阅读: 0
微软于周二发布了9月安全更新补丁,修复了81个从简单的欺骗攻击到远程执行代码的安全问题
综述
微软于周二发布了9月安全更新补丁,修复了81个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Core、.NET Framework、Active Directory、Adobe Flash Player、ASP.NET、Common Log File System Driver、Microsoft Browsers、Microsoft Edge、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft JET Database Engine、Microsoft Office、Microsoft Office SharePoint、Microsoft Scripting Engine、Microsoft Windows、Microsoft Yammer、Project Rome、Servicing Stack Updates、Skype for Business and Microsoft Lync、Team Foundation Server、Visual Studio、Windows Hyper-V、Windows Kernel以及Windows RDP。
相关信息如下:
产品 | CVE 编号 | CVE 标题 | 严重程度 |
.NET Core | CVE-2019-1301 | .NET Core 拒绝服务漏洞 | Important |
.NET Framework | CVE-2019-1142 | .NET Framework 特权提升漏洞 | Important |
Active Directory | CVE-2019-1273 | Active Directory Federation Services XSS Vulnerability | Important |
Adobe Flash Player | ADV190022 | September 2019 Adobe Flash 安全更新 | Critical |
ASP.NET | CVE-2019-1302 | ASP.NET Core Elevation Of Privilege Vulnerability | Important |
Common Log File System Driver | CVE-2019-1214 | Windows Common Log File System Driver 特权提升漏洞 | Important |
Common Log File System Driver | CVE-2019-1282 | Windows Common Log File System Driver 信息泄露漏洞 | Important |
Microsoft Browsers | CVE-2019-1220 | Microsoft Browser 安全功能绕过漏洞 | Important |
Microsoft Edge | CVE-2019-1299 | Microsoft Edge based on Edge HTML 信息泄露漏洞 | Important |
Microsoft Exchange Server | CVE-2019-1233 | Microsoft Exchange 拒绝服务漏洞 | Important |
Microsoft Exchange Server | CVE-2019-1266 | Microsoft Exchange 欺骗漏洞 | Important |
Microsoft Graphics Component | CVE-2019-1216 | DirectX 信息泄露漏洞 | Important |
Microsoft Graphics Component | CVE-2019-1244 | DirectWrite 信息泄露漏洞 | Important |
Microsoft Graphics Component | CVE-2019-1245 | DirectWrite 信息泄露漏洞 | Important |
Microsoft Graphics Component | CVE-2019-1251 | DirectWrite 信息泄露漏洞 | Important |
Microsoft Graphics Component | CVE-2019-1252 | Windows GDI 信息泄露漏洞 | Important |
Microsoft Graphics Component | CVE-2019-1283 | Microsoft Graphics Components 信息泄露漏洞 | Important |
Microsoft Graphics Component | CVE-2019-1284 | DirectX 特权提升漏洞 | Important |
Microsoft Graphics Component | CVE-2019-1286 | Windows GDI 信息泄露漏洞 | Important |
Microsoft JET Database Engine | CVE-2019-1240 | Jet Database Engine 远程代码执行漏洞 | Important |
Microsoft JET Database Engine | CVE-2019-1241 | Jet Database Engine 远程代码执行漏洞 | Important |
Microsoft JET Database Engine | CVE-2019-1242 | Jet Database Engine 远程代码执行漏洞 | Important |
Microsoft JET Database Engine | CVE-2019-1243 | Jet Database Engine 远程代码执行漏洞 | Important |
Microsoft JET Database Engine | CVE-2019-1246 | Jet Database Engine 远程代码执行漏洞 | Important |
Microsoft JET Database Engine | CVE-2019-1247 | Jet Database Engine 远程代码执行漏洞 | Important |
Microsoft JET Database Engine | CVE-2019-1248 | Jet Database Engine 远程代码执行漏洞 | Important |
Microsoft JET Database Engine | CVE-2019-1249 | Jet Database Engine 远程代码执行漏洞 | Important |
Microsoft JET Database Engine | CVE-2019-1250 | Jet Database Engine 远程代码执行漏洞 | Important |
Microsoft Office | CVE-2019-1297 | Microsoft Excel 远程代码执行漏洞 | Important |
Microsoft Office | CVE-2019-1263 | Microsoft Excel 信息泄露漏洞 | Important |
Microsoft Office | CVE-2019-1264 | Microsoft Office 安全功能绕过漏洞 | Important |
Microsoft Office SharePoint | CVE-2019-1257 | Microsoft SharePoint 远程代码执行漏洞 | Critical |
Microsoft Office SharePoint | CVE-2019-1259 | Microsoft SharePoint 欺骗漏洞 | Moderate |
Microsoft Office SharePoint | CVE-2019-1260 | Microsoft SharePoint 特权提升漏洞 | Important |
Microsoft Office SharePoint | CVE-2019-1261 | Microsoft SharePoint 欺骗漏洞 | Important |
Microsoft Office SharePoint | CVE-2019-1262 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2019-1295 | Microsoft SharePoint 远程代码执行漏洞 | Critical |
Microsoft Office SharePoint | CVE-2019-1296 | Microsoft SharePoint 远程代码执行漏洞 | Critical |
Microsoft Scripting Engine | CVE-2019-1138 | Chakra Scripting Engine 内存破坏漏洞 | Moderate |
Microsoft Scripting Engine | CVE-2019-1208 | VBScript 远程代码执行漏洞 | Critical |
Microsoft Scripting Engine | CVE-2019-1217 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
Microsoft Scripting Engine | CVE-2019-1221 | Scripting Engine 内存破坏漏洞 | Critical |
Microsoft Scripting Engine | CVE-2019-1236 | VBScript 远程代码执行漏洞 | Critical |
Microsoft Scripting Engine | CVE-2019-1237 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
Microsoft Scripting Engine | CVE-2019-1298 | Chakra Scripting Engine 内存破坏漏洞 | Moderate |
Microsoft Scripting Engine | CVE-2019-1300 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
Microsoft Windows | CVE-2019-1215 | Windows 特权提升漏洞 | Important |
Microsoft Windows | CVE-2019-1219 | Windows Transaction Manager 信息泄露漏洞 | Important |
Microsoft Windows | CVE-2019-1267 | Microsoft Compatibility Appraiser 特权提升漏洞 | Important |
Microsoft Windows | CVE-2019-1268 | Winlogon 特权提升漏洞 | Important |
Microsoft Windows | CVE-2019-1269 | Windows ALPC 特权提升漏洞 | Important |
Microsoft Windows | CVE-2019-1270 | Microsoft Windows Store Installer 特权提升漏洞 | Important |
Microsoft Windows | CVE-2019-1271 | Windows Media 特权提升漏洞 | Important |
Microsoft Windows | CVE-2019-1272 | Windows ALPC 特权提升漏洞 | Important |
Microsoft Windows | CVE-2019-1235 | Windows Text Service Framework 特权提升漏洞 | Important |
Microsoft Windows | CVE-2019-1253 | Windows 特权提升漏洞 | Important |
Microsoft Windows | CVE-2019-1277 | Windows Audio Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2019-1278 | Windows 特权提升漏洞 | Important |
Microsoft Windows | CVE-2019-1280 | LNK 远程代码执行漏洞 | Critical |
Microsoft Windows | CVE-2019-1287 | Windows Network Connectivity Assistant 特权提升漏洞 | Important |
Microsoft Windows | CVE-2019-1289 | Windows Update Delivery Optimization 特权提升漏洞 | Important |
Microsoft Windows | CVE-2019-1292 | Windows 拒绝服务漏洞 | Important |
Microsoft Windows | CVE-2019-1294 | Windows Secure Boot 安全功能绕过漏洞 | Important |
Microsoft Windows | CVE-2019-1303 | Windows 特权提升漏洞 | Important |
Microsoft Yammer | CVE-2019-1265 | Microsoft Yammer 安全功能绕过漏洞 | Important |
Project Rome | CVE-2019-1231 | Rome SDK 信息泄露漏洞 | Important |
Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates | Critical |
Skype for Business and Microsoft Lync | CVE-2019-1209 | Lync 2013 信息泄露漏洞 | Important |
Team Foundation Server | CVE-2019-1305 | Team Foundation Server Cross-site Scripting Vulnerability | Important |
Team Foundation Server | CVE-2019-1306 | Azure DevOps and Team Foundation Server 远程代码执行漏洞 | Critical |
Visual Studio | CVE-2019-1232 | Diagnostics Hub Standard Collector Service 特权提升漏洞 | Important |
Windows Hyper-V | CVE-2019-0928 | Windows Hyper-V 拒绝服务漏洞 | Important |
Windows Hyper-V | CVE-2019-1254 | Windows Hyper-V 信息泄露漏洞 | Important |
Windows Kernel | CVE-2019-1274 | Windows Kernel 信息泄露漏洞 | Important |
Windows Kernel | CVE-2019-1256 | Win32k 特权提升漏洞 | Important |
Windows Kernel | CVE-2019-1285 | Win32k 特权提升漏洞 | Important |
Windows Kernel | CVE-2019-1293 | Windows SMB Client Driver 信息泄露漏洞 | Important |
Windows RDP | CVE-2019-0787 | Remote Desktop Client 远程代码执行漏洞 | Critical |
Windows RDP | CVE-2019-0788 | Remote Desktop Client 远程代码执行漏洞 | Critical |
Windows RDP | CVE-2019-1290 | Remote Desktop Client 远程代码执行漏洞 | Critical |
Windows RDP | CVE-2019-1291 | Remote Desktop Client 远程代码执行漏洞 | Critical |
修复建议
微软官方已经发布更新补丁,请及时进行补丁更新。
完整报告原文下载: