微软12月多个安全漏洞解决方案

安全狗应急响应中心监测到，微软发布了2022年12月份安全更新，事件等级：严重，事件评分：10.0。此次安全更新发布了52个漏洞的补丁，主要覆盖了以下组件：Azure; Office and Office Components; SysInternals; Microsoft Edge (Chromium-based); SharePoint Server;.NET framework等等。其中包含6个严重漏洞，43个高危漏洞。其威胁等级高，影响面广泛，攻击者价值高。

漏洞描述

CVE-2022-44698：Windows SmartScreen安全功能绕过漏洞

该漏洞存在于Windows SmartScreen中，可以创建一个文件，以远程逃避Web检测的标记，因此绕过了Microsoft Office中受保护视图之类的安全功能。

CVE-2022-41076 ：WindowsPowershell远程代码执行漏洞

该漏洞存在于Windows PowerShell中，这个严重级别的漏洞可能允许经过身份验证的用户绕过 PowerShell 远程会话配置并在受影响的系统上运行未经批准的命令。

CVE-2022-44699：Azure Network Watcher远程代码执行漏洞

该漏洞存在于Azure Network Watcher中，攻击者利用该漏洞可以终止来自网络监控器代理的包捕获。

CVE-2022-44713：Microsoft Outlook for Mac欺骗漏洞

该漏洞存在于Microsoft Outlook for Mac中，此漏洞可能允许攻击者在不应出现的情况下显示为受信任的用户。

安全通告信息

漏洞名称：微软12月多个漏洞

“严重”漏洞影响版本号

CVE-2022-41091-Windows Web 查询标记安全功能绕过漏洞

- Windows Server 2022 Datacenter: Azure Edition

- Windows Server 2022

- Windows Server 2019

- Windows Server 2016

- Windows 11 for x64-based Systems

- Windows 11 for ARM64-based Systems

- Windows 10 Version 22H2 for x64-based Systems

- Windows 10 Version 22H2 for ARM64-based Systems

- Windows 10 Version 22H2 for 32-bit Systems

- Windows 10 Version 21H2 for x64-based Systems

- Windows 10 Version 21H2 for ARM64-based Systems

- Windows 10 Version 21H2 for 32-bit Systems

- Windows 10 Version 21H1 for x64-based Systems

- Windows 10 Version 21H1 for ARM64-based Systems

- Windows 10 Version 21H1 for 32-bit Systems

- Windows 10 Version 20H2 for x64-based Systems

- Windows 10 Version 20H2 for ARM64-based Systems

- Windows 10 Version 20H2 for 32-bit Systems

- Windows 10 Version 1809 for x64-based Systems

- Windows 10 Version 1809 for ARM64-based Systems

- Windows 10 Version 1809 for 32-bit Systems

- Windows 10 Version 1607 for x64-based Systems

- Windows 10 Version 1607 for 32-bit Systems

CVE-2022-44713-Microsoft Outlook for Mac 欺骗漏洞

- Microsoft Office LTSC for Mac 2021

- Microsoft Office 2019 for Mac

CVE-2022-41076-PowerShell 远程代码执行漏洞

- Windows Server 2022 Datacenter: Azure Edition

- Windows Server 2022 (Server Core installation)

- Windows Server 2022

- Windows Server 2019 (Server Core installation)

- Windows Server 2019

- Windows Server 2016 (Server Core installation)

- Windows Server 2016

- Windows Server 2012 R2 (Server Core installation)

- Windows Server 2012 R2

- Windows Server 2012 (Server Core installation)

- Windows Server 2012

- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

- Windows Server 2008 for x64-based Systems Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

- Windows Server 2008 for 32-bit Systems Service Pack 2

- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

- Windows Server 2008 R2 for x64-based Systems Service Pack 1

- Windows RT 8.1

- Windows 8.1 for x64-based systems

- Windows 8.1 for 32-bit systems

- Windows 7 for x64-based Systems Service Pack 1

- Windows 7 for 32-bit Systems Service Pack 1

- Windows 11 for x64-based Systems

- Windows 11 for ARM64-based Systems

- Windows 11 Version 22H2 for x64-based Systems

- Windows 11 Version 22H2 for ARM64-based Systems

- Windows 10 for x64-based Systems

- Windows 10 for 32-bit Systems

- Windows 10 Version 22H2 for x64-based Systems

- Windows 10 Version 22H2 for ARM64-based Systems

- Windows 10 Version 22H2 for 32-bit Systems

- Windows 10 Version 21H2 for x64-based Systems

- Windows 10 Version 21H2 for ARM64-based Systems

- Windows 10 Version 21H2 for 32-bit Systems

- Windows 10 Version 21H1 for x64-based Systems

- Windows 10 Version 21H1 for ARM64-based Systems

- Windows 10 Version 21H1 for 32-bit Systems

- Windows 10 Version 20H2 for x64-based Systems

- Windows 10 Version 20H2 for ARM64-based Systems

- Windows 10 Version 20H2 for 32-bit Systems

- Windows 10 Version 1809 for x64-based Systems

- Windows 10 Version 1809 for ARM64-based Systems

- Windows 10 Version 1809 for 32-bit Systems

- Windows 10 Version 1607 for x64-based Systems

- Windows 10 Version 1607 for 32-bit Systems

- PowerShell 7.3

- PowerShell 7.2

CVE-2022-44699-Azure 网络观察程序代理安全功能绕过漏洞

- Azure Network Watcher VM Extension

漏洞危害等级：高危

厂商是否已发布漏洞补丁：是

版本更新地址：https://msrc.microsoft.com/update-guide/releaseNote/2022-Dec

安全狗总预警期数：255

安全狗发布预警日期：2022年12月15日

安全狗更新预警日期：2022年12月15日

发布者：安全狗海青实验室

安全建议

（一）Windows update更新自动更新：Microsoft Update默认启用，当系统检测到可用更新时，将会自动下载更新并在下一次启动时安装。

（二）手动安装更新Microsoft官方下载相应补丁进行更新。

参考链接

https://msrc.microsoft.com/update-guide/releaseNote/2022-Dec