雷竞技raybet官网登录|app下载安装到手机

安全公告

微软发布2022年11月安全漏洞通告

阅读人数： 发布时间：2022/11/14

微软官方发布了11月安全更新，更新修复了9月底披露的两个Exchange漏洞（CVE-2022-41040权限提升漏洞和CVE-2022-41082远程代码执行漏洞）等6个0day漏洞在内的68个安全漏洞，其中有11个漏洞评级为“严重”，本次发布涉及.NET Framework、Azure、Linux Kernel、Microsoft Exchange Server、Microsoft Office、Windows Hyper-V、Visual Studio、Windows ALPC、Windows Kerberos、Windows Mark of the Web(MOTW)、Windows Network Address Translation(NAT)、Windows ODBC Driver、Windows Point-to-Point Tunneling Protocol、Windows Print Spooler Components、Windows Scripting和Windows Win32K等多个产品和组件。

建议广大用户及时做好资产自查以及漏洞修复工作。

漏洞描述

以下漏洞被标记为0 day漏洞：

CVE-2022-41128：Windows Scripting Languages远程代码执行漏洞

Windows脚本语言存在远程代码执行漏洞，该漏洞需要受影响的windows的版本用户访问共享服务器，攻击者可通过诱导用户访问恶意的共享服务器或者网站来利用此漏洞，从而在目标系统上执行任意代码。注意，该漏洞正在被广泛利用。

CVE-2022-41091：Windows Mark of the Web安全功能绕过漏洞

将文件下载到运行Windows的设备时，Web标记将添加到文件中，将其源标识为来自Internet。当用户打开带有“Web标记”的文件时，将显示一个安全警告横幅，其中包含“启用内容”按钮。

Windows Web查询标记安全功能存在安全特性绕过漏洞，攻击者可以诱使用户点击恶意链接然后将用户链接到攻击者网站或发送恶意文件给用户，用户点击恶意链接或者打开恶意文件时能绕过Web查询标记。此漏洞已被检测到在野利用。

CVE-2022-41073：Windows Print Spooler特权提升漏洞

Windows打印后台处理程序存在权限提升漏洞。经过身份认证的攻击者可以利用此漏洞将权限提升至SYSTEM权限。此漏洞已被检测到在野利用。

CVE-2022-41125：Windows CNG Key Isolation Service特权提升漏洞

Windows CNG密钥隔离服务存在权限提升漏洞。经过身份认证的攻击者可以利用此漏洞将权限提升至SYSTEM权限。此漏洞已被检测到在野利用。

CVE-2022-41040：Microsoft Exchange Server特权提升漏洞

Microsoft Exchange Server存在权限提升漏洞，经过身份认证的远程攻击者可利用此漏洞绕过相关安全特性，获得在系统上下文中运行PowerShell的权限。配合其他漏洞可对目标发起进一步利用，实现任意代码执行。此漏洞已被检测到在野利用。

CVE-2022-41082：Microsoft Exchange Server远程代码执行漏洞

Microsoft Exchange Server存在远程代码执行漏洞，经过身份验证的攻击者可利用此漏洞在目标系统上执行任意代码。此漏洞已被检测到在野利用。

安全通告信息

漏洞名称	微软11月多个漏洞
“严重”漏洞影响版本号	CVE-2022-41082\|\|CVE-2022-41040 Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2019 Cumulative Update 11 Microsoft Exchange Server 2016 Cumulative Update 22 Microsoft Exchange Server 2013 Cumulative Update 23 CVE-2022-41125 Windows Server 2012 R2(Server Core installation) Windows Server 2012 R2 Windows Server 2012(Server Core installation) Windows Server 2012 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows Server 2016(Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Datacenter:Azure Edition(Hotpatch) Windows Server 2022(Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019(Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-41073 Windows Server 2012 R2(Server Core installation) Windows Server 2012 R2 Windows Server 2012(Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016(Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Datacenter:Azure Edition(Hotpatch) Windows Server 2022(Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019(Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems
漏洞危害等级	高危
厂商是否已发布漏洞补丁	是
版本更新地址	https://msrc.microsoft.com/update-guide/releaseNote/2022-Nov

官方建议

（一）Windows update更新自动更新：Microsoft Update默认启用，当系统检测到可用更新时，将会自动下载更新并在下一次启动时安装。

（二）手动安装更新Microsoft官方下载相应补丁进行更新。https://msrc.microsoft.com/update-guide/releaseNote/2022-Nov。