SK-CERT Bezpečnostné varovanie V20230720-03
| Dôležitosť | Kritická |
| Klasifikácia | Neutajované/TLP:CLEAR |
| CVSS Skóre |
9.8 |
| Identifikátor |
| Microsoft produkty – viacero kritických bezpečnostných zraniteľností |
| Popis |
| Spoločnosť Microsoft vydala bezpečnostné aktualizácie na svoje portfólio produktov, ktoré opravujú viacero kritických bezpečnostných zraniteľností. Najzávažnejšia kritická bezpečnostná zraniteľnosť sa nachádza v produkte Routing and Remote Access Service, spočíva v nedostatočnej implementácii bezpečnostných mechanizmov a umožňuje vzdialenému, neautentifikovanému útočníkovi vykonať škodlivý kód s následkom úplného narušenia dôvernosti, integrity a dostupnosti systému. |
| Dátum prvého zverejnenia varovania |
| 11.07.2023 |
| CVE |
| CVE-2023-21526, CVE-2023-21756, CVE-2023-29347, CVE-2023-32033, CVE-2023-32034, CVE-2023-32035, CVE-2023-32037, CVE-2023-32038, CVE-2023-32039, CVE-2023-32040, CVE-2023-32041, CVE-2023-32042, CVE-2023-32043, CVE-2023-32044, CVE-2023-32045, CVE-2023-32046, CVE-2023-32047, CVE-2023-32049, CVE-2023-32050, CVE-2023-32051, CVE-2023-32052, CVE-2023-32053, CVE-2023-32054, CVE-2023-32055, CVE-2023-32056, CVE-2023-32057, CVE-2023-32083, CVE-2023-32084, CVE-2023-32085, CVE-2023-33127, CVE-2023-33134, CVE-2023-33148, CVE-2023-33149, CVE-2023-33150, CVE-2023-33151, CVE-2023-33152, CVE-2023-33153, CVE-2023-33154, CVE-2023-33155, CVE-2023-33156, CVE-2023-33157, CVE-2023-33158, CVE-2023-33159, CVE-2023-33160, CVE-2023-33161, CVE-2023-33162, CVE-2023-33163, CVE-2023-33164, CVE-2023-33165, CVE-2023-33166, CVE-2023-33167, CVE-2023-33168, CVE-2023-33169, CVE-2023-33170, CVE-2023-33171, CVE-2023-33172, CVE-2023-33173, CVE-2023-33174, CVE-2023-35296, CVE-2023-35297, CVE-2023-35298, CVE-2023-35299, CVE-2023-35300, CVE-2023-35302, CVE-2023-35303, CVE-2023-35304, CVE-2023-35305, CVE-2023-35306, CVE-2023-35308, CVE-2023-35309, CVE-2023-35310, CVE-2023-35311, CVE-2023-35312, CVE-2023-35313, CVE-2023-35314, CVE-2023-35315, CVE-2023-35316, CVE-2023-35317, CVE-2023-35318, CVE-2023-35319, CVE-2023-35320, CVE-2023-35321, CVE-2023-35322, CVE-2023-35323, CVE-2023-35324, CVE-2023-35325, CVE-2023-35326, CVE-2023-35328, CVE-2023-35329, CVE-2023-35330, CVE-2023-35331, CVE-2023-35332, CVE-2023-35333, CVE-2023-35335, CVE-2023-35336, CVE-2023-35337, CVE-2023-35338, CVE-2023-35339, CVE-2023-35340, CVE-2023-35341, CVE-2023-35342, CVE-2023-35343, CVE-2023-35344, CVE-2023-35345, CVE-2023-35346, CVE-2023-35347, CVE-2023-35348, CVE-2023-35350, CVE-2023-35351, CVE-2023-35352, CVE-2023-35353, CVE-2023-35356, CVE-2023-35357, CVE-2023-35358, CVE-2023-35360, CVE-2023-35361, CVE-2023-35362, CVE-2023-35363, CVE-2023-35364, CVE-2023-35365, CVE-2023-35366, CVE-2023-35367, CVE-2023-35373, CVE-2023-35374, CVE-2023-36867, CVE-2023-36868, CVE-2023-36871, CVE-2023-36872, CVE-2023-36874, CVE-2023-36884 |
| IOC |
| – |
| Zasiahnuté systémy |
| Windows Certificates Windows EFI Partition Windows Netlogon Microsoft Graphics Component Windows Admin Center Windows Cluster Server Windows Remote Procedure Call Windows Remote Procedure Call Windows Layer 2 Tunneling Protocol Windows ODBC Driver Microsoft Printer Drivers Microsoft Printer Drivers Windows Update Orchestrator Service Windows OLE Windows Remote Desktop Windows Message Queuing Windows Message Queuing Windows MSHTML Platform Paint 3D Windows SmartScreen Windows Installer Microsoft Windows Codecs Library Microsoft Power Apps Windows Installer Windows Volume Shadow Copy Windows Active Template Library Windows Server Update Service Windows Message Queuing Windows Failover Cluster Windows HTTP.sys Microsoft Printer Drivers .NET and Visual Studio Microsoft Office SharePoint Microsoft Office Microsoft Graphics Component Microsoft Office Microsoft Office Outlook Microsoft Office Access Microsoft Office Outlook Windows Partition Management Driver Windows Cloud Files Mini Filter Driver Windows Defender Microsoft Office SharePoint Microsoft Office Excel Microsoft Office SharePoint Microsoft Office SharePoint Microsoft Office Excel Microsoft Office Excel Windows Network Load Balancing Windows Remote Procedure Call Microsoft Office SharePoint Windows Remote Procedure Call Windows Remote Procedure Call Windows Remote Procedure Call Windows Remote Procedure Call ASP.NET and .NET Microsoft Dynamics Windows Remote Procedure Call Windows Remote Procedure Call Windows Cryptographic Services Microsoft Printer Drivers Windows PGM Windows HTTP.sys Windows Common Log File System Driver Windows Remote Procedure Call Microsoft Printer Drivers Microsoft Windows Codecs Library Windows Kernel Windows Kernel Microsoft Printer Drivers Windows MSHTML Platform Windows Message Queuing Role: DNS Server Microsoft Office Outlook Windows VOLSNAP.SYS Windows Online Certificate Status Protocol (OCSP) SnapIn Windows Remote Procedure Call Windows Layer-2 Bridge Network Driver Windows Remote Procedure Call Windows Server Update Service Windows Remote Procedure Call Windows Remote Procedure Call Windows Connected User Experiences and Telemetry Windows Deployment Services Windows Deployment Services Windows Online Certificate Status Protocol (OCSP) SnapIn Microsoft Printer Drivers Windows Print Spooler Components Windows CDP User Components Windows Transaction Manager Windows Authentication Methods Windows SPNEGO Extended Negotiation Windows Local Security Authority (LSA) Windows Remote Desktop Microsoft Media-Wiki Extensions Microsoft Dynamics Windows MSHTML Platform Windows Win32K Windows Peer Name Resolution Protocol Windows CryptoAPI Windows CNG Key Isolation Service Windows Media Windows Image Acquisition Windows Geolocation Service Role: DNS Server Role: DNS Server Role: DNS Server Windows App Store Azure Active Directory Windows Active Directory Certificate Services Windows Active Directory Certificate Services Windows Remote Desktop Windows Connected User Experiences and Telemetry Windows Kernel Windows Kernel Windows Kernel Windows NT OS Kernel Windows NT OS Kernel Windows Clip Service Windows Kernel Windows NT OS Kernel Windows Routing and Remote Access Service (RRAS) Windows Routing and Remote Access Service (RRAS) Windows Routing and Remote Access Service (RRAS) Mono Authenticode Paint 3D Visual Studio Code Service Fabric Azure Active Directory Microsoft Windows Codecs Library Windows Error Reporting Microsoft Edge (Chromium-based) Microsoft Office Microsoft Edge (Chromium-based) Microsoft Edge (Chromium-based) Presnú špecifikáciu jednotlivých zasiahnutých produktov nájdete na odkaze v časti ZDROJE. |
| Následky |
| Vykonanie škodlivého kódu a úplné narušenie dôvernosti, integrity a dostupnosti systému |
| Odporúčania |
| Administrátorom a používateľom odporúčame bezodkladne vykonať aktualizáciu zasiahnutých systémov. Po odstránení zraniteľností, ktoré mohli spôsobiť vzdialené vykonanie kódu, je dobrou praxou kontrola systému a zmena všetkých hesiel a kľúčov na dotknutom systéme a aj na iných systémoch, kde sa používalo rovnaké heslo či kľúč. |
| Zdroje |
| https://msrc.microsoft.com/update-guide/releaseNote/2023-Jul https://www.securityweek.com/microsoft-warns-of-office-zero-day-attacks-no-patch-available/ |
« Späť na zoznam
