【漏洞详情】
微软于本周发布了2021年03月安全补丁,微软共发布了89个漏洞的补丁程序,包括微软于上周紧急修补的多个Exchange漏洞,其中14个漏洞被微软官方标记为Critical,严重漏洞清单如下:
序号 |
CVE 编号 |
CVE 标题 |
严重程度 |
1 |
CVE-2021-26411 |
Internet Explorer Memory Corruption Vulnerability |
Critical |
2 |
CVE-2021-26855 |
Microsoft Exchange Server Remote Code Execution Vulnerability |
Critical |
3 |
CVE-2021-26857 |
Microsoft Exchange Server Remote Code Execution Vulnerability |
Critical |
4 |
CVE-2021-27065 |
Microsoft Exchange Server Remote Code Execution Vulnerability |
Critical |
5 |
CVE-2021-27074 |
Azure Sphere Unsigned Code Execution Vulnerability |
Critical |
6 |
CVE-2021-27080 |
Azure Sphere Unsigned Code Execution Vulnerability |
Critical |
7 |
CVE-2021-21300 |
Git for Visual Studio Remote Code Execution Vulnerability |
Critical |
8 |
CVE-2021-24089 |
HEVC Video Extensions Remote Code Execution Vulnerability |
Critical |
9 |
CVE-2021-26902 |
HEVC Video Extensions Remote Code Execution Vulnerability |
Critical |
10 |
CVE-2021-27061 |
HEVC Video Extensions Remote Code Execution Vulnerability |
Critical |
11 |
CVE-2021-26412 |
Microsoft Exchange Server Remote Code Execution Vulnerability |
Critical |
12 |
CVE-2021-26876 |
OpenType Font Parsing Remote Code Execution Vulnerability |
Critical |
13 |
CVE-2021-26897 |
Windows DNS Server Remote Code Execution Vulnerability |
Critical |
14 |
CVE-2021-26867 |
Windows Hyper-V Remote Code Execution Vulnerability |
Critical |
【风险评级】
高危
【影响范围】
l Windows系统及相关产品
【修复建议】
建议受影响的用户结合实际业务评估漏洞风险影响,可通过如下方案避免安全风险:
修复方法:打开 Windows Update 更新功能,点击“检查更新”按钮,依据业务需求下载安装相关安全补丁,安装完毕后重启系统,并检查系统运行情况。
【参考链接】
https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar
特别提醒:修复漏洞前请进行充分测试,并务必做好数据备份和快照,防止出现意外。
平安云
2021年3月10日