雷竞技raybet官网登录|app下载安装到手机

安全公告

当前位置:首页 » 通知公告 » 安全公告

微软10月发布多个产品高危漏洞

阅读人数： 发布时间：2021/10/18

近日，微软发布了2021年10月的例行安全更新公告，共涉及漏洞数71个，其中严重级别漏洞2个，重要级别68个。本次发布涉及Windows操作系统, Office, Windows Exchange Server等多个软件的安全更新。

漏洞描述

在此次公告中以下漏洞需要重点关注：

CVE-2021-40449 - Win32k 特权提升漏洞

该漏洞存在于 Win32k NtGdiResetDC 函数中，攻击者可通过该漏洞进行系统提权，并结合代码执行漏洞来接管系统。

该漏洞CVSS3评分：7.8

漏洞等级：高危

在野利用：是

CVE-2021-38672 / CVE-2021-40461 - Windows Hyper-V 远程执行代码漏洞

成功利用此漏洞需允许恶意来宾 VM 读取主机中的内核内存。如需触发此漏洞，来宾 VM 上需要出现内存分配错误。VM 可利用此错误，从来宾逃逸至主机。

该漏洞CVSS3评分：8.0

漏洞等级：严重

CVE-2021-40486 - Microsoft Word 远程执行代码漏洞

此补丁修复了在系统上查看特制 Word 文档时允许代码执行的错误。尽管该漏洞需要用户交互，但微软提到预览窗格也被列为攻击媒介。

该漏洞CVSS3评分：7.8

漏洞等级：严重

CVE-2021-26427 - Microsoft Exchange Server 远程执行代码漏洞

攻击者可通过相邻网络对目标 Exchange 服务器发起攻击。（注：该漏洞在协议级别仅限于逻辑相邻的拓扑，无法从 Internet 访问）。

该漏洞CVSS3评分：9.0

漏洞等级：高危

漏洞影响版本

CVE-2021-26427：

Microsoft Exchange Server 2019 Cumulative Update 10

Microsoft Exchange Server 2016 Cumulative Update 21

Microsoft Exchange Server 2013 Cumulative Update 23

Microsoft Exchange Server 2019 Cumulative Update 11

Microsoft Exchange Server 2016 Cumulative Update 22

CVE-2021-40449：

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

CVE-2021-40486：

Microsoft Word 2013 Service Pack 1 (64-bit editions)

Microsoft Word 2013 Service Pack 1 (32-bit editions)

Microsoft Word 2013 RT Service Pack 1

Microsoft Office Web Apps Server 2013 Service Pack 1

Microsoft Word 2016 (64-bit edition)

Microsoft Word 2016 (32-bit edition)

Microsoft Office Online Server

Microsoft Office 2019 for 64-bit editions

Microsoft Office 2019 for 32-bit editions

Microsoft SharePoint Server 2019

Microsoft SharePoint Enterprise Server 2013 Service Pack 1

Microsoft SharePoint Enterprise Server 2016

处置措施

微软官方已发布漏洞修复更新，建议您：

1）更新系统补丁：确保服务器打上了所需的补丁，打开Windows Update更新功能或下载修复补丁，点击“检查更新”

2）不要打开来历不明的文件或者链接：避免被攻击者利用在机器上执行恶意代码。