最热产品
最新产品
推荐服务
计算
备份
网络和CDN
存储
数据库
安全
大数据计算
大数据搜索与分析
大数据应用
大数据解决方案
域名与网站
物联网
通讯
办公
智能管理
汽车服务
管理与监控
IT管理
互联网中间件
企业服务解决方案
混合云解决方案
大数据解决方案
AI解决方案
私有云解决方案
安全解决方案
金融解决方案
智慧城市解决方案
医疗解决方案
【漏洞详情】
微软于本周二发布了2020年02月安全补丁,共修复安全漏洞99个,其中严重漏洞12个,涉及Windows、IE脚本引擎、ChakraCore 脚本引擎、RDP Client、LNK以及Media Foundation等产品,其中CVE-2020-0674 已被发现用于在野攻击,CVE-2020-0683 在互联网已有公开PoC,成功利用此类漏洞可导致远程任意代码执行攻击,请受影响的用户综合评估漏洞风险,并选择升级相关补丁。
|
序号 |
CVE编号 |
CVE标题 |
严重程度 |
|
1 |
CVE-2020-0674 |
Scripting Engine Memory Corruption Vulnerability |
Critical |
|
2 |
CVE-2020-0729 |
LNK Remote Code Execution Vulnerability |
Critical |
|
3 |
CVE-2020-0738 |
Media Foundation Memory Corruption Vulnerability |
Critical |
|
4 |
CVE-2020-0681 |
Remote Desktop Client Remote Code Execution Vulnerability |
Critical |
|
5 |
CVE-2020-0734 |
Remote Desktop Client Remote Code Execution Vulnerability |
Critical |
|
6 |
CVE-2020-0673 |
Scripting Engine Memory Corruption Vulnerability |
Critical |
|
7 |
CVE-2020-0767 |
Scripting Engine Memory Corruption Vulnerability |
Critical |
|
8 |
CVE-2020-0710 |
Scripting Engine Memory Corruption Vulnerability |
Critical |
|
9 |
CVE-2020-0712 |
Scripting Engine Memory Corruption Vulnerability |
Critical |
|
10 |
CVE-2020-0713 |
Scripting Engine Memory Corruption Vulnerability |
Critical |
|
11 |
CVE-2020-0711 |
Scripting Engine Memory Corruption Vulnerability |
Critical |
|
12 |
CVE-2020-0662 |
Windows Remote Code Execution Vulnerability |
Critical |
|
13 |
CVE-2020-0683 |
Windows Installer Elevation of Privilege Vulnerability |
Important |
|
14 |
CVE-2020-0686 |
Windows Installer Elevation of Privilege Vulnerability |
Important |
|
15 |
CVE-2020-0706 |
Microsoft Browser Information Disclosure Vulnerability |
Important |
|
16 |
CVE-2020-0689 |
Microsoft Secure Boot Security Feature Bypass Vulnerability |
Important |
|
17 |
CVE-2020-0757 |
Windows SSH Elevation of Privilege Vulnerability |
Important |
|
18 |
CVE-2020-0661 |
Windows Hyper-V Denial of Service Vulnerability |
Important |
|
19 |
CVE-2020-0751 |
Windows Hyper-V Denial of Service Vulnerability |
Important |
|
20 |
CVE-2020-0660 |
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability |
Important |
|
21 |
CVE-2020-0665 |
Active Directory Elevation of Privilege Vulnerability |
Important |
|
22 |
CVE-2020-0740 |
Connected Devices Platform Service Elevation of Privilege Vulnerability |
Important |
|
23 |
CVE-2020-0741 |
Connected Devices Platform Service Elevation of Privilege Vulnerability |
Important |
|
24 |
CVE-2020-0742 |
Connected Devices Platform Service Elevation of Privilege Vulnerability |
Important |
|
25 |
CVE-2020-0743 |
Connected Devices Platform Service Elevation of Privilege Vulnerability |
Important |
|
26 |
CVE-2020-0749 |
Connected Devices Platform Service Elevation of Privilege Vulnerability |
Important |
|
27 |
CVE-2020-0750 |
Connected Devices Platform Service Elevation of Privilege Vulnerability |
Important |
|
28 |
CVE-2020-0727 |
Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability |
Important |
|
29 |
CVE-2020-0709 |
DirectX Elevation of Privilege Vulnerability |
Important |
|
30 |
CVE-2020-0732 |
DirectX Elevation of Privilege Vulnerability |
Important |
|
31 |
CVE-2020-0663 |
Microsoft Edge Elevation of Privilege Vulnerability |
Important |
|
32 |
CVE-2020-0692 |
Microsoft Exchange Server Elevation of Privilege Vulnerability |
Important |
|
33 |
CVE-2020-0720 |
Win32k Elevation of Privilege Vulnerability |
Important |
|
34 |
CVE-2020-0721 |
Win32k Elevation of Privilege Vulnerability |
Important |
|
35 |
CVE-2020-0722 |
Win32k Elevation of Privilege Vulnerability |
Important |
|
36 |
CVE-2020-0723 |
Win32k Elevation of Privilege Vulnerability |
Important |
|
37 |
CVE-2020-0725 |
Win32k Elevation of Privilege Vulnerability |
Important |
|
38 |
CVE-2020-0726 |
Win32k Elevation of Privilege Vulnerability |
Important |
|
39 |
CVE-2020-0731 |
Win32k Elevation of Privilege Vulnerability |
Important |
|
40 |
CVE-2020-0719 |
Win32k Elevation of Privilege Vulnerability |
Important |
|
41 |
CVE-2020-0724 |
Win32k Elevation of Privilege Vulnerability |
Important |
|
42 |
CVE-2020-0691 |
Win32k Elevation of Privilege Vulnerability |
Important |
|
43 |
CVE-2020-0703 |
Windows Backup Service Elevation of Privilege Vulnerability |
Important |
|
44 |
CVE-2020-0701 |
Windows Client License Service Elevation of Privilege Vulnerability |
Important |
|
45 |
CVE-2020-0685 |
Windows COM Server Elevation of Privilege Vulnerability |
Important |
|
46 |
CVE-2020-0657 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Important |
|
47 |
CVE-2020-0747 |
Windows Data Sharing Service Elevation of Privilege Vulnerability |
Important |
|
48 |
CVE-2020-0659 |
Windows Data Sharing Service Elevation of Privilege Vulnerability |
Important |
|
49 |
CVE-2020-0737 |
Windows Elevation of Privilege Vulnerability |
Important |
|
50 |
CVE-2020-0739 |
Windows Elevation of Privilege Vulnerability |
Important |
|
51 |
CVE-2020-0753 |
Windows Error Reporting Elevation of Privilege Vulnerability |
Important |
|
52 |
CVE-2020-0754 |
Windows Error Reporting Elevation of Privilege Vulnerability |
Important |
|
53 |
CVE-2020-0678 |
Windows Error Reporting Manager Elevation of Privilege Vulnerability |
Important |
|
54 |
CVE-2020-0679 |
Windows Function Discovery Service Elevation of Privilege Vulnerability |
Important |
|
55 |
CVE-2020-0680 |
Windows Function Discovery Service Elevation of Privilege Vulnerability |
Important |
|
56 |
CVE-2020-0682 |
Windows Function Discovery Service Elevation of Privilege Vulnerability |
Important |
|
57 |
CVE-2020-0792 |
Windows Graphics Component Elevation of Privilege Vulnerability |
Important |
|
58 |
CVE-2020-0745 |
Windows Graphics Component Elevation of Privilege Vulnerability |
Important |
|
59 |
CVE-2020-0715 |
Windows Graphics Component Elevation of Privilege Vulnerability |
Important |
|
60 |
CVE-2020-0707 |
Windows IME Elevation of Privilege Vulnerability |
Important |
|
61 |
CVE-2020-0668 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
|
62 |
CVE-2020-0669 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
|
63 |
CVE-2020-0670 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
|
64 |
CVE-2020-0671 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
|
65 |
CVE-2020-0672 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
|
66 |
CVE-2020-0733 |
Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability |
Important |
|
67 |
CVE-2020-0666 |
Windows Search Indexer Elevation of Privilege Vulnerability |
Important |
|
68 |
CVE-2020-0667 |
Windows Search Indexer Elevation of Privilege Vulnerability |
Important |
|
69 |
CVE-2020-0735 |
Windows Search Indexer Elevation of Privilege Vulnerability |
Important |
|
70 |
CVE-2020-0752 |
Windows Search Indexer Elevation of Privilege Vulnerability |
Important |
|
71 |
CVE-2020-0730 |
Windows User Profile Service Elevation of Privilege Vulnerability |
Important |
|
72 |
CVE-2020-0704 |
Windows Wireless Network Manager Elevation of Privilege Vulnerability |
Important |
|
73 |
CVE-2020-0714 |
DirectX Information Disclosure Vulnerability |
Important |
|
74 |
CVE-2020-0746 |
Microsoft Graphics Components Information Disclosure Vulnerability |
Important |
|
75 |
CVE-2020-0717 |
Win32k Information Disclosure Vulnerability |
Important |
|
76 |
CVE-2020-0716 |
Win32k Information Disclosure Vulnerability |
Important |
|
77 |
CVE-2020-0658 |
Windows Common Log File System Driver Information Disclosure Vulnerability |
Important |
|
78 |
CVE-2020-0744 |
Windows GDI Information Disclosure Vulnerability |
Important |
|
79 |
CVE-2020-0698 |
Windows Information Disclosure Vulnerability |
Important |
|
80 |
CVE-2020-0736 |
Windows Kernel Information Disclosure Vulnerability |
Important |
|
81 |
CVE-2020-0675 |
Windows Key Isolation Service Information Disclosure Vulnerability |
Important |
|
82 |
CVE-2020-0676 |
Windows Key Isolation Service Information Disclosure Vulnerability |
Important |
|
83 |
CVE-2020-0677 |
Windows Key Isolation Service Information Disclosure Vulnerability |
Important |
|
84 |
CVE-2020-0748 |
Windows Key Isolation Service Information Disclosure Vulnerability |
Important |
|
85 |
CVE-2020-0755 |
Windows Key Isolation Service Information Disclosure Vulnerability |
Important |
|
86 |
CVE-2020-0756 |
Windows Key Isolation Service Information Disclosure Vulnerability |
Important |
|
87 |
CVE-2020-0728 |
Windows Modules Installer Service Information Disclosure Vulnerability |
Important |
|
88 |
CVE-2020-0705 |
Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability |
Important |
|
89 |
CVE-2020-0759 |
Microsoft Excel Remote Code Execution Vulnerability |
Important |
|
90 |
CVE-2020-0688 |
Microsoft Exchange Memory Corruption Vulnerability |
Important |
|
91 |
CVE-2020-0618 |
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability |
Important |
|
92 |
CVE-2020-0655 |
Remote Desktop Services Remote Code Execution Vulnerability |
Important |
|
93 |
CVE-2020-0708 |
Windows Imaging Library Remote Code Execution Vulnerability |
Important |
|
94 |
CVE-2020-0696 |
Microsoft Outlook Security Feature Bypass Vulnerability |
Important |
|
95 |
CVE-2020-0702 |
Surface Hub Security Feature Bypass Vulnerability |
Important |
|
96 |
CVE-2020-0695 |
Microsoft Office Online Server Spoofing Vulnerability |
Important |
|
97 |
CVE-2020-0697 |
Microsoft Office Tampering Vulnerability |
Important |
|
98 |
CVE-2020-0693 |
Microsoft Office SharePoint XSS Vulnerability |
Important |
|
99 |
CVE-2020-0694 |
Microsoft Office SharePoint XSS Vulnerability |
Important |
【风险评级】
高危
【影响范围】
Microsoft Windows及相关产品
【修复建议】
建议用户关注并依据实际业务评估漏洞风险影响,选择更新相关产品补丁,以提高系统安全性;
修复方法:打开 Windows Update 更新功能,点击“检查更新”按钮,依据业务需求下载安装相关安全补丁,安装完毕后重启系统,并检查系统运行情况。
【参考链接】
https://portal.msrc.microsoft.com/en-us/security-guidance
特别提醒:修复漏洞前请进行充分测试,并务必做好数据备份和快照,防止出现意外。
平安云
2020年2月12日
