最热产品
最新产品
推荐服务
计算
备份
网络和CDN
存储
数据库
安全
大数据计算
大数据搜索与分析
大数据应用
大数据解决方案
域名与网站
物联网
通讯
办公
智能管理
汽车服务
管理与监控
IT管理
互联网中间件
企业服务解决方案
混合云解决方案
大数据解决方案
AI解决方案
私有云解决方案
安全解决方案
金融解决方案
智慧城市解决方案
医疗解决方案
【漏洞详情】
微软已发布2019年01月安全补丁,修复了49安全漏洞,其中7个远程代码执行重大漏洞( CVE-2019-0539、CVE-2019-0567、CVE-2019-0568,CVE-2019-0547、CVE-2019-0550、CVE-2019-0551、CVE-2019-0565),修复的漏洞详细列表如下,请用户根据自身业务情况安排补丁升级:
|
序号 |
CVE编号 |
CVE标题 |
严重程度 |
|
1 |
CVE-2019-0579 |
Jet Database Engine Remote Code Execution Vulnerability |
Important |
|
2 |
CVE-2019-0539 |
Chakra Scripting Engine Memory Corruption Vulnerability |
Critical |
|
3 |
CVE-2019-0568 |
Chakra Scripting Engine Memory Corruption Vulnerability |
Critical |
|
4 |
CVE-2019-0567 |
Chakra Scripting Engine Memory Corruption Vulnerability |
Critical |
|
5 |
CVE-2019-0565 |
Microsoft Edge Memory Corruption Vulnerability |
Critical |
|
6 |
CVE-2019-0547 |
Windows DHCP Client Remote Code Execution Vulnerability |
Critical |
|
7 |
CVE-2019-0550 |
Windows Hyper-V Remote Code Execution Vulnerability |
Critical |
|
8 |
CVE-2019-0551 |
Windows Hyper-V Remote Code Execution Vulnerability |
Critical |
|
9 |
CVE-2019-0564 |
ASP.NET Core Denial of Service Vulnerability |
Important |
|
10 |
CVE-2019-0548 |
ASP.NET Core Denial of Service Vulnerability |
Important |
|
11 |
CVE-2019-0566 |
Microsoft Edge Elevation of Privilege Vulnerability |
Important |
|
12 |
CVE-2019-0562 |
Microsoft SharePoint Elevation of Privilege Vulnerability |
Important |
|
13 |
CVE-2019-0543 |
Microsoft Windows Elevation of Privilege Vulnerability |
Important |
|
14 |
CVE-2019-0555 |
Microsoft XmlDocument Elevation of Privilege Vulnerability |
Important |
|
15 |
CVE-2019-0552 |
Windows COM Elevation of Privilege Vulnerability |
Important |
|
16 |
CVE-2019-0571 |
Windows Data Sharing Service Elevation of Privilege Vulnerability |
Important |
|
17 |
CVE-2019-0572 |
Windows Data Sharing Service Elevation of Privilege Vulnerability |
Important |
|
18 |
CVE-2019-0573 |
Windows Data Sharing Service Elevation of Privilege Vulnerability |
Important |
|
19 |
CVE-2019-0574 |
Windows Data Sharing Service Elevation of Privilege Vulnerability |
Important |
|
20 |
CVE-2019-0570 |
Windows Runtime Elevation of Privilege Vulnerability |
Important |
|
21 |
CVE-2019-0545 |
ASP.NET Information Disclosure Vulnerability |
Important |
|
22 |
CVE-2019-0560 |
Microsoft Office Information Disclosure Vulnerability |
Important |
|
23 |
CVE-2019-0559 |
Microsoft Outlook Information Disclosure Vulnerability |
Important |
|
24 |
CVE-2019-0537 |
Microsoft Visual Studio Information Disclosure Vulnerability |
Important |
|
25 |
CVE-2019-0561 |
Microsoft Word Information Disclosure Vulnerability |
Important |
|
26 |
CVE-2019-0536 |
Windows Kernel Information Disclosure Vulnerability |
Important |
|
27 |
CVE-2019-0549 |
Windows Kernel Information Disclosure Vulnerability |
Important |
|
28 |
CVE-2019-0554 |
Windows Kernel Information Disclosure Vulnerability |
Important |
|
29 |
CVE-2019-0569 |
Windows Kernel Information Disclosure Vulnerability |
Important |
|
30 |
CVE-2019-0553 |
Windows Subsystem for Linux Information Disclosure Vulnerability |
Important |
|
31 |
CVE-2019-0541 |
Internet Explorer Remote Code Execution Vulnerability |
Important |
|
32 |
CVE-2019-0538 |
Jet Database Engine Remote Code Execution Vulnerability |
Important |
|
33 |
CVE-2019-0575 |
Jet Database Engine Remote Code Execution Vulnerability |
Important |
|
34 |
CVE-2019-0576 |
Jet Database Engine Remote Code Execution Vulnerability |
Important |
|
35 |
CVE-2019-0577 |
Jet Database Engine Remote Code Execution Vulnerability |
Important |
|
36 |
CVE-2019-0578 |
Jet Database Engine Remote Code Execution Vulnerability |
Important |
|
37 |
CVE-2019-0580 |
Jet Database Engine Remote Code Execution Vulnerability |
Important |
|
38 |
CVE-2019-0581 |
Jet Database Engine Remote Code Execution Vulnerability |
Important |
|
39 |
CVE-2019-0582 |
Jet Database Engine Remote Code Execution Vulnerability |
Important |
|
40 |
CVE-2019-0583 |
Jet Database Engine Remote Code Execution Vulnerability |
Important |
|
41 |
CVE-2019-0584 |
Jet Database Engine Remote Code Execution Vulnerability |
Important |
|
42 |
CVE-2019-0588 |
Microsoft Exchange Information Disclosure Vulnerability |
Important |
|
43 |
CVE-2019-0586 |
Microsoft Exchange Memory Corruption Vulnerability |
Important |
|
44 |
CVE-2019-0585 |
Microsoft Word Remote Code Execution Vulnerability |
Important |
|
45 |
CVE-2019-0556 |
Microsoft Office SharePoint XSS Vulnerability |
Important |
|
46 |
CVE-2019-0557 |
Microsoft Office SharePoint XSS Vulnerability |
Important |
|
47 |
CVE-2019-0558 |
Microsoft Office SharePoint XSS Vulnerability |
Important |
|
48 |
CVE-2019-0622 |
Skype for Android Elevation of Privilege Vulnerability |
Moderate |
|
49 |
CVE-2019-0546 |
Visual Studio Remote Code Execution Vulnerability |
Moderate |
【风险评级】
高危
【影响范围】
1 月安全发布的漏洞及补丁涉及如下产品:
l Internet Explorer
l Microsoft Edge
l Microsoft Windows
l Microsoft Office、Microsoft Office Services 和 Web 应用
l SQL Server
l ChakraCore
l .NET Framework
l .NET Core
l ASP.NET Core
l Adobe Flas
【修复建议】
1、建议用户关注并依据业务需求场景评估实际漏洞风险,选择更新最新补丁,以提高系统安全性;
2、修复方法:Windows Update功能,点击“检查更新”按钮,依据业务情况下载安装相关安全补丁,安装完毕后重启服务器,并检查系统运行情况。
【参考链接】
https://support.microsoft.com/en-us/help/20190108/security-update-deployment-information
特别提醒:修复漏洞前请进行充分测试,并务必做好数据备份和快照,防止出现意外。
平安云
2018-1-10
