漏洞概述:

微软发布了11月安全更新本次更新修复了63个漏洞涵盖特权提升、远程代码执行、信息泄露等多种漏洞类型,漏洞级别分布如下:5个严重级别漏洞,58个重要级别漏洞（漏洞级别依据微软官方数据）

其中6个漏洞被微软标记为“更可能被利用”及“检测利用情形”表明这些漏洞存在较高的利用风险,建议优先修复以降低潜在安全威胁

微软11月更新修复的完整漏洞列表如下:

影响范围

受影响的产品/功能/服务/组件包括:

Nuance PowerScribe

Microsoft Configuration Manager

Microsoft Office Excel

SQL Server

Azure Monitor Agent

Windows Smart Card

Windows DirectX

Windows Speech

Windows Routing and Remote Access Service (RRAS)

Windows WLAN Service

Customer Experience Improvement Program (CEIP)

Windows Bluetooth RFCOM Protocol Driver

Microsoft Streaming Service

Windows Broadcast DVR User Service

Windows Remote Desktop

Windows Kerberos

Windows Client-Side Caching (CSC) Service

Role: Windows Hyper-V

Multimedia Class Scheduler Service (MMCSS)

Storvsp.sys Driver

Windows Common Log File System Driver

Host Process for Windows Tasks

Windows OLE

Windows Administrator Protection

Windows Ancillary Function Driver for WinSock

Windows TDX.sys

OneDrive for Android

Microsoft Graphics Component

Microsoft Office

Microsoft Office SharePoint

Microsoft Office Word

Microsoft Dynamics 365 (on-premises)

Windows License Manager

Dynamics 365 Field Service (online)

Visual Studio

Windows Kernel

Microsoft Wireless Provisioning System

Windows Subsystem for Linux GUI

Visual Studio Code CoPilot Chat Extension

GitHub Copilot and Visual Studio Code

文章来源：飓风网络安全