微軟3月Patch Tuesday修補60個安全漏洞,僅有兩個被列為重大等級
· 2024-03-14

微軟本月例行安全更新出現CVSS風險評分高達9.8的漏洞,該漏洞位於Azure開放管理基礎設施(OMI),微軟建議受影響用戶升級OMI以完成修補

至於CVE-2024-21407則為一遠端執行漏洞,CVSS風險評分為8.1,允許於客座虛擬機器上經過身分驗證的駭客,向虛擬機器上的硬體資源傳送特定檔案的操作請求,進而在主機伺服器上執行遠端程式。成功的攻擊還需要先收集特定環境的資訊,也必須採取其它行動來準備目標環境。

另一個被外界關注的漏洞則是CVE-2024-21400,這是個位於Azure Kubernetes Service(AKS)機密容器的權限擴張漏洞,該漏洞允許駭客存取不受信任的AKS節點與AKS機密容器,以接管機密客座與容器,且發動相關攻擊並不需要通過身分驗證。該漏洞的CVSS風險評分高達9,但僅被微軟列為重要(Important)等級。

本月CVSS風險評分最高、達到9.8的,則是位於Azure開放管理基礎設施(Open Management Infrastructure,OMI)的CVE-2024-21334,OMI是個通用資訊模型的開源專案,該漏洞允許未經身分驗證的駭客自遠端存取OMI實例並傳送特定請求,以觸發一個釋放後使用漏洞,進而自遠端執行程式。

微軟建議執行受影響SCOM版本的用戶,應升級至OMI 1.8.1-0,無法更新或升級的用戶,且其Linux機器不需連至外部資源,則可選擇關閉OMI的傳入連接埠。

熱門文章
New Jersey July Gambling Revenue Hits $606M, Sweeps Casinos Banned
Regulation
Vietnam's tightening online gaming policy creates new market opportunities
Southeast Asia
Full House at GAT Expo Cartagena 2026 Academic Agenda
Online Game
Indiana online casino bill stalls in House committee
Regulation
DB Gaming Is One of Asia’s Top-Tier Game Solution Providers, Recognized as a Pioneer in the Asian Gaming Industry.
Marketing
That’s a Wrap: AffPapa Conference Madrid 2026 Highlights
Online Game
British gambling levy rates confirmed for each vertical
Regulation
What’s on the SBC Summit Conference Agenda in 2026?
Marketing
Institutional Academy that exceeded expectations marked the opening of GAT CDMX
Online Game
Gaming & Technology Expo Makes a Powerful Entrance in CDMX
Marketing
Global Game Connect (GGC) 2027 Officially Opens Sponsorship & Exhibition Opportunities in Sri Lanka!
HUIDU Focus
Manila delivers: Highlights from SiGMA Asia 2026 
Southeast Asia
B2B Tech Infrastructure Gains Momentum in Philippine Gaming Sector
Southeast Asia
Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says
Southeast Asia
GAT CDMX 2025 Institutional Academy: Leaders and Experts Analyze the Present and Future of the Gaming Industry in Mexico and Lat
Sports Game
首頁
遊戲
合作
發現
我的