【漏洞情报】微软2020年01月补丁情报

【漏洞详情】

微软于本周二发布了2020年01月安全补丁,共修复安全漏洞49个,其中严重漏洞8个,涉及 Windows Kernel、Internet Explorer等产品,成功利用此类漏洞可导致远程任意代码执行攻击,请受影响的用户综合评估漏洞风险,并选择升级相关补丁。

序号

CVE编号

CVE标题

严重程度

1

CVE-2020-0603

ASP.NET Core Remote Code Execution Vulnerability

Critical

2

CVE-2020-0605

.NET Framework Remote Code Execution Vulnerability

Critical

3

CVE-2020-0606

.NET Framework Remote Code Execution Injection Vulnerability

Critical

4

CVE-2020-0609

Windows RDP Gateway Server Remote Code Execution Vulnerability

Critical

5

CVE-2020-0610

Windows RDP Gateway Server Remote Code Execution Vulnerability

Critical

6

CVE-2020-0611

Remote Desktop Client Remote Code Execution Vulnerability

Critical

7

CVE-2020-0640

Internet Explorer Memory Corruption Vulnerability

Critical

8

CVE-2020-0646

.NET Framework Remote Code Execution Injection Vulnerability

Critical

9

CVE-2020-0601

Windows CryptoAPI Spoofing Vulnerability

Important

10

CVE-2020-0602

ASP.NET Core Denial of Service Vulnerability

Important

11

CVE-2020-0607

Microsoft Graphics Components Information Disclosure Vulnerability

Important

12

CVE-2020-0608

Win32k Information Disclosure Vulnerability

Important

13

CVE-2020-0612

Windows Remote Desktop Protocol (RDP) Gateway Server Denial of Service Vulnerability

Important

14

CVE-2020-0613

Windows Search Indexer Elevation of Privilege Vulnerability

Important

15

CVE-2020-0614

Windows Search Indexer Elevation of Privilege Vulnerability

Important

16

CVE-2020-0615

Windows Common Log File System Driver Information Disclosure Vulnerability

Important

17

CVE-2020-0616

Microsoft Windows Denial of Service Vulnerability

Important

18

CVE-2020-0617

Hyper-V Denial of Service Vulnerability

Important

19

CVE-2020-0620

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Important

20

CVE-2020-0621

Windows Security Feature Bypass Vulnerability

Important

21

CVE-2020-0622

Microsoft Graphics Component Information Disclosure Vulnerability

Important

22

CVE-2020-0623

Windows Search Indexer Elevation of Privilege Vulnerability

Important

23

CVE-2020-0624

Win32k Elevation of Privilege Vulnerability

Important

24

CVE-2020-0625

Windows Search Indexer Elevation of Privilege Vulnerability

Important

25

CVE-2020-0626

Windows Search Indexer Elevation of Privilege Vulnerability

Important

26

CVE-2020-0627

Windows Search Indexer Elevation of Privilege Vulnerability

Important

27

CVE-2020-0628

Windows Search Indexer Elevation of Privilege Vulnerability

Important

28

CVE-2020-0629

Windows Search Indexer Elevation of Privilege Vulnerability

Important

29

CVE-2020-0630

Windows Search Indexer Elevation of Privilege Vulnerability

Important

30

CVE-2020-0631

Windows Search Indexer Elevation of Privilege Vulnerability

Important

31

CVE-2020-0632

Windows Search Indexer Elevation of Privilege Vulnerability

Important

32

CVE-2020-0633

Windows Search Indexer Elevation of Privilege Vulnerability

Important

33

CVE-2020-0634

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Important

34

CVE-2020-0635

Windows Elevation of Privilege Vulnerability

Important

35

CVE-2020-0636

Windows Subsystem for Linux Elevation of Privilege Vulnerability

Important

36

CVE-2020-0637

Remote Desktop Web Access Information Disclosure Vulnerability

Important

37

CVE-2020-0638

Update Notification Manager Elevation of Privilege Vulnerability

Important

38

CVE-2020-0639

Windows Common Log File System Driver Information Disclosure Vulnerability

Important

39

CVE-2020-0641

Microsoft Windows Elevation of Privilege Vulnerability

Important

40

CVE-2020-0642

Win32k Elevation of Privilege Vulnerability

Important

41

CVE-2020-0643

Windows GDI+ Information Disclosure Vulnerability

Important

42

CVE-2020-0644

Windows Elevation of Privilege Vulnerability

Important

43

CVE-2020-0647

Microsoft Office Online Spoofing Vulnerability

Important

44

CVE-2020-0650

Microsoft Excel Remote Code Execution Vulnerability

Important

45

CVE-2020-0651

Microsoft Excel Remote Code Execution Vulnerability

Important

46

CVE-2020-0652

Microsoft Office Memory Corruption Vulnerability

Important

47

CVE-2020-0653

Microsoft Excel Remote Code Execution Vulnerability

Important

48

CVE-2020-0654

Microsoft OneDrive for Android Security Feature Bypass Vulnerability

Important

49

CVE-2020-0656

Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability

Important

【风险评级】

高危

【影响范围】

Microsoft Windows及相关产品

【修复建议】

建议用户关注并依据实际业务评估漏洞风险影响,选择更新相关产品补丁,以提高系统安全性;

修复方法:打开 Windows Update 更新功能,点击“检查更新”按钮,依据业务需求下载安装相关安全补丁,安装完毕后重启系统,并检查系统运行情况。

【参考链接】

https://portal.msrc.microsoft.com/en-us/security-guidance

特别提醒:修复漏洞前请进行充分测试,并务必做好数据备份和快照,防止出现意外。

平安云

2020年1月15日

咨询·建议

电话咨询

400-151-8800

邮件咨询

cloud@pingan.com

在线客服

工单支持

解决云产品相关技术问题