<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8">
<meta name="generator" content="pdf2htmlEX">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<link rel="stylesheet" href="https://static.pudn.com/base/css/base.min.css">
<link rel="stylesheet" href="https://static.pudn.com/base/css/fancy.min.css">
<link rel="stylesheet" href="https://static.pudn.com/prod/directory_preview_static/638f0b1b35aa1e4b190857b6/raw.css">
<script src="https://static.pudn.com/base/js/compatibility.min.js"></script>
<script src="https://static.pudn.com/base/js/pdf2htmlEX.min.js"></script>
<script>
try{
pdf2htmlEX.defaultViewer = new pdf2htmlEX.Viewer({});
}catch(e){}
</script>
<title></title>
</head>
<body>
<div id="sidebar" style="display: none">
<div id="outline">
</div>
</div>
<div id="pf1" class="pf w0 h0" data-page-no="1"><div class="pc pc1 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="https://static.pudn.com/prod/directory_preview_static/638f0b1b35aa1e4b190857b6/bg1.jpg"><div class="c x0 y1 w2 h2"><div class="t m0 x1 h3 y2 ff1 fs0 fc0 sc0 ls0 ws0">【漏洞通告】微软<span class="_ _0"> </span><span class="ff2 sc1">10<span class="_ _0"> </span></span>月多个安全漏洞</div><div class="t m0 x2 h3 y3 ff2 fs0 fc0 sc1 ls0 ws0">1. <span class="ff1 sc0">漏洞概述</span></div><div class="t m0 x3 h3 y4 ff3 fs0 fc0 sc1 ls0 ws0">2022<span class="_ _0"> </span><span class="ff1">年<span class="_ _1"> </span></span>10<span class="_ _0"> </span><span class="ff1">月<span class="_ _0"> </span></span>11<span class="_ _1"> </span><span class="ff1">日,微<span class="_ _2"></span>软发布<span class="_ _2"></span>了<span class="_ _0"> </span></span>10<span class="_ _1"> </span><span class="ff1">月安全<span class="_ _2"></span>更新,<span class="_ _2"></span>此次更<span class="_ _2"></span>新修复<span class="_ _2"></span>了包括<span class="_ _3"> </span></span>2</div><div class="t m0 x1 h3 y5 ff1 fs0 fc0 sc1 ls0 ws0">个<span class="_ _4"> </span><span class="ff3">0<span class="_ _5"></span> <span class="_ _5"></span>day<span class="_ _4"> </span></span>漏<span class="_ _6"> </span>洞<span class="_ _6"> </span>在<span class="_ _6"> </span>内<span class="_ _0"> </span>的<span class="_ _4"> </span><span class="ff3">84<span class="_ _4"> </span></span>个<span class="_ _6"> </span>安<span class="_ _6"> </span>全<span class="_ _6"> </span>漏<span class="_ _6"> </span>洞<span class="_ _0"> </span>(<span class="_ _6"> </span>不<span class="_ _6"> </span>包<span class="_ _6"> </span>括<span class="_ _7"> </span><span class="ff3">10<span class="_ _4"> </span></span>月<span class="_ _4"> </span><span class="ff3">3<span class="_ _4"> </span></span>日<span class="_ _6"> </span>修<span class="_ _6"> </span>复<span class="_ _0"> </span>的<span class="_ _4"> </span><span class="ff3">12<span class="_ _4"> </span></span>个</div><div class="t m0 x1 h3 y6 ff3 fs0 fc0 sc1 ls0 ws0">Microsof<span class="_ _8"></span>t Edge<span class="_ _0"> </span><span class="ff1">漏洞),其中有<span class="_ _0"> </span></span>13<span class="_ _0"> </span><span class="ff1">个漏洞评级为“严重”。</span></div><div class="t m0 x2 h3 y7 ff2 fs0 fc0 sc1 ls0 ws0">2. <span class="ff1 sc0">漏洞详情</span></div><div class="t m0 x3 h3 y8 ff1 fs0 fc0 sc1 ls0 ws0">本<span class="_ _9"> </span>次<span class="_ _9"> </span>发<span class="_ _9"> </span>布<span class="_ _9"> </span>的<span class="_ _9"> </span>安<span class="_ _9"> </span>全<span class="_ _9"> </span>更<span class="_ _9"> </span>新<span class="_ _9"> </span>涉<span class="_ _9"> </span>及<span class="_ _a"> </span><span class="ff3">Active<span class="_ _4"> </span> <span class="_ _b"> </span>Dir<span class="_ _8"></span>ectory<span class="_ _4"> </span> <span class="_ _4"> </span>Domain</span></div><div class="t m0 x1 h3 y9 ff3 fs0 fc0 sc1 ls0 ws0">Services<span class="_ _c"> </span><span class="ff1">、<span class="_ _c"> </span></span>Azur<span class="_ _8"></span>e<span class="_ _c"> </span><span class="ff1">、<span class="_ _c"> </span></span>Micr<span class="_ _8"></span>osoft<span class="_ _d"> </span> <span class="_ _d"> </span>Oce<span class="_ _c"> </span><span class="ff1">、<span class="_ _c"> </span></span>Micro<span class="_ _8"></span>soft<span class="_ _d"> </span> <span class="_ _e"> </span>Oce</div><div class="t m0 x1 h3 ya ff3 fs0 fc0 sc1 ls0 ws0">ShareP<span class="_ _8"></span>oint<span class="ff1">、<span class="_ _f"></span></span>W<span class="_ _8"></span>indows<span class="_ _2"></span> <span class="_ _2"></span>Hyper<span class="_ _8"></span>-<span class="_ _10"></span>V<span class="_ _2"></span><span class="ff1">、<span class="_ _2"></span></span>Visual <span class="_ _2"></span>Studio<span class="_ _2"></span> Code<span class="_ _f"></span><span class="ff1">、<span class="_ _2"></span></span>Windows <span class="_ _2"></span>Active</div><div class="t m0 x1 h3 yb ff3 fs0 fc0 sc1 ls0 ws0">Director<span class="_ _8"></span>y<span class="_ _5"></span> <span class="_ _f"></span>Certi*cate<span class="_ _f"></span> <span class="_ _f"></span>Services<span class="_ _11"> </span><span class="ff1">、<span class="_ _11"></span></span>W<span class="_ _8"></span>indows<span class="_ _f"></span> <span class="_ _f"></span>Defender<span class="_ _11"> </span><span class="ff1">、<span class="_ _5"></span></span>Windows<span class="_ _f"></span> <span class="_ _f"></span>DHCP</div><div class="t m0 x1 h3 yc ff3 fs0 fc0 sc1 ls0 ws0">Client<span class="_ _e"> </span><span class="ff1">、<span class="_ _12"> </span></span>W<span class="_ _8"></span>indows<span class="_"> </span> <span class="_ _13"> </span>Gro<span class="_ _8"></span>up<span class="_"> </span> <span class="_ _13"> </span>P<span class="_ _8"></span>olicy<span class="_ _12"> </span><span class="ff1">、<span class="_ _e"> </span></span>Windows<span class="_ _3"> </span> <span class="_"> </span>K<span class="_ _8"></span>er<span class="_ _8"></span>nel<span class="_ _12"> </span><span class="ff1">、<span class="_ _e"> </span></span>Windows</div><div class="t m0 x1 h3 yd ff3 fs0 fc0 sc1 ls0 ws0">NTFS<span class="_ _14"> </span><span class="ff1">、<span class="_ _14"> </span></span>Windows<span class="_ _7"> </span> <span class="_ _15"> </span>NTLM<span class="_ _14"> </span><span class="ff1">、<span class="_ _16"> </span></span>W<span class="_ _8"></span>indows<span class="_ _15"> </span> <span class="_ _17"> </span>P<span class="_ _8"></span>oint-to<span class="_ _2"></span>-P<span class="_ _8"></span>oint<span class="_ _17"> </span> <span class="_ _17"> </span>T<span class="_ _18"></span>unneling</div><div class="t m0 x1 h3 ye ff3 fs0 fc0 sc1 ls0 ws0">Pr<span class="_ _8"></span>otocol<span class="ff1">、</span>Windows T<span class="_ _10"></span>CP/IP<span class="_ _0"> </span><span class="ff1">和<span class="_ _0"> </span></span>Windows W<span class="_ _8"></span>in32K<span class="_ _0"> </span><span class="ff1">等多个产品和组件。</span></div><div class="t m0 x3 h3 yf ff1 fs0 fc0 sc1 ls0 ws0">本<span class="_ _2"></span>次<span class="_ _f"></span>修<span class="_ _f"></span>复<span class="_ _f"></span>的<span class="_ _1"> </span><span class="ff3">84<span class="_ _3"> </span></span>个<span class="_ _2"></span>漏<span class="_ _f"></span>洞<span class="_ _f"></span>中<span class="_ _2"></span>,<span class="_ _f"></span><span class="ff3">39<span class="_ _3"> </span></span>个<span class="_ _2"></span>为<span class="_ _f"></span>提<span class="_ _2"></span>取<span class="_ _f"></span>漏<span class="_ _f"></span>洞<span class="_ _2"></span>,<span class="_ _f"></span><span class="ff3">20<span class="_ _3"> </span></span>个<span class="_ _2"></span>为<span class="_ _f"></span>远<span class="_ _f"></span>程<span class="_ _2"></span>代<span class="_ _f"></span>码<span class="_ _f"></span>执<span class="_ _2"></span>行<span class="_ _f"></span>漏<span class="_ _f"></span>洞</div></div></div><div class="pi" data-data='{"ctm":[1.611850,0.000000,0.000000,1.611850,0.000000,0.000000]}'></div></div>
</body>
</html>
<div id="pf2" class="pf w0 h0" data-page-no="2"><div class="pc pc2 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="https://static.pudn.com/prod/directory_preview_static/638f0b1b35aa1e4b190857b6/bg2.jpg"><div class="c x0 y1 w2 h2"><div class="t m0 x1 h3 y10 ff3 fs0 fc0 sc1 ls0 ws0">11<span class="_ _0"> </span><span class="ff1">个<span class="_ _2"></span>为信<span class="_ _2"></span>息泄<span class="_ _2"></span>露漏<span class="_ _2"></span>洞,<span class="_ _f"></span></span>8<span class="_ _0"> </span><span class="ff1">个<span class="_ _2"></span>为拒<span class="_ _2"></span>绝服<span class="_ _2"></span>务<span class="_ _2"></span>漏洞<span class="_ _2"></span>,<span class="_ _2"></span></span>2<span class="_ _1"> </span><span class="ff1">个<span class="_ _2"></span>为安<span class="_ _2"></span>全功<span class="_ _2"></span>能绕<span class="_ _2"></span>过漏<span class="_ _2"></span>洞,<span class="_ _2"></span>以及</span></div><div class="t m0 x1 h3 y11 ff3 fs0 fc0 sc1 ls0 ws0">4<span class="_ _0"> </span><span class="ff1">个欺骗漏洞。</span></div><div class="t m0 x3 h3 y12 ff1 fs0 fc0 sc1 ls0 ws0">微<span class="_ _2"></span>软<span class="_ _f"></span>本<span class="_ _2"></span>次<span class="_ _2"></span>共<span class="_ _f"></span>修<span class="_ _2"></span>复<span class="_ _2"></span>了<span class="_ _3"> </span><span class="ff3">2<span class="_ _3"> </span></span>个<span class="_ _0"> </span><span class="ff3">0<span class="_ _2"></span> <span class="_ _2"></span>day<span class="_ _1"> </span></span>漏<span class="_ _f"></span>洞<span class="_ _2"></span>,<span class="_ _f"></span>其<span class="_ _2"></span>中<span class="_ _3"> </span><span class="ff3">CVE-2022-41033<span class="_ _1"> </span></span>已<span class="_ _f"></span>发<span class="_ _2"></span>现<span class="_ _2"></span>被<span class="_ _f"></span>积</div><div class="t m0 x1 h3 y13 ff1 fs0 fc0 sc1 ls0 ws0">极利用,<span class="ff3">CVE-2022-41043<span class="_ _0"> </span></span>已经公开披露。</div><div class="t m0 x3 h3 y14 ff3 fs0 fc0 sc1 ls0 ws0">CVE-2022-41033<span class="_ _11"></span><span class="ff1">:<span class="_ _5"></span></span>Wind<span class="_ _8"></span>ows<span class="_ _5"></span> <span class="_ _f"></span>COM+<span class="_ _2"></span> <span class="_ _5"></span>Event<span class="_ _2"></span> <span class="_ _5"></span>System<span class="_ _f"></span> <span class="_ _f"></span>Service<span class="_"> </span><span class="ff1">特<span class="_ _11"></span>权<span class="_ _5"></span>提</span></div><div class="t m0 x1 h3 y15 ff1 fs0 fc0 sc1 ls0 ws0">升漏洞</div><div class="t m0 x3 h3 y16 ff1 fs0 fc0 sc1 ls0 ws0">该漏<span class="_ _2"></span>洞<span class="_ _2"></span>的<span class="_ _1"> </span><span class="ff3">CVSSv3<span class="_ _1"> </span></span>评分<span class="_ _2"></span>为<span class="_ _1"> </span><span class="ff3">7.8<span class="_ _2"></span></span>,<span class="_ _2"></span>成功<span class="_ _2"></span>利<span class="_ _2"></span>用<span class="_ _2"></span>该漏<span class="_ _2"></span>洞<span class="_ _2"></span>可<span class="_ _2"></span>以获<span class="_ _2"></span>得<span class="_ _1"> </span><span class="ff3">SYSTEM<span class="_ _1"> </span></span>权<span class="_ _2"></span>限<span class="_ _2"></span>。</div><div class="t m0 x1 h3 y17 ff1 fs0 fc0 sc1 ls0 ws0">目前该漏洞暂未公开披露,但已经检测到漏洞利用。</div><div class="t m0 x3 h3 y18 ff3 fs0 fc0 sc1 ls0 ws0">CVE-2022-41043<span class="ff1">:</span>Microsof<span class="_ _8"></span>t Oce <span class="ff1">信息泄露漏洞</span></div><div class="t m0 x3 h3 y19 ff1 fs0 fc0 sc1 ls0 ws0">该漏洞影响了适用于 <span class="_ _2"></span><span class="ff3">Mac 2021 </span>的 <span class="_ _2"></span><span class="ff3">Micr<span class="_ _8"></span>osoft Oce L<span class="_ _18"></span>TSC<span class="_ _0"> </span><span class="ff1">和适用于 <span class="_ _2"></span></span>Mac</span></div><div class="t m0 x1 h3 y1a ff1 fs0 fc0 sc1 ls0 ws0">的<span class="_ _2"></span> <span class="_ _2"></span><span class="ff3">Microsof<span class="_ _8"></span>t<span class="_ _2"></span> Oce<span class="_ _2"></span> 2019<span class="_ _f"></span><span class="ff1">,<span class="_ _2"></span>其<span class="_ _1"> </span></span>CVSSv3<span class="_ _1"> </span><span class="ff1">评<span class="_ _2"></span>分<span class="_ _2"></span>为<span class="_ _3"> </span></span>3.3<span class="_ _2"></span><span class="ff1">,<span class="_ _2"></span>成<span class="_ _2"></span>功<span class="_ _2"></span>利<span class="_ _2"></span>用<span class="_ _2"></span>该<span class="_ _2"></span>漏<span class="_ _f"></span>洞可<span class="_ _2"></span>能<span class="_ _f"></span>会</span></span></div><div class="t m0 x1 h3 y1b ff1 fs0 fc0 sc1 ls0 ws0">导致<span class="_ _2"></span>用<span class="_ _2"></span>户<span class="_ _2"></span>令牌<span class="_ _2"></span>或<span class="_ _2"></span>其<span class="_ _2"></span>它敏<span class="_ _2"></span>感<span class="_ _2"></span>信<span class="_ _2"></span>息被<span class="_ _2"></span>泄<span class="_ _2"></span>露<span class="_ _2"></span>。目<span class="_ _2"></span>前<span class="_ _2"></span>该<span class="_ _2"></span>漏<span class="_ _2"></span>洞暂<span class="_ _2"></span>未<span class="_ _2"></span>检<span class="_ _2"></span>测到<span class="_ _2"></span>漏<span class="_ _2"></span>洞<span class="_ _2"></span>利用<span class="_ _2"></span>,<span class="_ _2"></span>但<span class="_ _2"></span>已</div><div class="t m0 x1 h3 y1c ff1 fs0 fc0 sc1 ls0 ws0">经被公开披露。</div><div class="t m0 x3 h3 y1d ff1 fs0 fc0 sc1 ls0 ws0">微<span class="_ _5"></span>软<span class="_ _5"></span>尚<span class="_ _5"></span>未<span class="_ _5"></span>在<span class="_ _5"></span>本<span class="_ _5"></span>次<span class="_ _5"></span>更<span class="_ _5"></span>新<span class="_ _5"></span>中<span class="_ _5"></span>修<span class="_ _5"></span>复<span class="_ _b"> </span><span class="ff3">Micr<span class="_ _8"></span>osoft<span class="_ _2"></span> <span class="_ _f"></span>Exchange<span class="_ _2"></span> <span class="_ _f"></span>Pr<span class="_ _8"></span>o<span class="_ _8"></span>xyNotShell<span class="_"> </span><span class="ff1">漏<span class="_ _5"></span>洞</span></span></div><div class="t m0 x1 h3 y1e ff3 fs0 fc0 sc1 ls0 ws0">CVE-2022-41040<span class="_ _2"></span><span class="ff1">(<span class="_ _2"></span>特<span class="_ _2"></span>权<span class="_ _f"></span>提升<span class="_ _2"></span>)<span class="_ _f"></span>和<span class="_ _1"> </span></span>CVE-2022-41082<span class="_ _f"></span><span class="ff1">(远<span class="_ _f"></span>程代<span class="_ _2"></span>码<span class="_ _f"></span>执行<span class="_ _2"></span>)<span class="_ _f"></span>,但</span></div></div></div><div class="pi" data-data='{"ctm":[1.611850,0.000000,0.000000,1.611850,0.000000,0.000000]}'></div></div>
<div id="pf3" class="pf w0 h0" data-page-no="3"><div class="pc pc3 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="https://static.pudn.com/prod/directory_preview_static/638f0b1b35aa1e4b190857b6/bg3.jpg"><div class="c x0 y1 w2 h2"><div class="t m0 x1 h3 y10 ff1 fs0 fc0 sc1 ls0 ws0">已经发布了相关安全指南,用户可应用指南中的缓解措施并等待官方补丁发布。</div><div class="t m0 x3 h3 y1f ff1 fs0 fc0 sc1 ls0 ws0">本次更新中值得关注的漏洞包括但不限于:</div><div class="t m0 x3 h3 y20 ff3 fs0 fc0 sc1 ls0 ws0">CVE-2022-37968<span class="_ _f"></span><span class="ff1">:<span class="_ _2"></span>启<span class="_ _f"></span>用<span class="_ _2"></span> <span class="_ _f"></span></span>Azure <span class="_ _2"></span>Ar<span class="_ _8"></span>c<span class="_ _f"></span> <span class="_ _f"></span><span class="ff1">的<span class="_ _2"></span> <span class="_ _f"></span></span>K<span class="_ _8"></span>uber<span class="_ _8"></span>netes<span class="_ _f"></span> <span class="_ _2"></span><span class="ff1">集<span class="_ _f"></span>群<span class="_ _2"></span>连<span class="_ _f"></span>接<span class="_ _2"></span>特<span class="_ _f"></span>权<span class="_ _f"></span>提<span class="_ _2"></span>升</span></div><div class="t m0 x1 h3 y21 ff1 fs0 fc0 sc1 ls0 ws0">漏洞</div><div class="t m0 x3 h3 y22 ff1 fs0 fc0 sc1 ls0 ws0">该<span class="_ _2"></span>漏<span class="_ _f"></span>洞<span class="_ _f"></span>的<span class="_ _1"> </span><span class="ff3">CVSSv3<span class="_ _3"> </span></span>评<span class="_ _2"></span>分<span class="_ _2"></span>为<span class="_ _3"> </span><span class="ff3">10.0<span class="_ _2"></span></span>,<span class="_ _f"></span>影<span class="_ _2"></span>响<span class="_ _f"></span>了<span class="_ _2"></span>启<span class="_ _f"></span>用<span class="_ _2"></span> <span class="_ _f"></span><span class="ff3">Azure <span class="_ _2"></span>Arc <span class="_ _f"></span></span>的<span class="_ _f"></span> <span class="_ _2"></span><span class="ff3">K<span class="_ _8"></span>ubernetes</span></div><div class="t m0 x1 h3 y23 ff1 fs0 fc0 sc1 ls0 ws0">集群<span class="_ _2"></span>的<span class="_ _2"></span>集<span class="_ _2"></span>群连<span class="_ _2"></span>接<span class="_ _2"></span>功<span class="_ _2"></span>能,<span class="_ _2"></span>可<span class="_ _2"></span>能<span class="_ _2"></span>允许<span class="_ _2"></span>未<span class="_ _2"></span>经<span class="_ _2"></span>身份<span class="_ _2"></span>验<span class="_ _2"></span>证<span class="_ _2"></span>的<span class="_ _2"></span>用户<span class="_ _2"></span>提<span class="_ _2"></span>升<span class="_ _2"></span>其权<span class="_ _2"></span>限<span class="_ _2"></span>并<span class="_ _2"></span>可能<span class="_ _2"></span>获<span class="_ _2"></span>得<span class="_ _2"></span>对</div><div class="t m0 x1 h3 y16 ff3 fs0 fc0 sc1 ls0 ws0">K<span class="_ _8"></span>uber<span class="_ _8"></span>netes<span class="_ _2"></span> <span class="ff1">集<span class="_ _2"></span>群的管<span class="_ _2"></span>理控制<span class="_ _2"></span>权。此<span class="_ _2"></span>外,由<span class="_ _2"></span>于 <span class="_ _f"></span></span>Azure Stack Edge <span class="_ _2"></span><span class="ff1">允许<span class="_ _2"></span>客户通</span></div><div class="t m0 x1 h3 y17 ff1 fs0 fc0 sc1 ls0 ws0">过<span class="_ _f"></span> <span class="_ _5"></span><span class="ff3">Azur<span class="_ _8"></span>e<span class="_ _f"></span> <span class="_ _2"></span>Arc<span class="_ _f"></span> <span class="_ _5"></span><span class="ff1">在<span class="_ _f"></span>其<span class="_ _5"></span>设<span class="_ _f"></span>备<span class="_ _5"></span>上<span class="_ _f"></span>部<span class="_ _5"></span>署<span class="_ _f"></span> <span class="_ _5"></span></span>K<span class="_ _8"></span>ubernetes<span class="_ _f"></span> <span class="_ _5"></span><span class="ff1">工<span class="_ _f"></span>作<span class="_ _f"></span>负<span class="_ _5"></span>载<span class="_ _f"></span>,<span class="_ _5"></span>因<span class="_ _f"></span>此<span class="_ _5"></span> <span class="_ _5"></span></span>Azur<span class="_ _8"></span>e<span class="_ _f"></span> <span class="_ _2"></span>Stack</span></div><div class="t m0 x1 h3 y24 ff3 fs0 fc0 sc1 ls0 ws0">Edge <span class="ff1">设备也容易受到该漏洞的影响。</span></div><div class="t m0 x3 h3 y25 ff3 fs0 fc0 sc1 ls0 ws0">CVE-2022-37976<span class="ff1">:</span>Active Dir<span class="_ _8"></span>ectory <span class="ff1">证书服务特权提升漏洞</span></div><div class="t m0 x3 h3 y1a ff1 fs0 fc0 sc1 ls0 ws0">该漏洞的<span class="_ _1"> </span><span class="ff3">CVSSv3<span class="_ _0"> </span></span>评分为<span class="_ _1"> </span><span class="ff3">8.8</span>,只有当<span class="_ _2"></span> <span class="_ _2"></span><span class="ff3">Active Dir<span class="_ _8"></span>ectory <span class="_ _2"></span><span class="ff1">证书服务在<span class="_ _2"></span>域上</span></span></div><div class="t m0 x1 h3 y1b ff1 fs0 fc0 sc1 ls0 ws0">运行<span class="_ _2"></span>时<span class="_ _2"></span>,<span class="_ _2"></span>系统<span class="_ _2"></span>才<span class="_ _2"></span>容<span class="_ _2"></span>易受<span class="_ _2"></span>到<span class="_ _2"></span>攻<span class="_ _2"></span>击,<span class="_ _2"></span>成<span class="_ _2"></span>功<span class="_ _2"></span>利用<span class="_ _2"></span>此<span class="_ _2"></span>漏<span class="_ _2"></span>洞<span class="_ _2"></span>可以<span class="_ _2"></span>获<span class="_ _2"></span>得<span class="_ _2"></span>域管<span class="_ _2"></span>理<span class="_ _2"></span>员<span class="_ _2"></span>权限<span class="_ _2"></span>。<span class="_ _2"></span>该<span class="_ _2"></span>漏</div><div class="t m0 x1 h3 y1c ff1 fs0 fc0 sc1 ls0 ws0">洞影响了多个<span class="_ _0"> </span><span class="ff3">W<span class="_ _8"></span>ind<span class="_ _2"></span>ows Server<span class="_ _0"> </span><span class="ff1">版本,受影响用户可及时安装更新。</span></span></div><div class="t m0 x3 h3 y1d ff3 fs0 fc0 sc1 ls0 ws0">CVE-2022-41038<span class="ff1">:</span>Microsof<span class="_ _8"></span>t ShareP<span class="_ _8"></span>oint Server <span class="ff1">远程代码执行漏洞</span></div><div class="t m0 x3 h3 y26 ff1 fs0 fc0 sc1 ls0 ws0">该<span class="_ _6"> </span>漏<span class="_ _11"> </span>洞<span class="_ _6"> </span>的<span class="_ _4"> </span><span class="ff3">CVSSv3<span class="_ _4"> </span></span>评<span class="_ _11"> </span>分<span class="_ _6"> </span>为<span class="_ _4"> </span><span class="ff3">8.8<span class="_ _6"> </span></span>,<span class="_ _6"> </span>通<span class="_ _6"> </span>过<span class="_ _11"> </span>目<span class="_ _6"> </span>标<span class="_ _6"> </span>网<span class="_ _6"> </span>站<span class="_ _11"> </span>的<span class="_ _6"> </span>身<span class="_ _6"> </span>份<span class="_ _6"> </span>验<span class="_ _11"> </span>证<span class="_ _6"> </span>并<span class="_ _6"> </span>有<span class="_ _6"> </span>权<span class="_ _11"> </span>在</div><div class="t m0 x1 h3 y27 ff3 fs0 fc0 sc1 ls0 ws0">ShareP<span class="_ _8"></span>oint <span class="ff1">中<span class="_ _2"></span>使用<span class="_ _2"></span>管理<span class="_ _2"></span>列<span class="_ _2"></span>表的<span class="_ _2"></span>用户<span class="_ _2"></span>可以<span class="_ _2"></span>在 <span class="_ _f"></span></span>ShareP<span class="_ _8"></span>oint Server <span class="_ _f"></span><span class="ff1">上远程<span class="_ _2"></span>执行<span class="_ _2"></span>代</span></div></div></div><div class="pi" data-data='{"ctm":[1.611850,0.000000,0.000000,1.611850,0.000000,0.000000]}'></div></div>
众至科技10月漏洞通告
