安全狗应急响应中心监测到,微软发布了2022年12月份安全更新,事件等级:严重,事件评分:10.0。此次安全更新发布了52个漏洞的补丁,主要覆盖了以下组件:Azure; Office and Office Components; SysInternals; Microsoft Edge (Chromium-based); SharePoint Server;.NET framework等等。其中包含6个严重漏洞,43个高危漏洞。其威胁等级高,影响面广泛,攻击者价值高。
漏洞描述
CVE-2022-44698:Windows SmartScreen安全功能绕过漏洞
该漏洞存在于Windows SmartScreen中,可以创建一个文件,以远程逃避Web检测的标记,因此绕过了Microsoft Office中受保护视图之类的安全功能。
CVE-2022-41076 :WindowsPowershell远程代码执行漏洞
该漏洞存在于Windows PowerShell中,这个严重级别的漏洞可能允许经过身份验证的用户绕过 PowerShell 远程会话配置并在受影响的系统上运行未经批准的命令。
CVE-2022-44699:Azure Network Watcher远程代码执行漏洞
该漏洞存在于Azure Network Watcher中,攻击者利用该漏洞可以终止来自网络监控器代理的包捕获。
CVE-2022-44713:Microsoft Outlook for Mac欺骗漏洞
该漏洞存在于Microsoft Outlook for Mac中,此漏洞可能允许攻击者在不应出现的情况下显示为受信任的用户。
安全通告信息
| 漏洞名称 | 微软12月多个漏洞 |
| “严重”漏洞影响版本号 | CVE-2022-41091-Windows Web 查询标记安全功能绕过漏洞 - Windows Server 2022 Datacenter: Azure Edition - Windows Server 2022 - Windows Server 2019 - Windows Server 2016 - Windows 11 for x64-based Systems - Windows 11 for ARM64-based Systems - Windows 10 Version 22H2 for x64-based Systems - Windows 10 Version 22H2 for ARM64-based Systems - Windows 10 Version 22H2 for 32-bit Systems - Windows 10 Version 21H2 for x64-based Systems - Windows 10 Version 21H2 for ARM64-based Systems - Windows 10 Version 21H2 for 32-bit Systems - Windows 10 Version 21H1 for x64-based Systems - Windows 10 Version 21H1 for ARM64-based Systems - Windows 10 Version 21H1 for 32-bit Systems - Windows 10 Version 20H2 for x64-based Systems - Windows 10 Version 20H2 for ARM64-based Systems - Windows 10 Version 20H2 for 32-bit Systems - Windows 10 Version 1809 for x64-based Systems - Windows 10 Version 1809 for ARM64-based Systems - Windows 10 Version 1809 for 32-bit Systems - Windows 10 Version 1607 for x64-based Systems - Windows 10 Version 1607 for 32-bit Systems CVE-2022-44713-Microsoft Outlook for Mac 欺骗漏洞 - Microsoft Office LTSC for Mac 2021 - Microsoft Office 2019 for Mac CVE-2022-41076-PowerShell 远程代码执行漏洞 - Windows Server 2022 Datacenter: Azure Edition - Windows Server 2022 (Server Core installation) - Windows Server 2022 - Windows Server 2019 (Server Core installation) - Windows Server 2019 - Windows Server 2016 (Server Core installation) - Windows Server 2016 - Windows Server 2012 R2 (Server Core installation) - Windows Server 2012 R2 - Windows Server 2012 (Server Core installation) - Windows Server 2012 - Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) - Windows Server 2008 for x64-based Systems Service Pack 2 - Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) - Windows Server 2008 for 32-bit Systems Service Pack 2 - Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) - Windows Server 2008 R2 for x64-based Systems Service Pack 1 - Windows RT 8.1 - Windows 8.1 for x64-based systems - Windows 8.1 for 32-bit systems - Windows 7 for x64-based Systems Service Pack 1 - Windows 7 for 32-bit Systems Service Pack 1 - Windows 11 for x64-based Systems - Windows 11 for ARM64-based Systems - Windows 11 Version 22H2 for x64-based Systems - Windows 11 Version 22H2 for ARM64-based Systems - Windows 10 for x64-based Systems - Windows 10 for 32-bit Systems - Windows 10 Version 22H2 for x64-based Systems - Windows 10 Version 22H2 for ARM64-based Systems - Windows 10 Version 22H2 for 32-bit Systems - Windows 10 Version 21H2 for x64-based Systems - Windows 10 Version 21H2 for ARM64-based Systems - Windows 10 Version 21H2 for 32-bit Systems - Windows 10 Version 21H1 for x64-based Systems - Windows 10 Version 21H1 for ARM64-based Systems - Windows 10 Version 21H1 for 32-bit Systems - Windows 10 Version 20H2 for x64-based Systems - Windows 10 Version 20H2 for ARM64-based Systems - Windows 10 Version 20H2 for 32-bit Systems - Windows 10 Version 1809 for x64-based Systems - Windows 10 Version 1809 for ARM64-based Systems - Windows 10 Version 1809 for 32-bit Systems - Windows 10 Version 1607 for x64-based Systems - Windows 10 Version 1607 for 32-bit Systems - PowerShell 7.3 - PowerShell 7.2 CVE-2022-44699-Azure 网络观察程序代理安全功能绕过漏洞 - Azure Network Watcher VM Extension |
| 漏洞危害等级 | 高危 |
| 厂商是否已发布漏洞补丁 | 是 |
| 版本更新地址 | https://msrc.microsoft.com/update-guide/releaseNote/2022-Dec |
| 安全狗总预警期数 | 255 |
| 安全狗发布预警日期 | 2022年12月15日 |
| 安全狗更新预警日期 | 2022年12月15日 |
| 发布者 | 安全狗海青实验室 |
安全建议
(一)Windows update更新自动更新:Microsoft Update默认启用,当系统检测到可用更新时,将会自动下载更新并在下一次启动时安装。
(二)手动安装更新Microsoft官方下载相应补丁进行更新。
参考链接
https://msrc.microsoft.com/update-guide/releaseNote/2022-Dec
![[附源码]Nodejs计算机毕业设计基于大数据的高校国有固定资产管理及绩效自动评价系统Express(程序+LW)](https://img-blog.csdnimg.cn/7cc84db7a45b4769b5719edf90fc5a30.png)
