雷竞技raybet官网登录|app下载安装到手机

安全公告

2023年微软1月份月度安全漏洞预警

阅读人数： 发布时间：2023/01/11

微软发布2023年1月份安全更新，共披露了98个安全漏洞，其中11个漏洞标记为严重漏洞。攻击者利用漏洞可实现远程代码执行、权限提升、敏感信息泄露，由于漏洞影响面广泛、攻击者价值高。现将受影响的应用整理如下：Microsoft Windows、Microsoft Office 、Microsoft SharePoint、Microsoft Exchange 等组件。

漏洞描述

本次需关注如下存在细节已公开/已出现在野攻击利用的漏洞：

CVE-2023-21674：Windows 高级本地过程调用 (ALPC) 特权提升漏洞

0day漏洞。它允许本地攻击者从 Chromium 内部的沙箱执行中提升权限，目前已发现在野攻击利用，风险高。

CVE-2023-21549：Windows SMB Witness服务特权提升漏洞

攻击者通过执行特制的恶意脚本，该脚本会执行对 RPC 主机的 RPC 调用，这可能会导致在目标服务器端提升权限。目前漏洞细节已公开，风险高。

安全通告信息

影响版本如下：

CVE-2023-21674：Windows 高级本地过程调用 (ALPC) 特权提升漏洞

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems