Last updated at Fri, 14 Jun 2024 14:15:18 GMT

这是 2024年6月补丁星期二. Microsoft is addressing 51 vulnerabilities today, 和 has evidence of public disclosure for just a single one of those. 在撰写本文时,没有列出今天发布的漏洞 中钢协KEV, although this is always subject to change. 微软今天修补了一个关键的远程代码执行(RCE)漏洞. Seven browser vulnerabilities were published separately this month, 和不包括在总数中.

MSMQ:临界RCE

今天唯一修复的关键RCE是 cve - 2024 - 30080 适用于所有当前版本的Windows. 攻击者需要向MSMQ服务器发送特制的恶意数据包, 补丁星期二的观察者会知道哪个是漏洞的长期来源. 像往常一样, Microsoft points out that the Windows message queuing service is not enabled by default; as usual, Rapid7 笔记 许多应用程序——包括Microsoft Exchange——悄悄地将MSMQ引入到它们自己的安装程序中. As is typical of MSMQ RCE vulnerabilities, 由于网络攻击向量,cve - 2024 - 30080获得了很高的CVSSv3基础分数, 低攻击复杂度, 以及缺乏必要的特权. 代码执行大概是在SYSTEM上下文中进行的,尽管通知没有指定.

Office:恶意文件rce

Microsoft Office收到一对rce -via-恶意文件漏洞的补丁. cve - 2024 - 30101 is a vulnerability in Outlook; although the Preview Pane is a vector, 用户随后必须执行未指定的特定操作来触发漏洞,攻击者必须赢得竞争条件. 另一方面, cve - 2024 - 30104 does not have the Preview Pane as a vector, but nevertheless ends up with a slightly higher CVSS base score of 7.8, since exploitation relies solely on the user opening a malicious file.

SharePoint:远端控制设备

This month also brings a patch for SharePoint RCE cve - 2024 - 30100. 该建议没有详细说明,代码开发的背景也不清楚. The weakness is described as CWE-426: Untrusted 搜索 Path; many (but not all) vulnerabilities associated with CWE-426 lead to elevation of privilege.

DNSSEC NSEC3: CPU耗尽DoS

And now for something completely different: cve - 2023 - 50868, which describes a denial of service vulnerability in DNSSEC. This vulnerability is present in the DNSSEC spec itself, 和 the CVE was assigned by MITRE on behalf of DNSSEC. 因此,微软的DNSSEC实现与其他实现一样受到攻击. 攻击者可以通过要求来自dnssec签名区域的响应来耗尽验证dnssec的DNS解析器上的CPU资源, if the resolver uses NSEC3 to respond to the request. NSEC3旨在为验证dnssec的DNS解析器提供一种安全的方式来指示所请求的资源不存在. 在某些情况下, DNS解析器必须执行数千次哈希函数迭代来计算NSEC3响应, 和 this is the foundation on which this DoS exploit rests. All current versions of Windows Server receive a patch today.

通常, 当微软发布安全公告并将漏洞描述为公开披露时, that public disclosure will have been recent. 然而, 在cve - 2023 - 50868的情况下, the flaw in DNSSEC was first publicly disclosed on 2024-02-13. 该报告承认来自德国国家应用网络安全研究中心(ATHENE)的四位学者。, 这也许很有趣,因为这些研究人员是2024年3月一篇学术论文的作者,该论文淡化了cve - 2023 - 50868的DoS潜力. Those same researchers published another DNSSEC flaw cve - 2023 - 50387 (也被称为KeyTrap)在2024年1月, which they describe as having potentially serious implications; Microsoft patched that one at the next scheduled opportunity in February. The cve - 2023 - 50868 advisory published today does not provide further insight as to why this vulnerability wasn’t patched sooner; a reasonable assumption might be that Microsoft assesses cve - 2023 - 50868 as less urgent/critical than cve - 2023 - 50387, 尽管两者在微软的专利严重性排名中都被评为“重要”. 也有可能微软不希望成为唯一一个没有补丁的主要服务器操作系统供应商.

生命周期更新

本月微软产品的生命周期阶段没有重大变化. In July, Microsoft SQL Server 2014 will 从延长支持期结束开始. 从八月起, 微软只保证为选择参与付费扩展安全更新计划的客户提供SQL Server 2014安全更新.

总结图表

一张柱状图显示了2024年6月星期二微软补丁的影响类型的漏洞分布.
What goes up must come down 和/or is an attacker's privilege level.
这张热图显示了微软6月星期二补丁的影响和受影响组件的漏洞分布
没有欺骗. 无安全功能绕过. Plenty of elevation of privilege though.


汇总表

Azure的漏洞

CVE Title 利用? 公开披露? CVSSv3基本分数
cve - 2024 - 37325 Azure Science虚拟机(DSVM)特权提升漏洞 No No 8.1
cve - 2024 - 35252 Azure Storage Movement Client Library Denial of Service 脆弱性 No No 7.5
cve - 2024 - 35254 Azure Monitor Agent Elevation of Privilege 脆弱性 No No 7.1
cve - 2024 - 35255 Azure身份库和Microsoft身份验证库特权提升漏洞 No No 5.5
cve - 2024 - 35253 Microsoft Azure File Sync Elevation of Privilege 脆弱性 No No 4.4

浏览器的漏洞

CVE Title 利用? 公开披露? CVSSv3基本分数
cve - 2024 - 5499 Chromium: cve - 2024 - 5499 Out of bounds write in Streams API No No N/A
cve - 2024 - 5498 Chromium: cve - 2024 - 5498 Use after free in Presentation API No No N/A
cve - 2024 - 5497 Chromium: cve - 2024 - 5497 Out of bounds memory access in Keyboard Inputs No No N/A
cve - 2024 - 5496 Chromium: cve - 2024 - 5496 Use after free in Media Session No No N/A
cve - 2024 - 5495 Chromium: cve - 2024 - 5495 Use after free in Dawn No No N/A
cve - 2024 - 5494 Chromium: cve - 2024 - 5494 Use after free in Dawn No No N/A
cve - 2024 - 5493 Chromium: cve - 2024 - 5493 Heap buffer overflow in WebRTC No No N/A

开发人员工具漏洞

CVE Title 利用? 公开披露? CVSSv3基本分数
cve - 2024 - 29187 GitHub: cve - 2024 - 29187基于WiX burn的包在作为SYSTEM运行时容易受到二进制劫持 No No 7.3
cve - 2024 - 29060 Visual Studio Elevation of Privilege 脆弱性 No No 6.7
cve - 2024 - 30052 Visual Studio Remote Code Execution 脆弱性 No No 4.7

静电单位漏洞

CVE Title 利用? 公开披露? CVSSv3基本分数
cve - 2024 - 30074 Windows链路层拓扑发现协议远程代码执行漏洞 No No 8
cve - 2024 - 30075 Windows链路层拓扑发现协议远程代码执行漏洞 No No 8

Microsoft Dynamics漏洞

CVE Title 利用? 公开披露? CVSSv3基本分数
cve - 2024 - 35249 Microsoft Dynamics 365 Business Central远程代码执行漏洞 No No 8.8
cve - 2024 - 35248 Microsoft Dynamics 365 Business Central特权提升漏洞 No No 7.3
cve - 2024 - 35263 Microsoft Dynamics 365(本地)信息泄露漏洞 No No 5.7

Microsoft Office漏洞

CVE Title 利用? 公开披露? CVSSv3基本分数
cve - 2024 - 30103 Microsoft Outlook Remote Code Execution 脆弱性 No No 8.8
cve - 2024 - 30100 Microsoft SharePoint Server Remote Code Execution 脆弱性 No No 7.8
cve - 2024 - 30104 Microsoft Office Remote Code Execution 脆弱性 No No 7.8
cve - 2024 - 30101 Microsoft Office Remote Code Execution 脆弱性 No No 7.5
cve - 2024 - 30102 Microsoft Office Remote Code Execution 脆弱性 No No 7.3

Windows操作系统漏洞

CVE Title 利用? 公开披露? CVSSv3基本分数
cve - 2024 - 30064 Windows Kernel Elevation of Privilege 脆弱性 No No 8.8
cve - 2024 - 30068 Windows Kernel Elevation of Privilege 脆弱性 No No 8.8
cve - 2024 - 30097 微软语音应用程序编程接口(SAPI)远程代码执行漏洞 No No 8.8
cve - 2024 - 30085 Windows Cloud Files迷你过滤器驱动程序特权提升漏洞 No No 7.8
cve - 2024 - 30089 Microsoft Streaming Service Elevation of Privilege 脆弱性 No No 7.8
cve - 2024 - 30072 微软事件跟踪日志文件解析远程代码执行漏洞 No No 7.8
cve - 2024 - 35265 Windows Perception Service Elevation of Privilege 脆弱性 No No 7
cve - 2024 - 30088 Windows Kernel Elevation of Privilege 脆弱性 No No 7
cve - 2024 - 30099 Windows Kernel Elevation of Privilege 脆弱性 No No 7
cve - 2024 - 30076 Windows Container 经理 Service Elevation of Privilege 脆弱性 No No 6.8
cve - 2024 - 30096 Windows Cryptographic 服务 Information Disclosure 脆弱性 No No 5.5
cve - 2024 - 30069 Windows远程访问连接管理器信息泄露漏洞 No No 4.7

Windows ESU漏洞

CVE Title 利用? 公开披露? CVSSv3基本分数
cve - 2024 - 30080 Microsoft Message Queuing (MSMQ) Remote Code Execution 脆弱性 No No 9.8
cve - 2024 - 30078 Windows Wi-Fi Driver Remote Code Execution 脆弱性 No No 8.8
cve - 2024 - 30077 Windows OLE Remote Code Execution 脆弱性 No No 8
cve - 2024 - 30086 Windows Win32 Kernel Subsystem Elevation of Privilege 脆弱性 No No 7.8
cve - 2024 - 30062 基于Windows标准的存储管理服务远程代码执行漏洞 No No 7.8
cve - 2024 - 30094 Windows路由和远程访问服务(RRAS)远程代码执行漏洞 No No 7.8
cve - 2024 - 30095 Windows路由和远程访问服务(RRAS)远程代码执行漏洞 No No 7.8
cve - 2024 - 35250 Windows Kernel-Mode Driver Elevation of Privilege 脆弱性 No No 7.8
cve - 2024 - 30082 Win32k Elevation of Privilege 脆弱性 No No 7.8
cve - 2024 - 30087 Win32k Elevation of Privilege 脆弱性 No No 7.8
cve - 2024 - 30091 Win32k Elevation of Privilege 脆弱性 No No 7.8
cve - 2024 - 30083 Windows标准存储管理服务拒绝服务漏洞 No No 7.5
cve - 2023 - 50868 MITRE: cve - 2023 - 50868 NSEC3 closest encloser proof can exhaust CPU No 是的 7.5
cve - 2024 - 30070 DHCP Server Service Denial of Service 脆弱性 No No 7.5
cve - 2024 - 30093 Windows Storage Elevation of Privilege 脆弱性 No No 7.3
cve - 2024 - 30084 Windows Kernel-Mode Driver Elevation of Privilege 脆弱性 No No 7
cve - 2024 - 30090 Microsoft Streaming Service Elevation of Privilege 脆弱性 No No 7
cve - 2024 - 30063 Windows Distributed File System (DFS) Remote Code Execution 脆弱性 No No 6.7
cve - 2024 - 30066 Winlogon Elevation of Privilege 脆弱性 No No 5.5
cve - 2024 - 30067 Winlogon Elevation of Privilege 脆弱性 No No 5.5
cve - 2024 - 30065 Windows Themes Denial of Service 脆弱性 No No 5.5

更新

  • 2024-06-12: Corrected a typo in a reference to cve - 2023 - 50868.

永远不要错过新出现的威胁

第一时间了解最新的漏洞和网络安全新闻.