微软发布5月补丁 修复111个安全问题
2020-05-13
微软于本周二发布了5月安全更新补丁,修复了111个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Core、.NET Framework、Active Directory、Common Log File System Driver、Internet Explorer、Microsoft Dynamics、Microsoft Edge、Microsoft Graphics Component、Microsoft JET Database Engine、Microsoft Office、Microsoft Office SharePoint、Microsoft Scripting Engine、Microsoft Windows、Power BI、Visual Studio、Windows Hyper-V、Windows Kernel、Windows Scripting、Windows Subsystem for Linux、Windows Task Scheduler以及Windows Update Stack。
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-May
Critical漏洞概述
本次微软共修复了15个Critical级别漏洞,下面重点介绍其中的 5个:
- CVE-2020-1023, CVE-2020-1024, CVE-2020-1069和 CVE-2020–1102
这些是微软SharePoint中的远程代码执行漏洞。攻击者可以利用这些漏洞中的任何一个来获得在受害机器或服务器上执行任意代码的能力,具体取决于特定的错误。对于CVE-2020-1069,攻击者需要上传一个特别制作的包到SharePoint服务器,以成功利用这个漏洞。剩下的部分需要用户打开一个特别制作的SharePoint文件。
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1024
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1069
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1102
- CVE-2020-1062
这是Internet Explorer web浏览器中的一个内存损坏漏洞。当用户访问一个特别设计的、由攻击者控制的web页面时,可能会触发此漏洞。攻击者可以使用一种方式构造页面,这种方式会破坏目标机器上的内存,从而允许它们在当前用户的上下文中执行任意代码。微软的更新解决了浏览器在内存中处理对象的方式。
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1062
本次更新概括
产品 | CVE 编号 |
CVE 标题 | 严重程度 |
Microsoft Graphics Component | CVE-2020-1117 | Microsoft Color Management 远程代码执行漏洞 | Critical |
Microsoft Graphics Component | CVE-2020-1153 | Microsoft Graphics Components 远程代码执行漏洞 | Critical |
Microsoft Office SharePoint | CVE-2020-1023 | Microsoft SharePoint 远程代码执行漏洞 | Critical |
Microsoft Office SharePoint | CVE-2020-1024 | Microsoft SharePoint 远程代码执行漏洞 | Critical |
Microsoft Office SharePoint | CVE-2020-1069 | Microsoft SharePoint Server 远程代码执行漏洞 | Critical |
Microsoft Office SharePoint | CVE-2020-1102 | Microsoft SharePoint 远程代码执行漏洞 | Critical |
Microsoft Scripting Engine | CVE-2020-1065 | Scripting Engine 内存破坏漏洞 | Critical |
Microsoft Windows | CVE-2020-1028 | Media Foundation 内存破坏漏洞 | Critical |
Microsoft Windows | CVE-2020-1126 | Media Foundation 内存破坏漏洞 | Critical |
Microsoft Windows | CVE-2020-1136 | Media Foundation 内存破坏漏洞 | Critical |
Visual Studio | CVE-2020-1192 | Visual Studio Code Python Extension 远程代码执行漏洞 | Critical |
Internet Explorer | CVE-2020-1064 | MSHTML Engine 远程代码执行漏洞 | Critical |
Internet Explorer | CVE-2020-1093 | VBScript 远程代码执行漏洞 | Critical |
Microsoft Edge | CVE-2020-1056 | Microsoft Edge 特权提升漏洞 | Critical |
Internet Explorer | CVE-2020-1062 | Internet Explorer 内存破坏漏洞 | Critical |
.NET Core | CVE-2020-1108 | .NET Core & .NET Framework 拒绝服务漏洞 | Important |
.NET Core | CVE-2020-1161 | ASP.NET Core 拒绝服务漏洞 | Important |
.NET Framework | CVE-2020-1066 | .NET Framework 特权提升漏洞 | Important |
Active Directory | CVE-2020-1055 | Microsoft Active Directory Federation Services 跨站脚本漏洞 | Important |
Common Log File System Driver | CVE-2020-1154 | Windows Common Log File System Driver 特权提升漏洞 | Important |
Microsoft Dynamics | CVE-2020-1063 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important |
Microsoft Edge | CVE-2020-1059 | Microsoft Edge 欺骗漏洞 | Important |
Microsoft Edge | CVE-2020-1096 | Microsoft Edge PDF 远程代码执行漏洞 | Important |
Microsoft Graphics Component | CVE-2020-0963 | Windows GDI 信息泄露漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1054 | Win32k 特权提升漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1135 | Windows Graphics Component 特权提升漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1140 | DirectX 特权提升漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1179 | Windows GDI 信息泄露漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1141 | Windows GDI 信息泄露漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1142 | Windows GDI 特权提升漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1145 | Windows GDI 信息泄露漏洞 | Important |
Microsoft JET Database Engine | CVE-2020-1175 | Jet Database Engine 远程代码执行漏洞 | Important |
Microsoft JET Database Engine | CVE-2020-1051 | Jet Database Engine 远程代码执行漏洞 | Important |
Microsoft JET Database Engine | CVE-2020-1174 | Jet Database Engine 远程代码执行漏洞 | Important |
Microsoft JET Database Engine | CVE-2020-1176 | Jet Database Engine 远程代码执行漏洞 | Important |
Microsoft Office | CVE-2020-0901 | Microsoft Excel 远程代码执行漏洞 | Important |
Microsoft Office SharePoint | CVE-2020-1099 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-1101 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-1107 | Microsoft SharePoint 欺骗漏洞 | Important |
Microsoft Office SharePoint | CVE-2020-1100 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-1103 | Microsoft SharePoint 信息泄露漏洞 | Important |
Microsoft Office SharePoint | CVE-2020-1104 | Microsoft SharePoint 欺骗漏洞 | Important |
Microsoft Office SharePoint | CVE-2020-1105 | Microsoft SharePoint 欺骗漏洞 |
$(".info_chag img").each(function () {
$(this).css({ "max-width": "100%","height": "auto","display":"inline-block" }).parent().css({"text-align":"center"});
});
✕
您的联系方式© 2024 NSFOCUS js1996官网登录 www.nsfocus.com All Rights Reserved . 京公网安备 11010802021605号 京ICP备14004349号 京ICP证110355号 |