当前位置:首页  安全态势  风险预警

【漏洞预警】网络安全风险预警 第五期 (2022.5.16)

时间:2022-05-16来源:国家信息安全漏洞库点击:222

2022年第5期

【预警类型】高危预警

预警内容微软多个安全漏洞

        近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞75个,影响到微软产品的其他厂商漏洞1个。包括Microsoft Windows LDAP 输入验证错误漏洞(CNNVD-202205-2869、CVE-2022-22012)、Microsoft Windows Network File System 输入验证错误漏洞(CNNVD-202205-2781、CVE-2022-26937)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

        一、 漏洞介绍

        2022年5月10日,微软发布了2022年5月份安全更新,共76个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Windows ALPC、Windows Failover Cluster Automation Server、MicrosoftGraphics Component、Microsoft Excel、Microsoft Windows WLAN Auto Config Service等。CNNVD对其危害等级进行了评价,其中超危漏洞3个,高危漏洞50个,中危漏洞22个,低危漏洞1个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。

        二、漏洞详情

        此次更新共包括73个新增漏洞的补丁程序,其中超危漏洞3个,高危漏洞47个,中危漏洞22个,低危漏洞1个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Microsoft Windows LDAP 输入验证错误漏洞

CNNVD-202205-2869

CVE-2022-22012

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22012

2

Microsoft Windows Network File System 输入验证错误漏洞

CNNVD-202205-2781

CVE-2022-26937

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26937

3

Microsoft Windows LDAP 输入验证错误漏洞

CNNVD-202205-2758

CVE-2022-29130

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29130

4

Microsoft Windows Point-to-Point Tunneling Protocol 竞争条件问题漏洞

CNNVD-202205-2865

CVE-2022-21972

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21972

5

Microsoft Exchange Server 权限许可和访问控制问题漏洞

CNNVD-202205-2736

CVE-2022-21978

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21978

6

Microsoft Windows LDAP 输入验证错误漏洞

CNNVD-202205-2876

CVE-2022-22013

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22013

7

Microsoft Windows LDAP 输入验证错误漏洞

CNNVD-202205-2868

CVE-2022-22014

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22014

8

Microsoft Windows PlayToManager 竞争条件问题漏洞

CNNVD-202205-2873

CVE-2022-22016

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22016

9

Microsoft Remote Desktop Client 输入验证错误漏洞

CNNVD-202205-2872

CVE-2022-22017

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22017

10

Microsoft Windows Remote Procedure Call Runtime 输入验证错误漏洞

CNNVD-202205-2870

CVE-2022-22019

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22019

11

Microsoft Visual Studio和Microsoft .NET 输入验证错误漏洞

CNNVD-202205-2800

CVE-2022-23267

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23267

12

Microsoft Windows Point-to-Point Tunneling Protocol 竞争条件问题漏洞

CNNVD-202205-2863

CVE-2022-23270

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23270

13

Microsoft Windows ALPC 竞争条件问题漏洞

CNNVD-202205-2856

CVE-2022-23279

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23279

15

Microsoft Windows Authentication Methods 安全特征问题漏洞

CNNVD-202205-2853

CVE-2022-26913

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26913

16

Microsoft Windows Active Directory 权限许可和访问控制问题漏洞

CNNVD-202205-2850

CVE-2022-26923

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923

17

Microsoft Local Security Authority Server 安全漏洞

CNNVD-202205-2846

CVE-2022-26925

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925

18

Microsoft Windows Address Book 输入验证错误漏洞

CNNVD-202205-2836

CVE-2022-26926

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26926

19

Microsoft Graphics Component 输入验证错误漏洞

CNNVD-202205-2830

CVE-2022-26927

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26927

20

Microsoft Windows Kerberos 权限许可和访问控制问题漏洞

CNNVD-202205-2812

CVE-2022-26931

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26931

21

Microsoft Windows Storage Spaces Controller 权限许可和访问控制问题漏洞

CNNVD-202205-2804

CVE-2022-26932

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26932

22

Microsoft Windows Storage Spaces Controller 竞争条件问题漏洞

CNNVD-202205-2780

CVE-2022-26938

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26938

23

Microsoft Windows Storage Spaces Controller 竞争条件问题漏洞

CNNVD-202205-2779

CVE-2022-26939

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26939

24

Microsoft Windows Remote Access Connection Manager 权限许可和访问控制问题漏洞

CNNVD-202205-2776

CVE-2022-29103

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29103

25

Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞

CNNVD-202205-2775

CVE-2022-29104

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29104

26

Microsoft Windows Media 输入验证错误漏洞

CNNVD-202205-2774

CVE-2022-29105

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29105

27

Microsoft Hyper-V 竞争条件问题漏洞

CNNVD-202205-2772

CVE-2022-29106

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29106

28

Microsoft SharePoint Server 输入验证错误漏洞

CNNVD-202205-2730

CVE-2022-29108

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29108

29

Microsoft Excel 输入验证错误漏洞

CNNVD-202205-2737

CVE-2022-29109

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29109

30

Microsoft Excel 输入验证错误漏洞

CNNVD-202205-2861

CVE-2022-29110

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29110

31

Microsoft Windows 竞争条件问题漏洞

CNNVD-202205-2769

CVE-2022-29113

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29113

32

Microsoft Windows Fax services 输入验证错误漏洞

CNNVD-202205-2767

CVE-2022-29115

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29115

33

Microsoft Visual Studio和Microsoft .NET 输入验证错误漏洞

CNNVD-202205-2773

CVE-2022-29117

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29117

34

Microsoft Windows Push Notifications 竞争条件问题漏洞

CNNVD-202205-2761

CVE-2022-29125

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29125

35

Microsoft Tablet Windows User Interface 竞争条件问题漏洞

CNNVD-202205-2760

CVE-2022-29126

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29126

36

Microsoft Windows LDAP 输入验证错误漏洞

CNNVD-202205-2759

CVE-2022-29128

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29128

37

Microsoft Windows LDAP 输入验证错误漏洞

CNNVD-202205-2756

CVE-2022-29129

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29129

38

Microsoft Windows LDAP 输入验证错误漏洞

CNNVD-202205-2753

CVE-2022-29131

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29131

39

Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞

CNNVD-202205-2755

CVE-2022-29132

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29132

40

Microsoft Windows Kernel 权限许可和访问控制问题漏洞

CNNVD-202205-2752

CVE-2022-29133

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29133

41

Microsoft Windows Cluster Shared Volume 竞争条件问题漏洞

CNNVD-202205-2751

CVE-2022-29135

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29135

42

Microsoft Windows LDAP 输入验证错误漏洞

CNNVD-202205-2748

CVE-2022-29137

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29137

43

Microsoft Windows Cluster Shared Volume 竞争条件问题漏洞

CNNVD-202205-2750

CVE-2022-29138

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29138

44

Microsoft Windows LDAP 输入验证错误漏洞

CNNVD-202205-2749

CVE-2022-29139

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29139

45

Microsoft Windows LDAP 输入验证错误漏洞

CNNVD-202205-2743

CVE-2022-29141

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29141

46

Microsoft Windows Kernel 竞争条件问题漏洞

CNNVD-202205-2747

CVE-2022-29142

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29142

47

Microsoft Visual Studio和Microsoft .NET 输入验证错误漏洞

CNNVD-202205-2770

CVE-2022-29145

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29145

48

Microsoft Visual Studio 输入验证错误漏洞

CNNVD-202205-2744

CVE-2022-29148

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29148

49

Microsoft Windows Cluster Shared Volume 竞争条件问题漏洞

CNNVD-202205-2742

CVE-2022-29150

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29150

50

Microsoft Windows Cluster Shared Volume 竞争条件问题漏洞

CNNVD-202205-2746

CVE-2022-29151

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29151

51

Microsoft Visual Studio Code 输入验证错误漏洞

CNNVD-202205-2847

CVE-2022-30129

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30129

52

Microsoft Graphics Components 信息泄露漏洞

CNNVD-202205-2877

CVE-2022-22011

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22011

53

Microsoft Windows Remote Desktop Protocol 信息泄露漏洞

CNNVD-202205-2874

CVE-2022-22015

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22015

54

Microsoft Hyper-V 竞争条件问题漏洞

CNNVD-202205-2867

CVE-2022-22713

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22713

55

Microsoft Hyper-V 安全特征问题漏洞

CNNVD-202205-2849

CVE-2022-24466

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24466

56

Microsoft Windows Remote Access Connection Manager 信息泄露漏洞

CNNVD-202205-2823

CVE-2022-26930

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26930

57

Microsoft Windows NTFS 信息泄露漏洞

CNNVD-202205-2794

CVE-2022-26933

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26933

58

Microsoft Graphics Component 信息泄露漏洞

CNNVD-202205-2784

CVE-2022-26934

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26934

59

Microsoft Windows WLAN Auto Config Service 信息泄露漏洞

CNNVD-202205-2783

CVE-2022-26935

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26935

60

Microsoft Windows Server Service 信息泄露漏洞

CNNVD-202205-2782

CVE-2022-26936

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26936

61

Microsoft Remote Desktop Client 信息泄露漏洞

CNNVD-202205-2778

CVE-2022-26940

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26940

62

Windows Failover Cluster Automation Server 信息泄露漏洞

CNNVD-202205-2777

CVE-2022-29102

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29102

63

Microsoft Office 安全特征问题漏洞

CNNVD-202205-2740

CVE-2022-29107

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29107

64

Microsoft Graphics Component 信息泄露漏洞

CNNVD-202205-2771

CVE-2022-29112

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29112

65

Microsoft Windows Print Spooler Components 信息泄露漏洞

CNNVD-202205-2768

CVE-2022-29114

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29114

66

Microsoft Windows Kernel 信息泄露漏洞

CNNVD-202205-2766

CVE-2022-29116

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29116

67

Microsoft Windows Cluster Shared Volume 信息泄露漏洞

CNNVD-202205-2765

CVE-2022-29120

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29120

68

Microsoft Windows WLAN AutoConfig Service 输入验证错误漏洞

CNNVD-202205-2763

CVE-2022-29121

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29121

69

Microsoft Windows Cluster Shared Volume 信息泄露漏洞

CNNVD-202205-2764

CVE-2022-29122

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29122

70

Microsoft Windows Cluster Shared Volume 信息泄露漏洞

CNNVD-202205-2762

CVE-2022-29123

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29123

71

Microsoft Windows BitLocker 安全特征问题漏洞

CNNVD-202205-2757

CVE-2022-29127

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29127

72

Microsoft Windows Cluster Shared Volume 信息泄露漏洞

CNNVD-202205-2754

CVE-2022-29134

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29134

73

Microsoft Windows Print Spooler Components 信息泄露漏洞

CNNVD-202205-2745

CVE-2022-29140

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29140

74

Microsoft .NET Framework 输入验证错误漏洞

CNNVD-202205-2790

CVE-2022-30130

低危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30130



此次更新共包括2个更新漏洞的补丁程序,其中高危漏洞2个。

序号

漏洞名称

CNNVD

编号

CVE

编号

危害等级

官方链接

1

Microsoft Visual Studio 安全漏洞

CNNVD-202204-3059

CVE-2022-24513

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24513

2

Microsoft Windows PowerShell 权限许可和访问控制问题漏洞

CNNVD-202204-3062

CVE-2022-26788

高危

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26788


        此次更新共包括1个影响微软产品的其他厂商漏洞的补丁程序,其中高危漏洞1个。

序号

漏洞

名称

CNNVD编号

CVE

编号

危害等级

厂商

官方链接

1

Google Chrome 安全漏洞

CNNVD-202203-2278

CVE-2022-1096

高危

Google

https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html

        三、修复建议

        目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:

        https://msrc.microsoft.com/update-guide/en-us


    CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn


分享: