在今天的更新中,微软共计修复了 108 处漏洞,其中 19 个标记为“关键漏洞”(Critial),89 个标记为“重要漏洞”(Important)。而且这些漏洞并不包含本月初发布的 6 个 Chromium Edge 漏洞。
此外,今天微软还修复了 5 个公开披露的零日漏洞,其中 1 个已知用于网络攻击。更糟糕的是,微软修复了 NSA 发现的 4 个关键的 Microsoft Exchange 漏洞。作为今天补丁星期二的一部分,微软已经修复了 4 个公开披露的漏洞和一个主动利用的漏洞。
以下 4 个漏洞微软表示已经公开暴露,但没有证据表明被黑客利用。
CVE-2021-27091 - RPC端点映射器服务权限提升的漏洞
CVE-2021-28312 - Windows NTFS 拒绝服务漏洞
CVE-2021-28437 - Windows 安装程序信息泄露漏洞 - PolarBear
CVE-2021-28458 - Azure ms-rest-nodeauth 库的权限提升漏洞
卡巴斯基研究人员 Boris Larin 发现的以下漏洞已经被黑客组织 BITTER APT 利用。
CVE-2021-28310 - Win32k 提升权限漏洞
卡巴斯基在博文中解释道:“不幸的是,我们无法捕捉到一个完整的链条,所以我们不知道该漏洞是否与另一个浏览器零日配合使用,或者与已知的、打过补丁的漏洞结合在一起使用”。
微软 Exchange 的管理员们并没有得到任何休息,因为今天又有 4 个 NSA 发现的关键远程代码执行漏洞在微软 Exchange 中得到了修复。其中两个漏洞是预认证,这意味着它们不需要攻击者先登录服务器。
CVE-2021-28480--微软Exchange服务器远程代码执行漏洞
CVE-2021-28481 - 微软Exchange服务器远程代码执行漏洞
CVE-2021-28482 - 微软Exchange服务器远程代码执行漏洞
CVE-2021-28483 - 微软Exchange服务器远程代码执行漏洞
完整报告如下
TagCVE IDCVE TitleSeverityAzure AD Web Sign-inCVE-2021-27092Azure AD Web Sign-in Security Feature Bypass VulnerabilityImportantAzure DevOpsCVE-2021-28459Azure DevOps Server Spoofing VulnerabilityImportantAzure DevOpsCVE-2021-27067Azure DevOps Server and Team Foundation Server Information Disclosure VulnerabilityImportantAzure SphereCVE-2021-28460Azure Sphere Unsigned Code Execution VulnerabilityCriticalMicrosoft Edge (Chromium-based)CVE-2021-21199Chromium: CVE-2021-21199 Use Use after free in AuraUnknownMicrosoft Edge (Chromium-based)CVE-2021-21194Chromium: CVE-2021-21194 Use after free in screen captureUnknownMicrosoft Edge (Chromium-based)CVE-2021-21197Chromium: CVE-2021-21197 Heap buffer overflow in TabStripUnknownMicrosoft Edge (Chromium-based)CVE-2021-21198Chromium: CVE-2021-21198 Out of bounds read in IPCUnknownMicrosoft Edge (Chromium-based)CVE-2021-21195Chromium: CVE-2021-21195 Use after free in V8UnknownMicrosoft Edge (Chromium-based)CVE-2021-21196Chromium: CVE-2021-21196 Heap buffer overflow in TabStripUnknownMicrosoft Exchange ServerCVE-2021-28480Microsoft Exchange Server Remote Code Execution VulnerabilityCriticalMicrosoft Exchange ServerCVE-2021-28482Microsoft Exchange Server Remote Code Execution VulnerabilityCriticalMicrosoft Exchange ServerCVE-2021-28483Microsoft Exchange Server Remote Code Execution VulnerabilityCriticalMicrosoft Exchange ServerCVE-2021-28481Microsoft Exchange Server Remote Code Execution VulnerabilityCriticalMicrosoft Graphics ComponentCVE-2021-28350Windows GDI+ Remote Code Execution VulnerabilityImportantMicrosoft Graphics ComponentCVE-2021-28318Windows GDI+ Information Disclosure VulnerabilityImportantMicrosoft Graphics ComponentCVE-2021-28348Windows GDI+ Remote Code Execution VulnerabilityImportantMicrosoft Graphics ComponentCVE-2021-28349Windows GDI+ Remote Code Execution VulnerabilityImportantMicrosoft Internet Messaging APICVE-2021-27089Microsoft Internet Messaging API Remote Code Execution VulnerabilityImportantMicrosoft NTFSCVE-2021-28312Windows NTFS Denial of Service VulnerabilityModerateMicrosoft NTFSCVE-2021-27096NTFS Elevation of Privilege VulnerabilityImportantMicrosoft Office ExcelCVE-2021-28456Microsoft Excel Information Disclosure VulnerabilityImportantMicrosoft Office ExcelCVE-2021-28451Microsoft Excel Remote Code Execution VulnerabilityImportantMicrosoft Office ExcelCVE-2021-28454Microsoft Excel Remote Code Execution VulnerabilityImportantMicrosoft Office ExcelCVE-2021-28449Microsoft Office Remote Code Execution VulnerabilityImportantMicrosoft Office OutlookCVE-2021-28452Microsoft Outlook Memory Corruption VulnerabilityImportantMicrosoft Office SharePointCVE-2021-28450Microsoft SharePoint Denial of Service UpdateImportantMicrosoft Office WordCVE-2021-28453Microsoft Word Remote Code Execution VulnerabilityImportantMicrosoft Windows Codecs LibraryCVE-2021-28464VP9 Video Extensions Remote Code Execution VulnerabilityImportantMicrosoft Windows Codecs LibraryCVE-2021-28466Raw Image Extension Remote Code Execution VulnerabilityImportantMicrosoft Windows Codecs LibraryCVE-2021-27079Windows Media Photo Codec Information Disclosure VulnerabilityImportantMicrosoft Windows Codecs LibraryCVE-2021-28468Raw Image Extension Remote Code Execution VulnerabilityImportantMicrosoft Windows Codecs LibraryCVE-2021-28317Microsoft Windows Codecs Library Information Disclosure VulnerabilityImportantMicrosoft Windows DNSCVE-2021-28323Windows DNS Information Disclosure VulnerabilityImportantMicrosoft Windows DNSCVE-2021-28328Windows DNS Information Disclosure VulnerabilityImportantMicrosoft Windows SpeechCVE-2021-28351Windows Speech Runtime Elevation of Privilege VulnerabilityImportantMicrosoft Windows SpeechCVE-2021-28436Windows Speech Runtime Elevation of Privilege VulnerabilityImportantMicrosoft Windows SpeechCVE-2021-28347Windows Speech Runtime Elevation of Privilege VulnerabilityImportantOpen Source SoftwareCVE-2021-28458Azure ms-rest-nodeauth Library Elevation of Privilege VulnerabilityImportantRole: Hyper-VCVE-2021-28441Windows Hyper-V Information Disclosure VulnerabilityImportantRole: Hyper-VCVE-2021-28314Windows Hyper-V Elevation of Privilege VulnerabilityImportantRole: Hyper-VCVE-2021-28444Windows Hyper-V Security Feature Bypass VulnerabilityImportantRole: Hyper-VCVE-2021-26416Windows Hyper-V Denial of Service VulnerabilityImportantVisual StudioCVE-2021-27064Visual Studio Installer Elevation of Privilege VulnerabilityImportantVisual Studio CodeCVE-2021-28457Visual Studio Code Remote Code Execution VulnerabilityImportantVisual Studio CodeCVE-2021-28471Remote Development Extension for Visual Studio Code Remote Code Execution VulnerabilityImportantVisual Studio CodeCVE-2021-28475Visual Studio Code Remote Code Execution VulnerabilityImportantVisual Studio CodeCVE-2021-28473Visual Studio Code Remote Code Execution VulnerabilityImportantVisual Studio CodeCVE-2021-28477Visual Studio Code Remote Code Execution VulnerabilityImportantVisual Studio CodeCVE-2021-28469Visual Studio Code Remote Code Execution VulnerabilityImportantVisual Studio Code - GitHub Pull Requests and Issues ExtensionCVE-2021-28470Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution VulnerabilityImportantVisual Studio Code - Kubernetes ToolsCVE-2021-28448Visual Studio Code Kubernetes Tools Remote Code Execution VulnerabilityImportantVisual Studio Code - Maven for Java ExtensionCVE-2021-28472Visual Studio Code Maven for Java Extension Remote Code Execution VulnerabilityImportantWindows Application Compatibility CacheCVE-2021-28311Windows Application Compatibility Cache Denial of Service VulnerabilityImportantWindows AppX Deployment ExtensionsCVE-2021-28326Windows AppX Deployment Server Denial of Service VulnerabilityImportantWindows Console DriverCVE-2021-28438Windows Console Driver Denial of Service VulnerabilityImportantWindows Console DriverCVE-2021-28443Windows Console Driver Denial of Service VulnerabilityImportantWindows Diagnostic HubCVE-2021-28313Diagnostics Hub Standard Collector Service Elevation of Privilege VulnerabilityImportantWindows Diagnostic HubCVE-2021-28321Diagnostics Hub Standard Collector Service Elevation of Privilege VulnerabilityImportantWindows Diagnostic HubCVE-2021-28322Diagnostics Hub Standard Collector Service Elevation of Privilege VulnerabilityImportantWindows Early Launch Antimalware DriverCVE-2021-28447Windows Early Launch Antimalware Driver Security Feature Bypass VulnerabilityImportantWindows ELAMCVE-2021-27094Windows Early Launch Antimalware Driver Security Feature Bypass VulnerabilityImportantWindows Event TracingCVE-2021-27088Windows Event Tracing Elevation of Privilege VulnerabilityImportantWindows Event TracingCVE-2021-28435Windows Event Tracing Information Disclosure VulnerabilityImportantWindows InstallerCVE-2021-26413Windows Installer Spoofing VulnerabilityImportantWindows InstallerCVE-2021-28440Windows Installer Elevation of Privilege VulnerabilityImportantWindows InstallerCVE-2021-28437Windows Installer Information Disclosure VulnerabilityImportantWindows InstallerCVE-2021-26415Windows Installer Elevation of Privilege VulnerabilityImportantWindows KernelCVE-2021-27093Windows Kernel Information Disclosure VulnerabilityImportantWindows KernelCVE-2021-28309Windows Kernel Information Disclosure VulnerabilityImportantWindows Media PlayerCVE-2021-28315Windows Media Video Decoder Remote Code Execution VulnerabilityCriticalWindows Media PlayerCVE-2021-27095Windows Media Video Decoder Remote Code Execution VulnerabilityCriticalWindows Network File SystemCVE-2021-28445Windows Network File System Remote Code Execution VulnerabilityImportantWindows Overlay FilterCVE-2021-26417Windows Overlay Filter Information Disclosure VulnerabilityImportantWindows PortmappingCVE-2021-28446Windows Portmapping Information Disclosure VulnerabilityImportantWindows RegistryCVE-2021-27091RPC Endpoint Mapper Service Elevation of Privilege VulnerabilityImportantWindows Remote Procedure Call RuntimeCVE-2021-28336Remote Procedure Call Runtime Remote Code Execution VulnerabilityCriticalWindows Remote Procedure Call RuntimeCVE-2021-28335Remote Procedure Call Runtime Remote Code Execution VulnerabilityCriticalWindows Remote Procedure Call RuntimeCVE-2021-28334Remote Procedure Call Runtime Remote Code Execution VulnerabilityCriticalWindows Remote Procedure Call RuntimeCVE-2021-28338Remote Procedure Call Runtime Remote Code Execution VulnerabilityCriticalWindows Remote Procedure Call RuntimeCVE-2021-28434Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportantWindows Remote Procedure Call RuntimeCVE-2021-28337Remote Procedure Call Runtime Remote Code Execution VulnerabilityCriticalWindows Remote Procedure Call RuntimeCVE-2021-28333Remote Procedure Call Runtime Remote Code Execution VulnerabilityCriticalWindows Remote Procedure Call RuntimeCVE-2021-28327Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportantWindows Remote Procedure Call RuntimeCVE-2021-28329Remote Procedure Call Runtime Remote Code Execution VulnerabilityCriticalWindows Remote Procedure Call RuntimeCVE-2021-28330Remote Procedure Call Runtime Remote Code Execution VulnerabilityCriticalWindows Remote Procedure Call RuntimeCVE-2021-28332Remote Procedure Call Runtime Remote Code Execution VulnerabilityCriticalWindows Remote Procedure Call RuntimeCVE-2021-28331Remote Procedure Call Runtime Remote Code Execution VulnerabilityCriticalWindows Remote Procedure Call RuntimeCVE-2021-28354Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportantWindows Remote Procedure Call RuntimeCVE-2021-28339Remote Procedure Call Runtime Remote Code Execution VulnerabilityCriticalWindows Remote Procedure Call RuntimeCVE-2021-28355Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportantWindows Remote Procedure Call RuntimeCVE-2021-28353Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportantWindows Remote Procedure Call RuntimeCVE-2021-28352Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportantWindows Remote Procedure Call RuntimeCVE-2021-28357Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportantWindows Remote Procedure Call RuntimeCVE-2021-28358Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportantWindows Remote Procedure Call RuntimeCVE-2021-28356Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportantWindows Remote Procedure Call RuntimeCVE-2021-28346Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportantWindows Remote Procedure Call RuntimeCVE-2021-28342Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportantWindows Remote Procedure Call RuntimeCVE-2021-28340Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportantWindows Remote Procedure Call RuntimeCVE-2021-28341Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportantWindows Remote Procedure Call RuntimeCVE-2021-28345Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportantWindows Remote Procedure Call RuntimeCVE-2021-28344Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportantWindows Remote Procedure Call RuntimeCVE-2021-28343Remote Procedure Call Runtime Remote Code Execution VulnerabilityCriticalWindows Resource ManagerCVE-2021-28320Windows Resource Manager PSM Service Extension Elevation of Privilege VulnerabilityImportantWindows Secure Kernel ModeCVE-2021-27090Windows Secure Kernel Mode Elevation of Privilege VulnerabilityImportantWindows Services and Controller AppCVE-2021-27086Windows Services and Controller App Elevation of Privilege VulnerabilityImportantWindows SMB ServerCVE-2021-28325Windows SMB Information Disclosure VulnerabilityImportantWindows SMB ServerCVE-2021-28324Windows SMB Information Disclosure VulnerabilityImportantWindows TCP/IPCVE-2021-28439Windows TCP/IP Driver Denial of Service VulnerabilityImportantWindows TCP/IPCVE-2021-28442Windows TCP/IP Information Disclosure VulnerabilityImportantWindows TCP/IPCVE-2021-28319Windows TCP/IP Driver Denial of Service VulnerabilityImportantWindows Win32KCVE-2021-27072Win32k Elevation of Privilege VulnerabilityImportantWindows Win32KCVE-2021-28310Win32k Elevation of Privilege VulnerabilityImportantWindows WLAN Auto Config ServiceCVE-2021-28316Windows WLAN AutoConfig Service Security Feature Bypass VulnerabilityImportant
京东创始人刘强东和其妻子章泽天最近成为了互联网舆论关注的焦点。有关他们“移民美国”和在美国购买豪宅的传言在互联网上广泛传播。然而,京东官方通过微博发言人发布的消息澄清了这些传言,称这些言论纯属虚假信息和蓄意捏造。
日前,据博主“@超能数码君老周”爆料,国内三大运营商中国移动、中国电信和中国联通预计将集体采购百万台规模的华为Mate60系列手机。
据报道,荷兰半导体设备公司ASML正看到美国对华遏制政策的负面影响。阿斯麦(ASML)CEO彼得·温宁克在一档电视节目中分享了他对中国大陆问题以及该公司面临的出口管制和保护主义的看法。彼得曾在多个场合表达了他对出口管制以及中荷经济关系的担忧。
今年早些时候,抖音悄然上线了一款名为“青桃”的 App,Slogan 为“看见你的热爱”,根据应用介绍可知,“青桃”是一个属于年轻人的兴趣知识视频平台,由抖音官方出品的中长视频关联版本,整体风格有些类似B站。
日前,威马汽车首席数据官梅松林转发了一份“世界各国地区拥车率排行榜”,同时,他发文表示:中国汽车普及率低于非洲国家尼日利亚,每百户家庭仅17户有车。意大利世界排名第一,每十户中九户有车。
近日,一项新的研究发现,维生素 C 和 E 等抗氧化剂会激活一种机制,刺激癌症肿瘤中新血管的生长,帮助它们生长和扩散。
据媒体援引消息人士报道,苹果公司正在测试使用3D打印技术来生产其智能手表的钢质底盘。消息传出后,3D系统一度大涨超10%,不过截至周三收盘,该股涨幅回落至2%以内。
9月2日,坐拥千万粉丝的网红主播“秀才”账号被封禁,在社交媒体平台上引发热议。平台相关负责人表示,“秀才”账号违反平台相关规定,已封禁。据知情人士透露,秀才近期被举报存在违法行为,这可能是他被封禁的部分原因。据悉,“秀才”年龄39岁,是安徽省亳州市蒙城县人,抖音网红,粉丝数量超1200万。他曾被称为“中老年...
9月3日消息,亚马逊的一些股东,包括持有该公司股票的一家养老基金,日前对亚马逊、其创始人贝索斯和其董事会提起诉讼,指控他们在为 Project Kuiper 卫星星座项目购买发射服务时“违反了信义义务”。
据消息,为推广自家应用,苹果现推出了一个名为“Apps by Apple”的网站,展示了苹果为旗下产品(如 iPhone、iPad、Apple Watch、Mac 和 Apple TV)开发的各种应用程序。
特斯拉本周在美国大幅下调Model S和X售价,引发了该公司一些最坚定支持者的不满。知名特斯拉多头、未来基金(Future Fund)管理合伙人加里·布莱克发帖称,降价是一种“短期麻醉剂”,会让潜在客户等待进一步降价。
据外媒9月2日报道,荷兰半导体设备制造商阿斯麦称,尽管荷兰政府颁布的半导体设备出口管制新规9月正式生效,但该公司已获得在2023年底以前向中国运送受限制芯片制造机器的许可。
近日,根据美国证券交易委员会的文件显示,苹果卫星服务提供商 Globalstar 近期向马斯克旗下的 SpaceX 支付 6400 万美元(约 4.65 亿元人民币)。用于在 2023-2025 年期间,发射卫星,进一步扩展苹果 iPhone 系列的 SOS 卫星服务。
据报道,马斯克旗下社交平台𝕏(推特)日前调整了隐私政策,允许 𝕏 使用用户发布的信息来训练其人工智能(AI)模型。新的隐私政策将于 9 月 29 日生效。新政策规定,𝕏可能会使用所收集到的平台信息和公开可用的信息,来帮助训练 𝕏 的机器学习或人工智能模型。
9月2日,荣耀CEO赵明在采访中谈及华为手机回归时表示,替老同事们高兴,觉得手机行业,由于华为的回归,让竞争充满了更多的可能性和更多的魅力,对行业来说也是件好事。
《自然》30日发表的一篇论文报道了一个名为Swift的人工智能(AI)系统,该系统驾驶无人机的能力可在真实世界中一对一冠军赛里战胜人类对手。
近日,非营利组织纽约真菌学会(NYMS)发出警告,表示亚马逊为代表的电商平台上,充斥着各种AI生成的蘑菇觅食科普书籍,其中存在诸多错误。
社交媒体平台𝕏(原推特)新隐私政策提到:“在您同意的情况下,我们可能出于安全、安保和身份识别目的收集和使用您的生物识别信息。”
2023年德国柏林消费电子展上,各大企业都带来了最新的理念和产品,而高端化、本土化的中国产品正在不断吸引欧洲等国际市场的目光。
罗永浩日前在直播中吐槽苹果即将推出的 iPhone 新品,具体内容为:“以我对我‘子公司’的了解,我认为 iPhone 15 跟 iPhone 14 不会有什么区别的,除了序(列)号变了,这个‘不要脸’的东西,这个‘臭厨子’。
京公网安备 11010502044972号