【漏洞情报】微软2019年08月补丁情报

【漏洞详情】

微软于本周二发布2019年08月安全补丁，共修复安全漏洞95个，本次漏洞及补丁覆盖Microsoft Graphics Component 、Microsoft Office、Microsoft Scripting Engine、Microsoft Windows等产品，其中严重漏洞29个，攻击者可利用此类漏洞进行远程代码执行、内存破坏等攻击，修复的漏洞详细列表如下，请用户综合评估业务影响，并选择安排补丁升级：

序号	产品	CVE 编号	CVE 标题	严重程度
1	Microsoft Graphics Component	CVE-2019-1144	Microsoft Graphics 远程代码执行漏洞	Critical
2	Microsoft Graphics Component	CVE-2019-1145	Microsoft Graphics 远程代码执行漏洞	Critical
3	Microsoft Graphics Component	CVE-2019-1149	Microsoft Graphics 远程代码执行漏洞	Critical
4	Microsoft Graphics Component	CVE-2019-1150	Microsoft Graphics 远程代码执行漏洞	Critical
5	Microsoft Graphics Component	CVE-2019-1151	Microsoft Graphics 远程代码执行漏洞	Critical
6	Microsoft Graphics Component	CVE-2019-1152	Microsoft Graphics 远程代码执行漏洞	Critical
7	Microsoft Office	CVE-2019-1199	Microsoft Outlook 内存破坏漏洞	Critical
8	Microsoft Office	CVE-2019-1200	Microsoft Outlook 远程代码执行漏洞	Critical
9	Microsoft Office	CVE-2019-1201	Microsoft Word 远程代码执行漏洞	Critical
10	Microsoft Office	CVE-2019-1205	Microsoft Word 远程代码执行漏洞	Critical
11	Microsoft Scripting Engine	CVE-2019-1131	Chakra Scripting Engine 内存破坏漏洞	Critical
12	Microsoft Scripting Engine	CVE-2019-1133	Scripting Engine 内存破坏漏洞	Critical
13	Microsoft Scripting Engine	CVE-2019-1139	Chakra Scripting Engine 内存破坏漏洞	Critical
14	Microsoft Scripting Engine	CVE-2019-1140	Chakra Scripting Engine 内存破坏漏洞	Critical
15	Microsoft Scripting Engine	CVE-2019-1141	Chakra Scripting Engine 内存破坏漏洞	Critical
16	Microsoft Scripting Engine	CVE-2019-1194	Scripting Engine 内存破坏漏洞	Critical
17	Microsoft Scripting Engine	CVE-2019-1195	Chakra Scripting Engine 内存破坏漏洞	Critical
18	Microsoft Scripting Engine	CVE-2019-1196	Chakra Scripting Engine 内存破坏漏洞	Critical
19	Microsoft Scripting Engine	CVE-2019-1197	Chakra Scripting Engine 内存破坏漏洞	Critical
20	Microsoft Windows	CVE-2019-1188	LNK 远程代码执行漏洞	Critical
21	Windows DHCP Client	CVE-2019-0736	Windows DHCP Client 远程代码执行漏洞	Critical
22	Windows DHCP Server	CVE-2019-1213	Windows DHCP Server 远程代码执行漏洞	Critical
23	Windows Hyper-V	CVE-2019-0965	Windows Hyper-V 远程代码执行漏洞	Critical
24	Windows Hyper-V	CVE-2019-0720	Hyper-V 远程代码执行漏洞	Critical
25	Windows RDP	CVE-2019-1181	Remote Desktop Services 远程代码执行漏洞	Critical
26	Windows RDP	CVE-2019-1182	Remote Desktop Services 远程代码执行漏洞	Critical
27	Windows RDP	CVE-2019-1222	Remote Desktop Services 远程代码执行漏洞	Critical
28	Windows RDP	CVE-2019-1226	Remote Desktop Services 远程代码执行漏洞	Critical
29	Windows Scripting	CVE-2019-1183	Windows VBScript Engine 远程代码执行漏洞	Critical
30	HTTP/2	CVE-2019-9511	HTTP/2 Server 拒绝服务漏洞	Important
31	HTTP/2	CVE-2019-9512	HTTP/2 Server 拒绝服务漏洞	Important
32	HTTP/2	CVE-2019-9513	HTTP/2 Server 拒绝服务漏洞	Important
33	HTTP/2	CVE-2019-9514	HTTP/2 Server 拒绝服务漏洞	Important
34	HTTP/2	CVE-2019-9518	HTTP/2 Server 拒绝服务漏洞	Important
35	Microsoft Bluetooth Driver	CVE-2019-9506	Encryption Key Negotiation of Bluetooth Vulnerability	Important
36	Microsoft Browsers	CVE-2019-1192	Microsoft Browsers 安全功能绕过漏洞	Important
37	Microsoft Dynamics	CVE-2019-1229	Dynamics On-Premise 特权提升漏洞	Important
38	Microsoft Edge	CVE-2019-1030	Microsoft Edge 信息泄露漏洞	Important
39	Microsoft Graphics Component	CVE-2019-1078	Microsoft Graphics Component 信息泄露漏洞	Important
40	Microsoft Graphics Component	CVE-2019-1143	Windows Graphics Component 信息泄露漏洞	Important
41	Microsoft Graphics Component	CVE-2019-1148	Microsoft Graphics Component 信息泄露漏洞	Important
42	Microsoft Graphics Component	CVE-2019-1153	Microsoft Graphics Component 信息泄露漏洞	Important
43	Microsoft Graphics Component	CVE-2019-1154	Windows Graphics Component 信息泄露漏洞	Important
44	Microsoft Graphics Component	CVE-2019-1158	Windows Graphics Component 信息泄露漏洞	Important
45	Microsoft JET Database Engine	CVE-2019-1146	Jet Database Engine 远程代码执行漏洞	Important
46	Microsoft JET Database Engine	CVE-2019-1147	Jet Database Engine 远程代码执行漏洞	Important
47	Microsoft JET Database Engine	CVE-2019-1155	Jet Database Engine 远程代码执行漏洞	Important
48	Microsoft JET Database Engine	CVE-2019-1156	Jet Database Engine 远程代码执行漏洞	Important
49	Microsoft JET Database Engine	CVE-2019-1157	Jet Database Engine 远程代码执行漏洞	Important
50	Microsoft Malware Protection Engine	CVE-2019-1161	Microsoft Defender 特权提升漏洞	Important
51	Microsoft NTFS	CVE-2019-1170	Windows NTFS 特权提升漏洞	Important
52	Microsoft Office	CVE-2019-1204	Microsoft Outlook 特权提升漏洞	Important
53	Microsoft Office	CVE-2019-1218	Outlook iOS 欺骗漏洞	Important
54	Microsoft Office SharePoint	CVE-2019-1202	Microsoft SharePoint 信息泄露漏洞	Important
55	Microsoft Office SharePoint	CVE-2019-1203	Microsoft Office SharePoint XSS Vulnerability	Important
56	Microsoft Windows	CVE-2019-1172	Windows 信息泄露漏洞	Important
57	Microsoft Windows	CVE-2019-1173	Windows 特权提升漏洞	Important
58	Microsoft Windows	CVE-2019-1174	Windows 特权提升漏洞	Important
59	Microsoft Windows	CVE-2019-1175	Windows 特权提升漏洞	Important
60	Microsoft Windows	CVE-2019-1178	Windows 特权提升漏洞	Important
61	Microsoft Windows	CVE-2019-1179	Windows 特权提升漏洞	Important
62	Microsoft Windows	CVE-2019-1180	Windows 特权提升漏洞	Important
63	Microsoft Windows	CVE-2019-0716	Windows 拒绝服务漏洞	Important
64	Microsoft Windows	CVE-2019-1162	Windows ALPC 特权提升漏洞	Important
65	Microsoft Windows	CVE-2019-1163	Windows File Signature 安全功能绕过漏洞	Important
66	Microsoft Windows	CVE-2019-1168	Microsoft Windows p2pimsvc 特权提升漏洞	Important
67	Microsoft Windows	CVE-2019-1176	DirectX 特权提升漏洞	Important
68	Microsoft Windows	CVE-2019-1177	Windows 特权提升漏洞	Important
69	Microsoft Windows	CVE-2019-1186	Windows 特权提升漏洞	Important
70	Microsoft Windows	CVE-2019-1198	Microsoft Windows 特权提升漏洞	Important
71	Microsoft XML	CVE-2019-1187	XmlLite Runtime 拒绝服务漏洞	Important
72	Microsoft XML Core Services	CVE-2019-1057	MS XML 远程代码执行漏洞	Important
73	Online Services	ADV190014	Microsoft Live Accounts 特权提升漏洞	Important
74	Visual Studio	CVE-2019-1211	Git for Visual Studio 特权提升漏洞	Important
75	Windows – Linux	CVE-2019-1185	Windows Subsystem for Linux 特权提升漏洞	Important
76	Windows DHCP Server	CVE-2019-1206	Windows DHCP Server 拒绝服务漏洞	Important
77	Windows DHCP Server	CVE-2019-1212	Windows DHCP Server 拒绝服务漏洞	Important
78	Windows Hyper-V	CVE-2019-0714	Windows Hyper-V 拒绝服务漏洞	Important
79	Windows Hyper-V	CVE-2019-0715	Windows Hyper-V 拒绝服务漏洞	Important
80	Windows Hyper-V	CVE-2019-0717	Windows Hyper-V 拒绝服务漏洞	Important
81	Windows Hyper-V	CVE-2019-0718	Windows Hyper-V 拒绝服务漏洞	Important
82	Windows Hyper-V	CVE-2019-0723	Windows Hyper-V 拒绝服务漏洞	Important
83	Windows Kernel	CVE-2019-1159	Windows Kernel 特权提升漏洞	Important
84	Windows Kernel	CVE-2019-1164	Windows Kernel 特权提升漏洞	Important
85	Windows Kernel	CVE-2019-1169	Win32k 特权提升漏洞	Important
86	Windows Kernel	CVE-2019-1190	Windows Image 特权提升漏洞	Important
87	Windows Kernel	CVE-2019-1227	Windows Kernel 信息泄露漏洞	Important
88	Windows Kernel	CVE-2019-1228	Windows Kernel 信息泄露漏洞	Important
89	Windows RDP	CVE-2019-1223	Windows Remote Desktop Protocol (RDP) 拒绝服务漏洞	Important
90	Windows RDP	CVE-2019-1224	Remote Desktop Protocol Server 信息泄露漏洞	Important
91	Windows RDP	CVE-2019-1225	Remote Desktop Protocol Server 信息泄露漏洞	Important
92	Windows Shell	CVE-2019-1184	Windows 特权提升漏洞	Important
93	Windows SymCrypt	CVE-2019-1171	SymCrypt 信息泄露漏洞	Important
94	Microsoft Browsers	CVE-2019-1193	Microsoft Browser 内存破坏漏洞	Low
95	Active Directory	ADV190023	Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing	Low

【风险评级】

高危

【影响范围】

l Microsoft Graphics Component

l Microsoft Office

l Microsoft Scripting Engine

l Microsoft Windows

l Windows DHCP Client

l Windows DHCP Server

l Windows Hyper-V

l Windows RDP

l Windows Scripting

l HTTP/2

l Microsoft Bluetooth Driver

l Microsoft Browsers

l Microsoft Dynamics

l Microsoft Edge

l Microsoft JET Database Engine

l Microsoft Malware Protection Engine

l Microsoft NTFS

l Microsoft Office SharePoint

l Microsoft XML

l Microsoft XML Core Services

l Online Services

l Visual Studio

l Windows – Linux

l Windows Kernel

l Windows Shell

l Windows SymCrypt

l Active Directory

【修复建议】

建议用户关注并依据实际业务评估漏洞风险影响，选择更新相关产品补丁，以提高系统安全性；

修复方法：打开 Windows Update 更新功能，点击“检查更新”按钮，依据业务需求下载安装相关安全补丁，安装完毕后重启系统，并检查系统运行情况。

【参考链接】

https://support.microsoft.com/en-us/help/20190813/security-update-deployment

特别提醒：修复漏洞前请进行充分测试，并务必做好数据备份和快照，防止出现意外。

平安云

2019年8月14日

平安云公告

【漏洞情报】微软2019年08月补丁情报