10月13日,8087金沙娱场城应急响应中心(CERT)监测发现,微软9月份补丁日至10月份补丁日共修复漏洞107个,涉及Windows Kernel、Windows exFAT File System、Windows TCP/IP、Windows Win32K、HTTP.sys、Microsoft Dynamics、Microsoft Exchange Server、Microsoft Edge (Chromium-based)等产品。经8087金沙娱场城CERT研判发现,其中共有13个漏洞危害较大,建议客户及时做好资产自查以及漏洞修复工作。
目前微软官方已发布相关安全更新:
https://msrc.microsoft.com/update-guide/releaseNote/2021-Oct
经8087金沙娱场城CERT研判,需重点关注以下漏洞:
其中,Win32k特权提升漏洞(CVE-2021-40449)被发现在野使用,建议客户及时做好资产自查以及漏洞修复工作。
通过Windows安全更新自动安装补丁或手动“检查更新”。
对于不能自动更新的系统版本,可下载对应版本的补丁进行安装:
https://msrc.microsoft.com/update-guide/releaseNote/2021-Oct
NET Core & Visual Studio
Active Directory Federation Services
Console Window Host
HTTP.sys
Microsoft DWM Core Library
Microsoft Dynamics
Microsoft Edge (Chromium-based)
Microsoft Exchange Server
Microsoft Graphics Component
Microsoft Intune
Microsoft Office Excel
Microsoft Office SharePoint
Microsoft Office Visio
Microsoft Office Word
Microsoft Windows Codecs Library
Rich Text Edit Control
DNS Server
Windows Active Directory Server
Windows AD FS Server
Windows Hyper-V
System Center
Visual Studio
Windows AppContainer
Windows AppX Deployment Service
Windows Bind Filter Driver
Windows Cloud Files Mini Filter Driver
Windows Common Log File System Driver
Windows Desktop Bridge
Windows DirectX
Windows Event Tracing
Windows exFAT File System
Windows Fastfat Driver
Windows Installer
Windows Kernel
Windows MSHTML Platform
Windows Nearby Sharing
Windows Network Address Translation (NAT)
Windows Print Spooler Components
Windows Remote Procedure Call Runtime
Windows Storage Spaces Controller
Windows TCP/IP
Windows Text Shaping
https://msrc.microsoft.com/update-guide/releaseNote/2021-Oct