【漏洞情报】微软2019年09月补丁情报

【漏洞详情】

微软于本周二发布2019年09月安全补丁,共修复安全漏洞81个,本次漏洞及补丁覆盖Adobe Flash Player、Microsoft Office SharePoint、Microsoft Windows、Windows RDP等产品,其中严重漏洞17个,攻击者可利用此类漏洞进行远程代码执行、内存破坏等攻击,修复的漏洞详细列表如下,请用户综合评估业务影响,并选择安排补丁升级。

序号

产品

CVE 编号

CVE 标题

严重程度

1

Adobe Flash Player

ADV190022

September 2019 Adobe Flash 安全更新

Critical

2

Microsoft Office SharePoint

CVE-2019-1257

Microsoft SharePoint 远程代码执行漏洞

Critical

3

Microsoft Office SharePoint

CVE-2019-1295

Microsoft SharePoint 远程代码执行漏洞

Critical

4

Microsoft Office SharePoint

CVE-2019-1296

Microsoft SharePoint 远程代码执行漏洞

Critical

5

Microsoft Scripting Engine

CVE-2019-1208

VBScript 远程代码执行漏洞

Critical

6

Microsoft Scripting Engine

CVE-2019-1217

Chakra Scripting Engine 内存破坏漏洞

Critical

7

Microsoft Scripting Engine

CVE-2019-1221

Scripting Engine 内存破坏漏洞

Critical

8

Microsoft Scripting Engine

CVE-2019-1236

VBScript 远程代码执行漏洞

Critical

9

Microsoft Scripting Engine

CVE-2019-1237

Chakra Scripting Engine 内存破坏漏洞

Critical

10

Microsoft Scripting Engine

CVE-2019-1300

Chakra Scripting Engine 内存破坏漏洞

Critical

11

Microsoft Windows

CVE-2019-1280

LNK 远程代码执行漏洞

Critical

12

Servicing Stack Updates

ADV990001

Latest Servicing Stack Updates

Critical

13

Team Foundation Server

CVE-2019-1306

Azure DevOps and Team Foundation Server 远程代码执行漏洞

Critical

14

Windows RDP

CVE-2019-0787

Remote Desktop Client 远程代码执行漏洞

Critical

15

Windows RDP

CVE-2019-0788

Remote Desktop Client 远程代码执行漏洞

Critical

16

Windows RDP

CVE-2019-1290

Remote Desktop Client 远程代码执行漏洞

Critical

17

Windows RDP

CVE-2019-1291

Remote Desktop Client 远程代码执行漏洞

Critical

18

.NET Core

CVE-2019-1301

.NET Core 拒绝服务漏洞

Important

19

.NET Framework

CVE-2019-1142

.NET Framework 特权提升漏洞

Important

20

Active Directory

CVE-2019-1273

Active Directory Federation Services XSS Vulnerability

Important

21

ASP.NET

CVE-2019-1302

ASP.NET Core Elevation Of Privilege Vulnerability

Important

22

Common Log File System Driver

CVE-2019-1214

Windows Common Log File System Driver 特权提升漏洞

Important

23

Common Log File System Driver

CVE-2019-1282

Windows Common Log File System Driver 信息泄露漏洞

Important

24

Microsoft Browsers

CVE-2019-1220

Microsoft Browser 安全功能绕过漏洞

Important

25

Microsoft Edge

CVE-2019-1299

Microsoft Edge based on Edge HTML 信息泄露漏洞

Important

26

Microsoft Exchange Server

CVE-2019-1233

Microsoft Exchange 拒绝服务漏洞

Important

27

Microsoft Exchange Server

CVE-2019-1266

Microsoft Exchange 欺骗漏洞

Important

28

Microsoft Graphics Component

CVE-2019-1216

DirectX 信息泄露漏洞

Important

29

Microsoft Graphics Component

CVE-2019-1244

DirectWrite 信息泄露漏洞

Important

30

Microsoft Graphics Component

CVE-2019-1245

DirectWrite 信息泄露漏洞

Important

31

Microsoft Graphics Component

CVE-2019-1251

DirectWrite 信息泄露漏洞

Important

32

Microsoft Graphics Component

CVE-2019-1252

Windows GDI 信息泄露漏洞

Important

33

Microsoft Graphics Component

CVE-2019-1283

Microsoft Graphics Components 信息泄露漏洞

Important

34

Microsoft Graphics Component

CVE-2019-1284

DirectX 特权提升漏洞

Important

35

Microsoft Graphics Component

CVE-2019-1286

Windows GDI 信息泄露漏洞

Important

36

Microsoft JET Database Engine

CVE-2019-1240

Jet Database Engine 远程代码执行漏洞

Important

37

Microsoft JET Database Engine

CVE-2019-1241

Jet Database Engine 远程代码执行漏洞

Important

38

Microsoft JET Database Engine

CVE-2019-1242

Jet Database Engine 远程代码执行漏洞

Important

39

Microsoft JET Database Engine

CVE-2019-1243

Jet Database Engine 远程代码执行漏洞

Important

40

Microsoft JET Database Engine

CVE-2019-1246

Jet Database Engine 远程代码执行漏洞

Important

41

Microsoft JET Database Engine

CVE-2019-1247

Jet Database Engine 远程代码执行漏洞

Important

42

Microsoft JET Database Engine

CVE-2019-1248

Jet Database Engine 远程代码执行漏洞

Important

43

Microsoft JET Database Engine

CVE-2019-1249

Jet Database Engine 远程代码执行漏洞

Important

44

Microsoft JET Database Engine

CVE-2019-1250

Jet Database Engine 远程代码执行漏洞

Important

45

Microsoft Office

CVE-2019-1297

Microsoft Excel 远程代码执行漏洞

Important

46

Microsoft Office

CVE-2019-1263

Microsoft Excel 信息泄露漏洞

Important

47

Microsoft Office

CVE-2019-1264

Microsoft Office 安全功能绕过漏洞

Important

48

Microsoft Office SharePoint

CVE-2019-1260

Microsoft SharePoint 特权提升漏洞

Important

49

Microsoft Office SharePoint

CVE-2019-1261

Microsoft SharePoint 欺骗漏洞

Important

50

Microsoft Office SharePoint

CVE-2019-1262

Microsoft Office SharePoint XSS Vulnerability

Important

51

Microsoft Windows

CVE-2019-1215

Windows 特权提升漏洞

Important

52

Microsoft Windows

CVE-2019-1219

Windows Transaction Manager 信息泄露漏洞

Important

53

Microsoft Windows

CVE-2019-1267

Microsoft Compatibility Appraiser 特权提升漏洞

Important

54

Microsoft Windows

CVE-2019-1268

Winlogon 特权提升漏洞

Important

55

Microsoft Windows

CVE-2019-1269

Windows ALPC 特权提升漏洞

Important

56

Microsoft Windows

CVE-2019-1270

Microsoft Windows Store Installer 特权提升漏洞

Important

57

Microsoft Windows

CVE-2019-1271

Windows Media 特权提升漏洞

Important

58

Microsoft Windows

CVE-2019-1272

Windows ALPC 特权提升漏洞

Important

59

Microsoft Windows

CVE-2019-1235

Windows Text Service Framework 特权提升漏洞

Important

60

Microsoft Windows

CVE-2019-1253

Windows 特权提升漏洞

Important

61

Microsoft Windows

CVE-2019-1277

Windows Audio Service 特权提升漏洞

Important

62

Microsoft Windows

CVE-2019-1278

Windows 特权提升漏洞

Important

63

Microsoft Windows

CVE-2019-1287

Windows Network Connectivity Assistant 特权提升漏洞

Important

64

Microsoft Windows

CVE-2019-1289

Windows Update Delivery Optimization 特权提升漏洞

Important

65

Microsoft Windows

CVE-2019-1292

Windows 拒绝服务漏洞

Important

66

Microsoft Windows

CVE-2019-1294

Windows Secure Boot 安全功能绕过漏洞

Important

67

Microsoft Windows

CVE-2019-1303

Windows 特权提升漏洞

Important

68

Microsoft Yammer

CVE-2019-1265

Microsoft Yammer 安全功能绕过漏洞

Important

69

Project Rome

CVE-2019-1231

Rome SDK 信息泄露漏洞

Important

70

Skype for Business and Microsoft Lync

CVE-2019-1209

Lync 2013 信息泄露漏洞

Important

71

Team Foundation Server

CVE-2019-1305

Team Foundation Server Cross-site Scripting Vulnerability

Important

72

Visual Studio

CVE-2019-1232

Diagnostics Hub Standard Collector Service 特权提升漏洞

Important

73

Windows Hyper-V

CVE-2019-0928

Windows Hyper-V 拒绝服务漏洞

Important

74

Windows Hyper-V

CVE-2019-1254

Windows Hyper-V 信息泄露漏洞

Important

75

Windows Kernel

CVE-2019-1274

Windows Kernel 信息泄露漏洞

Important

76

Windows Kernel

CVE-2019-1256

Win32k 特权提升漏洞

Important

77

Windows Kernel

CVE-2019-1285

Win32k 特权提升漏洞

Important

78

Windows Kernel

CVE-2019-1293

Windows SMB Client Driver 信息泄露漏洞

Important

79

Microsoft Office SharePoint

CVE-2019-1259

Microsoft SharePoint 欺骗漏洞

Moderate

80

Microsoft Scripting Engine

CVE-2019-1138

Chakra Scripting Engine 内存破坏漏洞

Moderate

81

Microsoft Scripting Engine

CVE-2019-1298

Chakra Scripting Engine 内存破坏漏洞

Moderate

【风险评级】

高危

【影响范围】

本次补丁修复覆盖如下产品:

l  Adobe Flash Player

l  Microsoft Office SharePoint

l  Microsoft Scripting Engine

l  Microsoft Windows

l  Servicing Stack Updates

l  Team Foundation Server

l  Windows RDP

l  .NET Core

l  .NET Framework

l  Active Directory

l  ASP.NET

l  Common Log File System Driver

l  Microsoft Browsers

l  Microsoft Edge

l  Microsoft Exchange Server

l  Microsoft Graphics Component

l  Microsoft JET Database Engine

l  Microsoft Office

l  Microsoft Yammer

l  Project Rome

l  Skype for Business and Microsoft Lync

l  Visual Studio

l  Windows Hyper-V

l  Windows Kernel

【修复建议】

建议用户关注并依据实际业务评估漏洞风险影响,选择更新相关产品补丁,以提高系统安全性;

修复方法:打开 Windows Update 更新功能,点击“检查更新”按钮,依据业务需求下载安装相关安全补丁,安装完毕后重启系统,并检查系统运行情况。

【参考链接】

https://portal.msrc.microsoft.com/en-us/security-guidance

特别提醒:修复漏洞前请进行充分测试,并务必做好数据备份和快照,防止出现意外。

平安云

2019年9月11日

上一条公告 【漏洞情报】Ghostscript 存在远程命令执行漏洞情报
下一条公告 【漏洞情报】Windows RDP远程代码执行漏洞情报
咨询·建议

电话咨询

400-151-8800

邮件咨询

cloud@pingan.com

在线客服

立即咨询

工单支持

解决云产品相关技术问题

提交工单