【漏洞详情】
微软于本周二发布2019年08月安全补丁,共修复安全漏洞95个,本次漏洞及补丁覆盖Microsoft Graphics Component 、Microsoft Office、Microsoft Scripting Engine、Microsoft Windows等产品,其中严重漏洞29个,攻击者可利用此类漏洞进行远程代码执行、内存破坏等攻击,修复的漏洞详细列表如下,请用户综合评估业务影响,并选择安排补丁升级:
序号 |
产品 |
CVE 编号 |
CVE 标题 |
严重程度 |
1 |
Microsoft Graphics Component |
CVE-2019-1144 |
Microsoft Graphics 远程代码执行漏洞 |
Critical |
2 |
Microsoft Graphics Component |
CVE-2019-1145 |
Microsoft Graphics 远程代码执行漏洞 |
Critical |
3 |
Microsoft Graphics Component |
CVE-2019-1149 |
Microsoft Graphics 远程代码执行漏洞 |
Critical |
4 |
Microsoft Graphics Component |
CVE-2019-1150 |
Microsoft Graphics 远程代码执行漏洞 |
Critical |
5 |
Microsoft Graphics Component |
CVE-2019-1151 |
Microsoft Graphics 远程代码执行漏洞 |
Critical |
6 |
Microsoft Graphics Component |
CVE-2019-1152 |
Microsoft Graphics 远程代码执行漏洞 |
Critical |
7 |
Microsoft Office |
CVE-2019-1199 |
Microsoft Outlook 内存破坏漏洞 |
Critical |
8 |
Microsoft Office |
CVE-2019-1200 |
Microsoft Outlook 远程代码执行漏洞 |
Critical |
9 |
Microsoft Office |
CVE-2019-1201 |
Microsoft Word 远程代码执行漏洞 |
Critical |
10 |
Microsoft Office |
CVE-2019-1205 |
Microsoft Word 远程代码执行漏洞 |
Critical |
11 |
Microsoft Scripting Engine |
CVE-2019-1131 |
Chakra Scripting Engine 内存破坏漏洞 |
Critical |
12 |
Microsoft Scripting Engine |
CVE-2019-1133 |
Scripting Engine 内存破坏漏洞 |
Critical |
13 |
Microsoft Scripting Engine |
CVE-2019-1139 |
Chakra Scripting Engine 内存破坏漏洞 |
Critical |
14 |
Microsoft Scripting Engine |
CVE-2019-1140 |
Chakra Scripting Engine 内存破坏漏洞 |
Critical |
15 |
Microsoft Scripting Engine |
CVE-2019-1141 |
Chakra Scripting Engine 内存破坏漏洞 |
Critical |
16 |
Microsoft Scripting Engine |
CVE-2019-1194 |
Scripting Engine 内存破坏漏洞 |
Critical |
17 |
Microsoft Scripting Engine |
CVE-2019-1195 |
Chakra Scripting Engine 内存破坏漏洞 |
Critical |
18 |
Microsoft Scripting Engine |
CVE-2019-1196 |
Chakra Scripting Engine 内存破坏漏洞 |
Critical |
19 |
Microsoft Scripting Engine |
CVE-2019-1197 |
Chakra Scripting Engine 内存破坏漏洞 |
Critical |
20 |
Microsoft Windows |
CVE-2019-1188 |
LNK 远程代码执行漏洞 |
Critical |
21 |
Windows DHCP Client |
CVE-2019-0736 |
Windows DHCP Client 远程代码执行漏洞 |
Critical |
22 |
Windows DHCP Server |
CVE-2019-1213 |
Windows DHCP Server 远程代码执行漏洞 |
Critical |
23 |
Windows Hyper-V |
CVE-2019-0965 |
Windows Hyper-V 远程代码执行漏洞 |
Critical |
24 |
Windows Hyper-V |
CVE-2019-0720 |
Hyper-V 远程代码执行漏洞 |
Critical |
25 |
Windows RDP |
CVE-2019-1181 |
Remote Desktop Services 远程代码执行漏洞 |
Critical |
26 |
Windows RDP |
CVE-2019-1182 |
Remote Desktop Services 远程代码执行漏洞 |
Critical |
27 |
Windows RDP |
CVE-2019-1222 |
Remote Desktop Services 远程代码执行漏洞 |
Critical |
28 |
Windows RDP |
CVE-2019-1226 |
Remote Desktop Services 远程代码执行漏洞 |
Critical |
29 |
Windows Scripting |
CVE-2019-1183 |
Windows VBScript Engine 远程代码执行漏洞 |
Critical |
30 |
HTTP/2 |
CVE-2019-9511 |
HTTP/2 Server 拒绝服务漏洞 |
Important |
31 |
HTTP/2 |
CVE-2019-9512 |
HTTP/2 Server 拒绝服务漏洞 |
Important |
32 |
HTTP/2 |
CVE-2019-9513 |
HTTP/2 Server 拒绝服务漏洞 |
Important |
33 |
HTTP/2 |
CVE-2019-9514 |
HTTP/2 Server 拒绝服务漏洞 |
Important |
34 |
HTTP/2 |
CVE-2019-9518 |
HTTP/2 Server 拒绝服务漏洞 |
Important |
35 |
Microsoft Bluetooth Driver |
CVE-2019-9506 |
Encryption Key Negotiation of Bluetooth Vulnerability |
Important |
36 |
Microsoft Browsers |
CVE-2019-1192 |
Microsoft Browsers 安全功能绕过漏洞 |
Important |
37 |
Microsoft Dynamics |
CVE-2019-1229 |
Dynamics On-Premise 特权提升漏洞 |
Important |
38 |
Microsoft Edge |
CVE-2019-1030 |
Microsoft Edge 信息泄露漏洞 |
Important |
39 |
Microsoft Graphics Component |
CVE-2019-1078 |
Microsoft Graphics Component 信息泄露漏洞 |
Important |
40 |
Microsoft Graphics Component |
CVE-2019-1143 |
Windows Graphics Component 信息泄露漏洞 |
Important |
41 |
Microsoft Graphics Component |
CVE-2019-1148 |
Microsoft Graphics Component 信息泄露漏洞 |
Important |
42 |
Microsoft Graphics Component |
CVE-2019-1153 |
Microsoft Graphics Component 信息泄露漏洞 |
Important |
43 |
Microsoft Graphics Component |
CVE-2019-1154 |
Windows Graphics Component 信息泄露漏洞 |
Important |
44 |
Microsoft Graphics Component |
CVE-2019-1158 |
Windows Graphics Component 信息泄露漏洞 |
Important |
45 |
Microsoft JET Database Engine |
CVE-2019-1146 |
Jet Database Engine 远程代码执行漏洞 |
Important |
46 |
Microsoft JET Database Engine |
CVE-2019-1147 |
Jet Database Engine 远程代码执行漏洞 |
Important |
47 |
Microsoft JET Database Engine |
CVE-2019-1155 |
Jet Database Engine 远程代码执行漏洞 |
Important |
48 |
Microsoft JET Database Engine |
CVE-2019-1156 |
Jet Database Engine 远程代码执行漏洞 |
Important |
49 |
Microsoft JET Database Engine |
CVE-2019-1157 |
Jet Database Engine 远程代码执行漏洞 |
Important |
50 |
Microsoft Malware Protection Engine |
CVE-2019-1161 |
Microsoft Defender 特权提升漏洞 |
Important |
51 |
Microsoft NTFS |
CVE-2019-1170 |
Windows NTFS 特权提升漏洞 |
Important |
52 |
Microsoft Office |
CVE-2019-1204 |
Microsoft Outlook 特权提升漏洞 |
Important |
53 |
Microsoft Office |
CVE-2019-1218 |
Outlook iOS 欺骗漏洞 |
Important |
54 |
Microsoft Office SharePoint |
CVE-2019-1202 |
Microsoft SharePoint 信息泄露漏洞 |
Important |
55 |
Microsoft Office SharePoint |
CVE-2019-1203 |
Microsoft Office SharePoint XSS Vulnerability |
Important |
56 |
Microsoft Windows |
CVE-2019-1172 |
Windows 信息泄露漏洞 |
Important |
57 |
Microsoft Windows |
CVE-2019-1173 |
Windows 特权提升漏洞 |
Important |
58 |
Microsoft Windows |
CVE-2019-1174 |
Windows 特权提升漏洞 |
Important |
59 |
Microsoft Windows |
CVE-2019-1175 |
Windows 特权提升漏洞 |
Important |
60 |
Microsoft Windows |
CVE-2019-1178 |
Windows 特权提升漏洞 |
Important |
61 |
Microsoft Windows |
CVE-2019-1179 |
Windows 特权提升漏洞 |
Important |
62 |
Microsoft Windows |
CVE-2019-1180 |
Windows 特权提升漏洞 |
Important |
63 |
Microsoft Windows |
CVE-2019-0716 |
Windows 拒绝服务漏洞 |
Important |
64 |
Microsoft Windows |
CVE-2019-1162 |
Windows ALPC 特权提升漏洞 |
Important |
65 |
Microsoft Windows |
CVE-2019-1163 |
Windows File Signature 安全功能绕过漏洞 |
Important |
66 |
Microsoft Windows |
CVE-2019-1168 |
Microsoft Windows p2pimsvc 特权提升漏洞 |
Important |
67 |
Microsoft Windows |
CVE-2019-1176 |
DirectX 特权提升漏洞 |
Important |
68 |
Microsoft Windows |
CVE-2019-1177 |
Windows 特权提升漏洞 |
Important |
69 |
Microsoft Windows |
CVE-2019-1186 |
Windows 特权提升漏洞 |
Important |
70 |
Microsoft Windows |
CVE-2019-1198 |
Microsoft Windows 特权提升漏洞 |
Important |
71 |
Microsoft XML |
CVE-2019-1187 |
XmlLite Runtime 拒绝服务漏洞 |
Important |
72 |
Microsoft XML Core Services |
CVE-2019-1057 |
MS XML 远程代码执行漏洞 |
Important |
73 |
Online Services |
ADV190014 |
Microsoft Live Accounts 特权提升漏洞 |
Important |
74 |
Visual Studio |
CVE-2019-1211 |
Git for Visual Studio 特权提升漏洞 |
Important |
75 |
Windows – Linux |
CVE-2019-1185 |
Windows Subsystem for Linux 特权提升漏洞 |
Important |
76 |
Windows DHCP Server |
CVE-2019-1206 |
Windows DHCP Server 拒绝服务漏洞 |
Important |
77 |
Windows DHCP Server |
CVE-2019-1212 |
Windows DHCP Server 拒绝服务漏洞 |
Important |
78 |
Windows Hyper-V |
CVE-2019-0714 |
Windows Hyper-V 拒绝服务漏洞 |
Important |
79 |
Windows Hyper-V |
CVE-2019-0715 |
Windows Hyper-V 拒绝服务漏洞 |
Important |
80 |
Windows Hyper-V |
CVE-2019-0717 |
Windows Hyper-V 拒绝服务漏洞 |
Important |
81 |
Windows Hyper-V |
CVE-2019-0718 |
Windows Hyper-V 拒绝服务漏洞 |
Important |
82 |
Windows Hyper-V |
CVE-2019-0723 |
Windows Hyper-V 拒绝服务漏洞 |
Important |
83 |
Windows Kernel |
CVE-2019-1159 |
Windows Kernel 特权提升漏洞 |
Important |
84 |
Windows Kernel |
CVE-2019-1164 |
Windows Kernel 特权提升漏洞 |
Important |
85 |
Windows Kernel |
CVE-2019-1169 |
Win32k 特权提升漏洞 |
Important |
86 |
Windows Kernel |
CVE-2019-1190 |
Windows Image 特权提升漏洞 |
Important |
87 |
Windows Kernel |
CVE-2019-1227 |
Windows Kernel 信息泄露漏洞 |
Important |
88 |
Windows Kernel |
CVE-2019-1228 |
Windows Kernel 信息泄露漏洞 |
Important |
89 |
Windows RDP |
CVE-2019-1223 |
Windows Remote Desktop Protocol (RDP) 拒绝服务漏洞 |
Important |
90 |
Windows RDP |
CVE-2019-1224 |
Remote Desktop Protocol Server 信息泄露漏洞 |
Important |
91 |
Windows RDP |
CVE-2019-1225 |
Remote Desktop Protocol Server 信息泄露漏洞 |
Important |
92 |
Windows Shell |
CVE-2019-1184 |
Windows 特权提升漏洞 |
Important |
93 |
Windows SymCrypt |
CVE-2019-1171 |
SymCrypt 信息泄露漏洞 |
Important |
94 |
Microsoft Browsers |
CVE-2019-1193 |
Microsoft Browser 内存破坏漏洞 |
Low |
95 |
Active Directory |
ADV190023 |
Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing |
Low |
【风险评级】
高危
【影响范围】
l Microsoft Graphics Component
l Microsoft Office
l Microsoft Scripting Engine
l Microsoft Windows
l Windows DHCP Client
l Windows DHCP Server
l Windows Hyper-V
l Windows RDP
l Windows Scripting
l HTTP/2
l Microsoft Bluetooth Driver
l Microsoft Browsers
l Microsoft Dynamics
l Microsoft Edge
l Microsoft JET Database Engine
l Microsoft Malware Protection Engine
l Microsoft NTFS
l Microsoft Office SharePoint
l Microsoft XML
l Microsoft XML Core Services
l Online Services
l Visual Studio
l Windows – Linux
l Windows Kernel
l Windows Shell
l Windows SymCrypt
l Active Directory
【修复建议】
建议用户关注并依据实际业务评估漏洞风险影响,选择更新相关产品补丁,以提高系统安全性;
修复方法:打开 Windows Update 更新功能,点击“检查更新”按钮,依据业务需求下载安装相关安全补丁,安装完毕后重启系统,并检查系统运行情况。
【参考链接】
https://support.microsoft.com/en-us/help/20190813/security-update-deployment
特别提醒:修复漏洞前请进行充分测试,并务必做好数据备份和快照,防止出现意外。
平安云
2019年8月14日