Microsoft 3Ô¶à¸öÇå¾²Îó²î

Ðû²¼Ê±¼ä 2021-03-10

0x00 Îó²î¸ÅÊö

2021Äê03ÔÂ09ÈÕ£¬£¬£¬ £¬£¬£¬£¬MicrosoftÐû²¼ÁË3Ô·ݵÄÇå¾²¸üУ¬£¬£¬ £¬£¬£¬£¬¹²¼ÆÐÞ¸´ÁË122¸öÇå¾²Îó²î£¬£¬£¬ £¬£¬£¬£¬ÆäÖÐÓÐ14¸öÎó²îÆÀ¼¶ÎªÑÏÖØ£¬£¬£¬ £¬£¬£¬£¬75¸öÎó²îÆÀ¼¶Îª¸ßΣ£¬£¬£¬ £¬£¬£¬£¬ÆäÖаüÀ¨2¸ö0 dayÎó²î¡£¡£ ¡£¡£¡£

 

0x01 Îó²îÏêÇé

image.png 

±¾´ÎÐû²¼µÄ²¹¶¡º­¸ÇÁËWindowsϵͳ¡¢Azure¡¢Exchange Server¡¢Office¡¢SharePoint Server¡¢Visual Studio¡¢Hyper-V¡¢IEºÍEdge£¬£¬£¬ £¬£¬£¬£¬3ÔÂÍêÕûÎó²îÁбíÈçÏ£º

±êÇ©

CVE   ID

CVEÎÊÌâ

ÑÏÖØˮƽ

Application   Virtualization

CVE-2021-26890

Ó¦ÓóÌÐòÐéÄ⻯Զ³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Azure

CVE-2021-27075

AzureÐéÄâ»úÐÅϢй¶Îó²î

¸ßΣ

Azure   Sphere

CVE-2021-27074

Azure   SphereδÊðÃû´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

Azure   Sphere

CVE-2021-27080

Azure   SphereδÊðÃû´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

Internet   Explorer

CVE-2021-27085

Internet   ExplorerÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Internet   Explorer

CVE-2021-26411

Internet   ExplorerÄÚ´æËð»µÎó²î

ÑÏÖØ

Microsoft   ActiveX

CVE-2021-26869

Windows   ActiveX×°ÖóÌÐòЧÀÍÐÅϢй¶Îó²î

¸ßΣ

Microsoft   Edge on Chromium

CVE-2021-21173

Chromium   CVE-2021-21173£ºÍøÂçÄÚ²¿µÄ²àͨµÀÐÅÏ¢×ß©

δ֪

Microsoft   Edge on Chromium

CVE-2021-21172

Chromium   CVE-2021-21172£ºÎļþϵͳAPIÖеÄÕ½ÂÔÖ´ÐÐȱ·¦

δ֪

Microsoft   Edge on Chromium

CVE-2021-21169

Chromium   CVE-2021-21169£ºV8ÖеÄÔ½½çÄÚ´æ»á¼û

δ֪

Microsoft   Edge on Chromium

CVE-2021-21170

Chromium   CVE-2021-21170£º¼ÓÔسÌÐòÖеÄÇå¾²ÐÔUI²»×¼È·

δ֪

Microsoft   Edge on Chromium

CVE-2021-21171

Chromium   CVE-2021-21171£ºTabStripºÍµ¼º½ÖеÄÇå¾²ÐÔUI²»×¼È·

δ֪

Microsoft   Edge on Chromium

CVE-2021-21175

Chromium   CVE-2021-21175£ºÕ¾µã¸ôÀëÖеÄʵÑé²»µ±

δ֪

Microsoft   Edge on Chromium

CVE-2021-21176

Chromium   CVE-2021-21176£ºÔÚÈ«ÆÁģʽÏÂʵÑé²»µ±

δ֪

Microsoft   Edge on Chromium

CVE-2021-21177

Chromium   CVE-2021-21177£º×Ô¶¯Ìî³äÖеÄÕ½ÂÔÖ´ÐÐȱ·¦

δ֪

Microsoft   Edge on Chromium

CVE-2021-21174

Chromium   CVE-2021-21174£ºÔÚReferrerÖÐʵÑé²»µ±

δ֪

Microsoft   Edge on Chromium

CVE-2021-21178

Chromium   CVE-2021-21178£ºÔںϳÉÖÐÖ´Ðв»µ±

δ֪

Microsoft   Edge on Chromium

CVE-2021-21161

Chromium   CVE-2021-21161£ºTabStripÖеĶѻº³åÇøÒç³ö

δ֪

Microsoft   Edge on Chromium

CVE-2021-21162

Chromium   CVE-2021-21162£ºÔÚWebRTCÖÐUse-after-free

δ֪

Microsoft   Edge on Chromium

CVE-2021-21160

Chromium   CVE-2021-21160£ºWebAudioÖеĶѻº³åÇøÒç³ö

δ֪

Microsoft   Edge on Chromium

CVE-2020-27844

Chromium   CVE-2020-27844£ºOpenJPEGÖеĶѻº³åÇøÒç³ö

δ֪

Microsoft   Edge on Chromium

CVE-2021-21159

Chromium   CVE-2021-21159£ºTabStripÖеĶѻº³åÇøÒç³ö

δ֪

Microsoft   Edge on Chromium

CVE-2021-21163

Chromium   CVE-2021-21163£ºÔÚÔĶÁÆ÷ģʽÏÂÊý¾ÝÑé֤ȱ·¦

δ֪

Microsoft   Edge on Chromium

CVE-2021-21167

Chromium   CVE-2021-21167£ºÔÚÊéÇ©ÖÐUse-after-free

δ֪

Microsoft   Edge on Chromium

CVE-2021-21168

Chromium   CVE-2021-21168£ºappcacheÖеÄÕ½ÂÔÖ´ÐÐȱ·¦

δ֪

Microsoft   Edge on Chromium

CVE-2021-21166

Chromium   CVE-2021-21166£ºÒôƵÖеŤ¾ßÉúÃüÖÜÆÚÎÊÌâ

δ֪

Microsoft   Edge on Chromium

CVE-2021-21164

Chromium   CVE-2021-21164£ºChromeÖеÄiOSÊý¾ÝÑé֤ȱ·¦

δ֪

Microsoft   Edge on Chromium

CVE-2021-21165

Chromium   CVE-2021-21165£ºÒôƵÖеŤ¾ßÉúÃüÖÜÆÚÎÊÌâ

δ֪

Microsoft   Edge on Chromium

CVE-2021-21189

Chromium   CVE-2021-21189£º¸¶¿îÖеÄÕþ²ßÖ´ÐÐȱ·¦

δ֪

Microsoft   Edge on Chromium

CVE-2021-21181

Chromium   CVE-2021-21181£º×Ô¶¯Ìî³äÖеIJàͨµÀÐÅÏ¢×ß©

δ֪

Microsoft   Edge on Chromium

CVE-2021-21186

Chromium   CVE-2021-21186£ºQRɨÃèÖеÄÕ½ÂÔÖ´ÐÐȱ·¦

δ֪

Microsoft   Edge on Chromium

CVE-2021-21190

Chromium   CVE-2021-21190£ºÔÚPDFiumÖÐδ³õʼ»¯Ê¹ÓÃ

δ֪

Microsoft   Edge on Chromium

CVE-2021-21183

Chromium   CVE-2021-21183£ºÐÔÄÜAPIÖеÄʵÏÖ²»µ±

δ֪

Microsoft   Edge on Chromium

CVE-2021-21185

Chromium   CVE-2021-21185£ºÀ©Õ¹ÖеÄÕ½ÂÔÖ´ÐÐȱ·¦

δ֪

Microsoft   Edge on Chromium

CVE-2021-21187

Chromium   CVE-2021-21187£ºURLÃûÌÃÖеÄÊý¾ÝÑé֤ȱ·¦

δ֪

Microsoft   Edge on Chromium

CVE-2021-21182

Chromium   CVE-2021-21182£ºµ¼º½ÖеÄÕ½ÂÔÖ´ÐÐȱ·¦

δ֪

Microsoft   Edge on Chromium

CVE-2021-21180

Chromium   CVE-2021-21180£ºÔÚ±êÇ©ËÑË÷ÖÐUse-after-free

δ֪

Microsoft   Edge on Chromium

CVE-2021-21184

Chromium   CVE-2021-21184£ºÐÔÄÜAPIÖеÄʵÏÖ²»µ±

δ֪

Microsoft   Edge on Chromium

CVE-2021-21179

Chromium   CVE-2021-21179£ºÔÚÍøÂçÄÚ²¿Use-after-free

δ֪

Microsoft   Edge on Chromium

CVE-2021-21188

Chromium   CVE-2021-21188£ºÔÚBlinkÖÐUse-after-free

δ֪

Microsoft   Exchange Server

CVE-2021-26412

Microsoft   Exchange ServerÔ¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

Microsoft   Exchange Server

CVE-2021-27065

Microsoft   Exchange ServerÔ¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

Microsoft   Exchange Server

CVE-2021-27078

Microsoft   Exchange ServerÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Microsoft   Exchange Server

CVE-2021-26854

Microsoft   Exchange ServerÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Microsoft   Exchange Server

CVE-2021-26857

Microsoft   Exchange ServerÔ¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

Microsoft   Exchange Server

CVE-2021-26855

Microsoft   Exchange ServerÔ¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

Microsoft   Exchange Server

CVE-2021-26858

Microsoft   Exchange ServerÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Microsoft   Graphics Component

CVE-2021-26863

Windows   Win32kȨÏÞÌáÉýÎó²î

¸ßΣ

Microsoft   Graphics Component

CVE-2021-27077

Windows   Win32kȨÏÞÌáÉýÎó²î

¸ßΣ

Microsoft   Graphics Component

CVE-2021-26861

WindowsͼÐÎ×é¼þÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Microsoft   Graphics Component

CVE-2021-26876

OpenType×ÖÌåÆÊÎöÔ¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

Microsoft   Graphics Component

CVE-2021-26875

Windows   Win32kȨÏÞÌáÉýÎó²î

¸ßΣ

Microsoft   Graphics Component

CVE-2021-26868

WindowsͼÐÎ×é¼þȨÏÞÌáÉýÎó²î

¸ßΣ

Microsoft   Office

CVE-2021-24108

Microsoft   OfficeÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Microsoft   Office

CVE-2021-27058

Microsoft   Office ClickToRunÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Microsoft   Office

CVE-2021-27059

Microsoft   OfficeÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Microsoft   Office Excel

CVE-2021-27053

Microsoft   ExcelÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Microsoft   Office Excel

CVE-2021-27054

Microsoft   ExcelÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Microsoft   Office Excel

CVE-2021-27057

Microsoft   OfficeÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Microsoft   Office PowerPoint

CVE-2021-27056

Microsoft   PowerPointÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Microsoft   Office SharePoint

CVE-2021-27052

Microsoft   SharePoint ServerÐÅϢй¶Îó²î

¸ßΣ

Microsoft   Office SharePoint

CVE-2021-24104

Microsoft   SharePointÓÕÆ­Îó²î

¸ßΣ

Microsoft   Office SharePoint

CVE-2021-27076

Microsoft   SharePoint ServerÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Microsoft   Office Visio

CVE-2021-27055

Microsoft   VisioÇå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

Microsoft   Windows Codecs Library

CVE-2021-27050

HEVCÊÓƵÀ©Õ¹Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Microsoft   Windows Codecs Library

CVE-2021-27049

HEVCÊÓƵÀ©Õ¹Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Microsoft   Windows Codecs Library

CVE-2021-26884

Windows   MediaÕÕƬ±à½âÂëÆ÷ÐÅϢй¶Îó²î

¸ßΣ

Microsoft   Windows Codecs Library

CVE-2021-27051

HEVCÊÓƵÀ©Õ¹Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Microsoft   Windows Codecs Library

CVE-2021-27062

HEVCÊÓƵÀ©Õ¹Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Microsoft   Windows Codecs Library

CVE-2021-24110

HEVCÊÓƵÀ©Õ¹Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Microsoft   Windows Codecs Library

CVE-2021-24089

HEVCÊÓƵÀ©Õ¹Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

Microsoft   Windows Codecs Library

CVE-2021-27061

HEVCÊÓƵÀ©Õ¹Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

Microsoft   Windows Codecs Library

CVE-2021-27048

HEVCÊÓƵÀ©Õ¹Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Microsoft   Windows Codecs Library

CVE-2021-27047

HEVCÊÓƵÀ©Õ¹Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Microsoft   Windows Codecs Library

CVE-2021-26902

HEVCÊÓƵÀ©Õ¹Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

Power   BI

CVE-2021-26859

Microsoft   Power BIÐÅϢй¶Îó²î

¸ßΣ

Role:   DNS Server

CVE-2021-27063

Windows   DNSЧÀÍÆ÷¾Ü¾øЧÀÍÎó²î

¸ßΣ

Role:   DNS Server

CVE-2021-26893

Windows   DNSЧÀÍÆ÷Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Role:   DNS Server

CVE-2021-26897

Windows   DNSЧÀÍÆ÷Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

Role:   DNS Server

CVE-2021-26894

Windows   DNSЧÀÍÆ÷Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Role:   DNS Server

CVE-2021-26895

Windows   DNSЧÀÍÆ÷Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Role:   DNS Server

CVE-2021-26896

Windows   DNSЧÀÍÆ÷¾Ü¾øЧÀÍÎó²î

¸ßΣ

Role:   DNS Server

CVE-2021-26877

Windows   DNSЧÀÍÆ÷Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Role:   Hyper-V

CVE-2021-26867

Windows   Hyper-VÔ¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

Role:   Hyper-V

CVE-2021-26879

Windows   NAT¾Ü¾øЧÀÍÎó²î

¸ßΣ

Visual   Studio

CVE-2021-27084

Visual   Studio Code JavaÀ©Õ¹°üÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Visual   Studio

CVE-2021-21300

Git   for Visual StudioÔ¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

Visual   Studio Code

CVE-2021-27060

Visual   Studio´úÂëÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Visual   Studio Code

CVE-2021-27081

Visual   Studio Code ESLintÀ©Õ¹Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Visual   Studio Code

CVE-2021-27083

Visual   Studio CodeÔ¶³Ì´úÂëÖ´ÐеÄÔ¶³Ì¿ª·¢À©Õ¹Îó²î

¸ßΣ

Visual   Studio Code

CVE-2021-27082

ÓÃÓÚVisual Studio´úÂëÔ¶³Ì´úÂëÖ´ÐÐÎó²îµÄQuantum¿ª·¢Ì×¼þ

¸ßΣ

Windows   Admin Center

CVE-2021-27066

WindowsÖÎÀíÖÐÐÄÇå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

Windows   Container Execution Agent

CVE-2021-26891

WindowsÈÝÆ÷Ö´ÐÐÊðÀíȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   Container Execution Agent

CVE-2021-26865

WindowsÈÝÆ÷Ö´ÐÐÊðÀíȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   DirectX

CVE-2021-24095

DirectXȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   Error Reporting

CVE-2021-24090

Windows¹ýʧ±¨¸æȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   Event Tracing

CVE-2021-24107

WindowsÊÂÎñ¸ú×ÙÐÅϢй¶Îó²î

¸ßΣ

Windows   Event Tracing

CVE-2021-26872

WindowsÊÂÎñ¸ú×ÙȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   Event Tracing

CVE-2021-26901

WindowsÊÂÎñ¸ú×ÙȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   Event Tracing

CVE-2021-26898

WindowsÊÂÎñ¸ú×ÙȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   Extensible Firmware Interface

CVE-2021-26892

Windows¿ÉÀ©Õ¹¹Ì¼þ½Ó¿ÚÇå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

Windows   Folder Redirection

CVE-2021-26887

Microsoft   WindowsÎļþ¼ÐÖض¨ÏòȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   Installer

CVE-2021-26862

Windows   InstallerȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   Media

CVE-2021-26881

Microsoft   Windows Media FoundationÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

Windows   Overlay Filter

CVE-2021-26874

WindowsÁýÕÖɸѡÆ÷ȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   Overlay Filter

CVE-2021-26860

Windows   App-VÁýÕÖɸѡÆ÷ȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   Print Spooler Components

CVE-2021-1640

Windows   Print SpoolerȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   Print Spooler Components

CVE-2021-26878

Windows   Print SpoolerȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   Projected File System Filter Driver

CVE-2021-26870

Windows   ProjectedÎļþϵͳȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   Registry

CVE-2021-26864

WindowsÐéÄâ×¢²á±íÌṩ³ÌÐòȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   Remote Access API

CVE-2021-26882

Ô¶³Ì»á¼ûAPIȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   Storage Spaces Controller

CVE-2021-26880

´æ´¢¿Õ¼ä¿ØÖÆÆ÷ȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   Update Assistant

CVE-2021-27070

Windows   10 Update AssistantȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   Update Stack

CVE-2021-1729

Windows   Update¿ÍÕ»×°ÖÃȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   Update Stack

CVE-2021-26889

Windows   Update¿ÍջȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   Update Stack

CVE-2021-26866

Windows   Update ServiceȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   UPnP Device Host

CVE-2021-26899

Windows   UPnP×°±¸Ö÷»úȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   User Profile Service

CVE-2021-26873

WindowsÓû§ÉèÖÃÎļþЧÀÍȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   User Profile Service

CVE-2021-26886

Óû§ÉèÖÃÎļþЧÀ;ܾøЧÀÍÎó²î

¸ßΣ

Windows   WalletService

CVE-2021-26871

Windows   WalletServiceȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   WalletService

CVE-2021-26885

Windows   WalletServiceȨÏÞÌáÉýÎó²î

¸ßΣ

Windows   Win32K

CVE-2021-26900

Windows   Win32kȨÏÞÌáÉýÎó²î

¸ßΣ

 

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚMicrosoftÒÑÐû²¼Ïà¹ØÇå¾²¸üУ¬£¬£¬ £¬£¬£¬£¬½¨Ò龡¿ìÐÞ¸´¡£¡£ ¡£¡£¡£

£¨Ò»£© Windows update¸üÐÂ

×Ô¶¯¸üУº

Microsoft UpdateĬÈÏÆôÓ㬣¬£¬ £¬£¬£¬£¬µ±ÏµÍ³¼ì²âµ½¿ÉÓøüÐÂʱ£¬£¬£¬ £¬£¬£¬£¬½«»á×Ô¶¯ÏÂÔظüв¢ÔÚÏÂÒ»´ÎÆô¶¯Ê±×°Öᣡ£ ¡£¡£¡£

 

ÊÖ¶¯¸üУº

1¡¢µã»÷¡°×îÏȲ˵¥¡±»ò°´Windows¿ì½Ý¼ü£¬£¬£¬ £¬£¬£¬£¬µã»÷½øÈë¡°ÉèÖá±

2¡¢Ñ¡Ôñ¡°¸üкÍÇå¾²¡±£¬£¬£¬ £¬£¬£¬£¬½øÈë¡°Windows¸üС±£¨Windows 8¡¢Windows 8.1¡¢Windows Server 2012ÒÔ¼°Windows Server 2012 R2¿Éͨ¹ý¿ØÖÆÃæ°å½øÈë¡°Windows¸üС±£¬£¬£¬ £¬£¬£¬£¬Ïêϸ°ì·¨Îª¡°¿ØÖÆÃæ°å¡±->¡°ÏµÍ³ºÍÇå¾²¡±->¡°Windows¸üС±£©

3¡¢Ñ¡Ôñ¡°¼ì²é¸üС±£¬£¬£¬ £¬£¬£¬£¬ÆÚ´ýϵͳ½«×Ô¶¯¼ì²é²¢ÏÂÔØ¿ÉÓøüС£¡£ ¡£¡£¡£

4¡¢ÖØÆôÅÌËã»ú£¬£¬£¬ £¬£¬£¬£¬×°ÖøüÐÂϵͳÖØÐÂÆô¶¯ºó£¬£¬£¬ £¬£¬£¬£¬¿Éͨ¹ý½øÈë¡°Windows¸üС±->¡°Éó²é¸üÐÂÀúÊ·¼Í¼¡±Éó²éÊÇ·ñÀÖ³É×°ÖÃÁ˸üС£¡£ ¡£¡£¡£¹ØÓÚûÓÐÀÖ³É×°ÖõĸüУ¬£¬£¬ £¬£¬£¬£¬¿ÉÒÔµã»÷¸Ã¸üÐÂÃû³Æ½øÈë΢Èí¹Ù·½¸üÐÂÐÎòÁ´½Ó£¬£¬£¬ £¬£¬£¬£¬µã»÷×îеÄSSUÃû³Æ²¢ÔÚÐÂÁ´½ÓÖеã»÷¡°Microsoft ¸üÐÂĿ¼¡±£¬£¬£¬ £¬£¬£¬£¬È»ºóÔÚÐÂÁ´½ÓÖÐÑ¡ÔñÊÊÓÃÓÚÄ¿µÄϵͳµÄ²¹¶¡¾ÙÐÐÏÂÔز¢×°Öᣡ£ ¡£¡£¡£

 

£¨¶þ£© ÊÖ¶¯×°ÖøüÐÂ

΢Èí¹Ù·½ÏÂÔØÏìÓ¦²¹¶¡¾ÙÐиüС£¡£ ¡£¡£¡£

ÏÂÔØÁ´½Ó£º

https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar

 

0x03 ²Î¿¼Á´½Ó

https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar

https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2021-patch-tuesday-fixes-82-flaws-2-zero-days/

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27076

https://www.zerodayinitiative.com/blog/2021/1/27/zdi-can-12671-windows-kernel-dosprivilege-escalation-via-a-null-pointer-deref

 

0x04 ʱ¼äÏß

2021-03-09  ΢ÈíÐû²¼Çå¾²¸üÐÂ

2021-03-10  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

image.png