【漏洞详情】
微软于本周二发布了2020年01月安全补丁,共修复安全漏洞49个,其中严重漏洞8个,涉及 Windows Kernel、Internet Explorer等产品,成功利用此类漏洞可导致远程任意代码执行攻击,请受影响的用户综合评估漏洞风险,并选择升级相关补丁。
序号 |
CVE编号 |
CVE标题 |
严重程度 |
1 |
CVE-2020-0603 |
ASP.NET Core Remote Code Execution Vulnerability |
Critical |
2 |
CVE-2020-0605 |
.NET Framework Remote Code Execution Vulnerability |
Critical |
3 |
CVE-2020-0606 |
.NET Framework Remote Code Execution Injection Vulnerability |
Critical |
4 |
CVE-2020-0609 |
Windows RDP Gateway Server Remote Code Execution Vulnerability |
Critical |
5 |
CVE-2020-0610 |
Windows RDP Gateway Server Remote Code Execution Vulnerability |
Critical |
6 |
CVE-2020-0611 |
Remote Desktop Client Remote Code Execution Vulnerability |
Critical |
7 |
CVE-2020-0640 |
Internet Explorer Memory Corruption Vulnerability |
Critical |
8 |
CVE-2020-0646 |
.NET Framework Remote Code Execution Injection Vulnerability |
Critical |
9 |
CVE-2020-0601 |
Windows CryptoAPI Spoofing Vulnerability |
Important |
10 |
CVE-2020-0602 |
ASP.NET Core Denial of Service Vulnerability |
Important |
11 |
CVE-2020-0607 |
Microsoft Graphics Components Information Disclosure Vulnerability |
Important |
12 |
CVE-2020-0608 |
Win32k Information Disclosure Vulnerability |
Important |
13 |
CVE-2020-0612 |
Windows Remote Desktop Protocol (RDP) Gateway Server Denial of Service Vulnerability |
Important |
14 |
CVE-2020-0613 |
Windows Search Indexer Elevation of Privilege Vulnerability |
Important |
15 |
CVE-2020-0614 |
Windows Search Indexer Elevation of Privilege Vulnerability |
Important |
16 |
CVE-2020-0615 |
Windows Common Log File System Driver Information Disclosure Vulnerability |
Important |
17 |
CVE-2020-0616 |
Microsoft Windows Denial of Service Vulnerability |
Important |
18 |
CVE-2020-0617 |
Hyper-V Denial of Service Vulnerability |
Important |
19 |
CVE-2020-0620 |
Microsoft Cryptographic Services Elevation of Privilege Vulnerability |
Important |
20 |
CVE-2020-0621 |
Windows Security Feature Bypass Vulnerability |
Important |
21 |
CVE-2020-0622 |
Microsoft Graphics Component Information Disclosure Vulnerability |
Important |
22 |
CVE-2020-0623 |
Windows Search Indexer Elevation of Privilege Vulnerability |
Important |
23 |
CVE-2020-0624 |
Win32k Elevation of Privilege Vulnerability |
Important |
24 |
CVE-2020-0625 |
Windows Search Indexer Elevation of Privilege Vulnerability |
Important |
25 |
CVE-2020-0626 |
Windows Search Indexer Elevation of Privilege Vulnerability |
Important |
26 |
CVE-2020-0627 |
Windows Search Indexer Elevation of Privilege Vulnerability |
Important |
27 |
CVE-2020-0628 |
Windows Search Indexer Elevation of Privilege Vulnerability |
Important |
28 |
CVE-2020-0629 |
Windows Search Indexer Elevation of Privilege Vulnerability |
Important |
29 |
CVE-2020-0630 |
Windows Search Indexer Elevation of Privilege Vulnerability |
Important |
30 |
CVE-2020-0631 |
Windows Search Indexer Elevation of Privilege Vulnerability |
Important |
31 |
CVE-2020-0632 |
Windows Search Indexer Elevation of Privilege Vulnerability |
Important |
32 |
CVE-2020-0633 |
Windows Search Indexer Elevation of Privilege Vulnerability |
Important |
33 |
CVE-2020-0634 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Important |
34 |
CVE-2020-0635 |
Windows Elevation of Privilege Vulnerability |
Important |
35 |
CVE-2020-0636 |
Windows Subsystem for Linux Elevation of Privilege Vulnerability |
Important |
36 |
CVE-2020-0637 |
Remote Desktop Web Access Information Disclosure Vulnerability |
Important |
37 |
CVE-2020-0638 |
Update Notification Manager Elevation of Privilege Vulnerability |
Important |
38 |
CVE-2020-0639 |
Windows Common Log File System Driver Information Disclosure Vulnerability |
Important |
39 |
CVE-2020-0641 |
Microsoft Windows Elevation of Privilege Vulnerability |
Important |
40 |
CVE-2020-0642 |
Win32k Elevation of Privilege Vulnerability |
Important |
41 |
CVE-2020-0643 |
Windows GDI+ Information Disclosure Vulnerability |
Important |
42 |
CVE-2020-0644 |
Windows Elevation of Privilege Vulnerability |
Important |
43 |
CVE-2020-0647 |
Microsoft Office Online Spoofing Vulnerability |
Important |
44 |
CVE-2020-0650 |
Microsoft Excel Remote Code Execution Vulnerability |
Important |
45 |
CVE-2020-0651 |
Microsoft Excel Remote Code Execution Vulnerability |
Important |
46 |
CVE-2020-0652 |
Microsoft Office Memory Corruption Vulnerability |
Important |
47 |
CVE-2020-0653 |
Microsoft Excel Remote Code Execution Vulnerability |
Important |
48 |
CVE-2020-0654 |
Microsoft OneDrive for Android Security Feature Bypass Vulnerability |
Important |
49 |
CVE-2020-0656 |
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
Important |
【风险评级】
高危
【影响范围】
Microsoft Windows及相关产品
【修复建议】
建议用户关注并依据实际业务评估漏洞风险影响,选择更新相关产品补丁,以提高系统安全性;
修复方法:打开 Windows Update 更新功能,点击“检查更新”按钮,依据业务需求下载安装相关安全补丁,安装完毕后重启系统,并检查系统运行情况。
【参考链接】
https://portal.msrc.microsoft.com/en-us/security-guidance
特别提醒:修复漏洞前请进行充分测试,并务必做好数据备份和快照,防止出现意外。
平安云
2020年1月15日