一、漏洞介绍
近日,微软官方发布了多个安全漏洞的公告,包括Windows Defender安全漏洞(CNNVD-202106-545、CVE-2021-31985)、Microsoft OfficeExcel安全漏洞(CNNVD-202106-503、CVE-2021-31939)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
2021年6月9日,微软发布了2021年6月份安全更新,共49个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Windows操作系统、Net Core、Office、Edge、SharePointServer、Hyper-V、 Visual Studio等。CNNVD对其危害等级进行了评价,其中高危漏洞有15个,中危漏洞34个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。
二、漏洞详情
此次更新共包括49个漏洞的补丁程序,其中高危漏洞有15个,中危漏洞34个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Office Excel 安全漏洞 | CNNVD-202106-503 | CVE-2021-31939 | 高危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31939 |
2 | Microsoft Office 安全漏洞 | CNNVD-202106-504 | CVE-2021-31940 | 高危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31940 |
3 | Microsoft Office 安全漏洞 | CNNVD-202106-500 | CVE-2021-31941 | 高危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31941 |
4 | 3D Viewer 安全漏洞 | CNNVD-202106-518 | CVE-2021-31942 | 高危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31942 |
5 | 3D Viewer 安全漏洞 | CNNVD-202106-517 | CVE-2021-31943 | 高危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31943 |
6 | Paint 3D 安全漏洞 | CNNVD-202106-522 | CVE-2021-31945 | 高危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31945 |
7 | Paint 3D 安全漏洞 | CNNVD-202106-525 | CVE-2021-31946 | 高危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31946 |
8 | Windows NTFS安全漏洞 | CNNVD-202106-515 | CVE-2021-31956 | 高危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31956 |
9 | Windows Kerberos 安全漏洞 | CNNVD-202106-534 | CVE-2021-31962 | 高危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31962 |
10 | Microsoft Windows Codecs Library 安全漏洞 | CNNVD-202106-537 | CVE-2021-31967 | 高危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31967 |
11 | Microsoft Intune 安全漏洞 | CNNVD-202106-535 | CVE-2021-31980 | 高危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31980 |
12 | Paint 3D 安全漏洞 | CNNVD-202106-524 | CVE-2021-31983 | 高危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31983 |
13 | Windows Defender 安全漏洞 | CNNVD-202106-545 | CVE-2021-31985 | 高危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31985 |
14 | Microsoft DWM Core Library 安全漏洞 | CNNVD-202106-498 | CVE-2021-33739 | 高危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33739 |
15 | Windows MSHTML Platform安全漏洞 | CNNVD-202106-497 | CVE-2021-33742 | 高危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742 |
16 | Windows Print Spooler Components 安全漏洞 | CNNVD-202106-513 | CVE-2021-1675 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1675 |
17 | Windows DCOM Server 安全漏洞 | CNNVD-202106-546 | CVE-2021-26414 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26414 |
18 | Microsoft Office SharePoint安全漏洞 | CNNVD-202106-491 | CVE-2021-26420 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26420 |
19 | Windows Cryptographic Services 安全漏洞 | CNNVD-202106-540 | CVE-2021-31199 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31199 |
20 | Windows Cryptographic Services 安全漏洞 | CNNVD-202106-541 | CVE-2021-31201 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31201 |
21 | Visual Studio Code 安全漏洞 | CNNVD-202106-538 | CVE-2021-31938 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31938 |
22 | 3D Viewer 安全漏洞 | CNNVD-202106-521 | CVE-2021-31944 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31944 |
23 | Microsoft Office SharePoint安全漏洞 | CNNVD-202106-490 | CVE-2021-31948 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31948 |
24 | Microsoft Office Outlook 安全漏洞 | CNNVD-202106-499 | CVE-2021-31949 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31949 |
25 | Microsoft Office SharePoint安全漏洞 | CNNVD-202106-492 | CVE-2021-31950 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31950 |
26 | Windows Kernel 安全漏洞 | CNNVD-202106-543 | CVE-2021-31951 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31951 |
27 | Windows Kernel-Mode Drivers安全漏洞 | CNNVD-202106-514 | CVE-2021-31952 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31952 |
28 | Microsoft Windows和Vulnerability 权限许可和访问控制问题漏洞 | CNNVD-202106-509 | CVE-2021-31953 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31953 |
29 | Windows Common Log File System Driver 安全漏洞 | CNNVD-202106-508 | CVE-2021-31954 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31954 |
30 | Windows Kernel 安全漏洞 | CNNVD-202106-516 | CVE-2021-31955 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31955 |
31 | Visual Studio安全漏洞 | CNNVD-202106-495 | CVE-2021-31957 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957 |
32 | Windows NTLM安全漏洞 | CNNVD-202106-512 | CVE-2021-31958 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31958 |
33 | Microsoft Scripting Engine 安全漏洞 | CNNVD-202106-505 | CVE-2021-31959 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31959 |
34 | Windows Bind Filter Driver 安全漏洞 | CNNVD-202106-536 | CVE-2021-31960 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31960 |
35 | Microsoft Office SharePoint安全漏洞 | CNNVD-202106-496 | CVE-2021-31963 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31963 |
36 | Microsoft Office SharePoint安全漏洞 | CNNVD-202106-487 | CVE-2021-31964 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31964 |
37 | Microsoft Office SharePoint安全漏洞 | CNNVD-202106-488 | CVE-2021-31965 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31965 |
38 | Microsoft Office SharePoint安全漏洞 | CNNVD-202106-489 | CVE-2021-31966 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31966 |
39 | Windows Remote Desktop 安全漏洞 | CNNVD-202106-531 | CVE-2021-31968 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31968 |
40 | Windows Drivers 安全漏洞 | CNNVD-202106-527 | CVE-2021-31969 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31969 |
41 | Windows TCP/IP 安全漏洞 | CNNVD-202106-520 | CVE-2021-31970 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31970 |
42 | Windows HTML Platform 安全漏洞 | CNNVD-202106-519 | CVE-2021-31971 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31971 |
43 | Windows Event Logging Service 安全漏洞 | CNNVD-202106-511 | CVE-2021-31972 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31972 |
44 | Windows Installer 安全漏洞 | CNNVD-202106-510 | CVE-2021-31973 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31973 |
45 | Windows Network File System 安全漏洞 | CNNVD-202106-506 | CVE-2021-31974 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31974 |
46 | Windows Network File System 安全漏洞 | CNNVD-202106-507 | CVE-2021-31975 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31975 |
47 | Windows Network File System 安全漏洞 | CNNVD-202106-502 | CVE-2021-31976 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31976 |
48 | Hyper-V 安全漏洞 | CNNVD-202106-501 | CVE-2021-31977 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31977 |
49 | Windows Defender 安全漏洞 | CNNVD-202106-544 | CVE-2021-31978 | 中危 | 目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31978 |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式:cnnvd@itsec.gov.cn
来源:CNNVD安全动态
