021-27094 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | Important |
Windows Event Tracing | CVE-2021-27088 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
Windows Event Tracing | CVE-2021-28435 | Windows Event Tracing Information Disclosure Vulnerability | Important |
Windows Installer | CVE-2021-26413 | Windows Installer Spoofing Vulnerability | Important |
Windows Installer | CVE-2021-28440 | Windows Installer Elevation of Privilege Vulnerability | Important |
Windows Installer | CVE-2021-28437 | Windows Installer Information Disclosure Vulnerability | Important |
Windows Installer | CVE-2021-26415 | Windows Installer Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2021-27093 | Windows Kernel Information Disclosure Vulnerability | Important |
Windows Kernel | CVE-2021-28309 | Windows Kernel Information Disclosure Vulnerability | Important |
Windows Media Player | CVE-2021-28315 | Windows Media Video Decoder Remote Code Execution Vulnerability | Critical |
Windows Media Player | CVE-2021-27095 | Windows Media Video Decoder Remote Code Execution Vulnerability | Critical |
Windows Network File System | CVE-2021-28445 | Windows Network File System Remote Code Execution Vulnerability | Important |
Windows Overlay Filter | CVE-2021-26417 | Windows Overlay Filter Information Disclosure Vulnerability | Important |
Windows Portmapping | CVE-2021-28446 | Windows Portmapping Information Disclosure Vulnerability | Important |
Windows Registry | CVE-2021-27091 | RPC Endpoint Mapper Service Elevation of Privilege Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2021-28336 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
Windows Remote Procedure Call Runtime | CVE-2021-28335 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
Windows Remote Procedure Call Runtime | CVE-2021-28334 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
Windows Remote Procedure Call Runtime | CVE-2021-28338 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
Windows Remote Procedure Call Runtime | CVE-2021-28434 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2021-28337 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
Windows Remote Procedure Call Runtime | CVE-2021-28333 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
Windows Remote Procedure Call Runtime | CVE-2021-28327 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2021-28329 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
Windows Remote Procedure Call Runtime | CVE-2021-28330 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
Windows Remote Procedure Call Runtime | CVE-2021-28332 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
Windows Remote Procedure Call Runtime | CVE-2021-28331 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
Windows Remote Procedure Call Runtime | CVE-2021-28354 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2021-28339 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
Windows Remote Procedure Call Runtime | CVE-2021-28355 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2021-28353 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2021-28352 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2021-28357 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2021-28358 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2021-28356 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2021-28346 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2021-28342 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2021-28340 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2021-28341 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2021-28345 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2021-28344 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2021-28343 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
Windows Resource Manager | CVE-2021-28320 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | Important |
Windows Secure Kernel Mode | CVE-2021-27090 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important |
Windows Services and Controller App | CVE-2021-27086 | Windows Services and Controller App Elevation of Privilege Vulnerability | Important |
Windows SMB Server | CVE-2021-28325 | Windows SMB Information Disclosure Vulnerability | Important |
Windows SMB Server | CVE-2021-28324 | Windows SMB Information Disclosure Vulnerability | Important |
Windows TCP/IP | CVE-2021-28439 | Windows TCP/IP Driver Denial of Service Vulnerability | Important |
Windows TCP/IP | CVE-2021-28442 | Windows TCP/IP Information Disclosure Vulnerability | Important |
Windows TCP/IP | CVE-2021-28319 | Windows TCP/IP Driver Denial of Service Vulnerability | Important |
Windows Win32K | CVE-2021-27072 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K | CVE-2021-28310 | Win32k Elevation of Privilege Vulnerability | Important |
Windows WLAN Auto Config Service | CVE-2021-28316 | Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability | Important |