最热产品
最新产品
推荐服务
计算
备份
网络和CDN
存储
数据库
安全
大数据计算
大数据搜索与分析
大数据应用
大数据解决方案
域名与网站
物联网
通讯
办公
智能管理
汽车服务
管理与监控
IT管理
互联网中间件
企业服务解决方案
混合云解决方案
大数据解决方案
AI解决方案
私有云解决方案
安全解决方案
金融解决方案
智慧城市解决方案
医疗解决方案
【漏洞详情】
微软已发布2019年03月安全补丁,修复了Active Directory、Adobe Flash Player、Azure等产品中的68个安全漏洞,修复的漏洞详细列表如下,请用户根据自身业务实际安全影响安排补丁升级:
|
序号 |
产品 |
CVE 编号 |
CVE 标题 |
严重程度 |
|
1 |
Active Directory |
CVE-2019-0683 |
Active Directory 特权提升漏洞 |
Important |
|
2 |
Adobe Flash Player |
ADV190008 |
March 2019 Adobe Flash 安全更新 |
Low |
|
3 |
Azure |
CVE-2019-0816 |
Azure SSH Keypairs 安全功能绕过漏洞 |
Moderate |
|
4 |
Internet Explorer |
CVE-2019-0761 |
Internet Explorer 安全功能绕过漏洞 |
Low |
|
5 |
Internet Explorer |
CVE-2019-0763 |
Internet Explorer 内存破坏漏洞 |
Moderate |
|
6 |
Internet Explorer |
CVE-2019-0768 |
Internet Explorer 安全功能绕过漏洞 |
Important |
|
7 |
Microsoft Browsers |
CVE-2019-0762 |
Microsoft Browsers 安全功能绕过漏洞 |
Low |
|
8 |
Microsoft Browsers |
CVE-2019-0780 |
Microsoft Browser 内存破坏漏洞 |
Important |
|
9 |
Microsoft Edge |
CVE-2019-0612 |
Microsoft Edge 安全功能绕过漏洞 |
Important |
|
10 |
Microsoft Edge |
CVE-2019-0678 |
Microsoft Edge 特权提升漏洞 |
Important |
|
11 |
Microsoft Edge |
CVE-2019-0779 |
Microsoft Edge 内存破坏漏洞 |
Important |
|
12 |
Microsoft Graphics Component |
CVE-2019-0774 |
Windows GDI 信息泄露漏洞 |
Important |
|
13 |
Microsoft Graphics Component |
CVE-2019-0797 |
Win32k 特权提升漏洞 |
Important |
|
14 |
Microsoft Graphics Component |
CVE-2019-0808 |
Win32k 特权提升漏洞 |
Important |
|
15 |
Microsoft Graphics Component |
CVE-2019-0614 |
Windows GDI 信息泄露漏洞 |
Important |
|
16 |
Microsoft JET Database Engine |
CVE-2019-0617 |
Jet Database Engine 远程代码执行漏洞 |
Important |
|
17 |
Microsoft Office |
CVE-2019-0748 |
Microsoft Office Access Connectivity Engine 远程代码执行漏洞 |
Important |
|
18 |
Microsoft Office SharePoint |
CVE-2019-0778 |
Microsoft Office SharePoint XSS Vulnerability |
Important |
|
19 |
Microsoft Scripting Engine |
CVE-2019-0609 |
Scripting Engine 内存破坏漏洞 |
Critical |
|
20 |
Microsoft Scripting Engine |
CVE-2019-0611 |
Chakra Scripting Engine 内存破坏漏洞 |
Low |
|
21 |
Microsoft Scripting Engine |
CVE-2019-0639 |
Scripting Engine 内存破坏漏洞 |
Moderate |
|
22 |
Microsoft Scripting Engine |
CVE-2019-0746 |
Chakra Scripting Engine 内存破坏漏洞 |
Important |
|
23 |
Microsoft Scripting Engine |
CVE-2019-0769 |
Scripting Engine 内存破坏漏洞 |
Critical |
|
24 |
Microsoft Scripting Engine |
CVE-2019-0770 |
Scripting Engine 内存破坏漏洞 |
Critical |
|
25 |
Microsoft Scripting Engine |
CVE-2019-0771 |
Scripting Engine 内存破坏漏洞 |
Critical |
|
26 |
Microsoft Scripting Engine |
CVE-2019-0772 |
Windows VBScript Engine 远程代码执行漏洞 |
Important |
|
27 |
Microsoft Scripting Engine |
CVE-2019-0773 |
Scripting Engine 内存破坏漏洞 |
Critical |
|
28 |
Microsoft Scripting Engine |
CVE-2019-0783 |
Scripting Engine 内存破坏漏洞 |
Important |
|
29 |
Microsoft Scripting Engine |
CVE-2019-0592 |
Chakra Scripting Engine 内存破坏漏洞 |
Critical |
|
30 |
Microsoft Scripting Engine |
CVE-2019-0665 |
Windows VBScript Engine 远程代码执行漏洞 |
Important |
|
31 |
Microsoft Scripting Engine |
CVE-2019-0666 |
Windows VBScript Engine 远程代码执行漏洞 |
Critical |
|
32 |
Microsoft Scripting Engine |
CVE-2019-0667 |
Windows VBScript Engine 远程代码执行漏洞 |
Critical |
|
33 |
Microsoft Scripting Engine |
CVE-2019-0680 |
Scripting Engine 内存破坏漏洞 |
Critical |
|
34 |
Microsoft Windows |
CVE-2019-0754 |
Windows 拒绝服务漏洞 |
Important |
|
35 |
Microsoft Windows |
CVE-2019-0765 |
Comctl32 远程代码执行漏洞 |
Important |
|
36 |
Microsoft Windows |
CVE-2019-0766 |
Microsoft Windows 特权提升漏洞 |
Important |
|
37 |
Microsoft Windows |
CVE-2019-0784 |
Windows ActiveX 远程代码执行漏洞 |
Critical |
|
38 |
Microsoft Windows |
ADV190009 |
SHA-2 Code Sign Support Advisory |
Unknown |
|
39 |
Microsoft Windows |
ADV190010 |
Best Practices Regarding Sharing of a Single User Account Across Multiple Users |
Unknown |
|
40 |
Microsoft Windows |
CVE-2019-0603 |
Windows Deployment Services TFTP Server 远程代码执行漏洞 |
Critical |
|
41 |
Microsoft XML |
CVE-2019-0756 |
MS XML 远程代码执行漏洞 |
Critical |
|
42 |
NuGet |
CVE-2019-0757 |
NuGet Package Manager Tampering Vulnerability |
Important |
|
43 |
Servicing Stack Updates |
ADV990001 |
Latest Servicing Stack Updates |
Critical |
|
44 |
Skype for Business |
CVE-2019-0798 |
Skype for Business and Lync 欺骗漏洞 |
Important |
|
45 |
Team Foundation Server |
CVE-2019-0777 |
Team Foundation Server Cross-site Scripting Vulnerability |
Low |
|
46 |
Visual Studio |
CVE-2019-0809 |
Visual Studio 远程代码执行漏洞 |
Important |
|
47 |
Windows DHCP Client |
CVE-2019-0697 |
Windows DHCP Client 远程代码执行漏洞 |
Critical |
|
48 |
Windows DHCP Client |
CVE-2019-0698 |
Windows DHCP Client 远程代码执行漏洞 |
Critical |
|
49 |
Windows DHCP Client |
CVE-2019-0726 |
Windows DHCP Client 远程代码执行漏洞 |
Critical |
|
50 |
Windows Hyper-V |
CVE-2019-0690 |
Windows Hyper-V 拒绝服务漏洞 |
Important |
|
51 |
Windows Hyper-V |
CVE-2019-0695 |
Windows Hyper-V 拒绝服务漏洞 |
Important |
|
52 |
Windows Hyper-V |
CVE-2019-0701 |
Windows Hyper-V 拒绝服务漏洞 |
Important |
|
53 |
Windows Kernel |
CVE-2019-0755 |
Windows Kernel 信息泄露漏洞 |
Important |
|
54 |
Windows Kernel |
CVE-2019-0767 |
Windows Kernel 信息泄露漏洞 |
Important |
|
55 |
Windows Kernel |
CVE-2019-0775 |
Windows Kernel 信息泄露漏洞 |
Important |
|
56 |
Windows Kernel |
CVE-2019-0782 |
Windows Kernel 信息泄露漏洞 |
Important |
|
57 |
Windows Kernel |
CVE-2019-0696 |
Windows Kernel 特权提升漏洞 |
Important |
|
58 |
Windows Kernel |
CVE-2019-0702 |
Windows Kernel 信息泄露漏洞 |
Important |
|
59 |
Windows Kernel-Mode Drivers |
CVE-2019-0776 |
Win32k 信息泄露漏洞 |
Important |
|
60 |
Windows Print Spooler Components |
CVE-2019-0759 |
Windows Print Spooler 信息泄露漏洞 |
Important |
|
61 |
Windows SMB Server |
CVE-2019-0703 |
Windows SMB 信息泄露漏洞 |
Important |
|
62 |
Windows SMB Server |
CVE-2019-0704 |
Windows SMB 信息泄露漏洞 |
Important |
|
63 |
Windows SMB Server |
CVE-2019-0821 |
Windows SMB 信息泄露漏洞 |
Important |
|
64 |
Windows Subsystem for Linux |
CVE-2019-0682 |
Windows Subsystem for Linux 特权提升漏洞 |
Important |
|
65 |
Windows Subsystem for Linux |
CVE-2019-0689 |
Windows Subsystem for Linux 特权提升漏洞 |
Important |
|
66 |
Windows Subsystem for Linux |
CVE-2019-0692 |
Windows Subsystem for Linux 特权提升漏洞 |
Important |
|
67 |
Windows Subsystem for Linux |
CVE-2019-0693 |
Windows Subsystem for Linux 特权提升漏洞 |
Important |
|
68 |
Windows Subsystem for Linux |
CVE-2019-0694 |
Windows Subsystem for Linux 特权提升漏洞 |
Important |
【风险评级】
高危
【影响范围】
3月安全发布的漏洞及补丁涉及如下产品:
l Active Directory
l Adobe Flash Player
l Azure
l Internet Explorer
l Microsoft Browsers
l Microsoft Edge
l Microsoft Graphics Component
l Microsoft JET Database Engine
l Microsoft Office
l Microsoft Office SharePoint
l Microsoft Scripting Engine
l Microsoft Windows
l Microsoft XML、NuGet
l Servicing Stack Updates
l Skype for Business
l Team Foundation Server
l Visual Studio
l Windows DHCP Client
l Windows Hyper-V
l Windows Kernel
l Windows Kernel-Mode Drivers
l Windows Print Spooler Components
l Windows SMB Server
l Windows Subsystem for Linux
【修复建议】
1、建议用户关注并依据业务需求场景评估实际漏洞风险,选择更新相关产品补丁,以提高系统安全性;
2、修复方法:Windows Update功能,点击“检查更新”按钮,依据业务情况下载安装相关安全补丁,安装完毕后重启服务器,并检查系统运行情况。
【参考链接】
特别提醒:修复漏洞前请进行充分测试,并务必做好数据备份和快照,防止出现意外。
