【安全通告】微软发布5月补丁修复82个安全问题

作者:广州非凡信息安全技术有限公司(总部广州) | 国际 2019/05/16 17:23:13 371

57df5222072000764588b5cba284ada4.png

    微软于周二发布了5月安全更新补丁,修复了82个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Core、.NET Framework、Adobe Flash Player、Azure、Internet Explorer、Kerberos、Microsoft Browsers、Microsoft Dynamics、Microsoft Edge、Microsoft Graphics Component、Microsoft JET Database Engine、Microsoft Office、Microsoft Office SharePoint、Microsoft Scripting Engine、Microsoft Windows、NuGet、Servicing Stack Updates、Skype for Android、SQL Server、Team Foundation Server、Windows DHCP Server、Windows Diagnostic Hub、Windows Kernel、Windows NDIS以及Windows RDP。

相关信息如下:

产品 CVE 编号 CVE 标题 严重程度
.NET Core CVE-2019-0980 .Net Framework and .Net Core 拒绝服务漏洞 Important
.NET Core CVE-2019-0981 .Net Framework and .Net Core 拒绝服务漏洞 Important
.NET Core CVE-2019-0982 ASP.NET Core 拒绝服务漏洞 Important
.NET Framework CVE-2019-0820 .NET Framework and .NET Core 拒绝服务漏洞 Important
.NET Framework CVE-2019-0864 .NET Framework 拒绝服务漏洞 Important
Adobe Flash Player ADV190012 May 2019 Adobe Flash 安全更新 Critical
Azure CVE-2019-1000 Microsoft Azure AD Connect 特权提升漏洞 Important
Internet Explorer CVE-2019-0921 Internet Explorer 欺骗漏洞 Important
Internet Explorer CVE-2019-0929 Internet Explorer 内存破坏漏洞 Critical
Internet Explorer CVE-2019-0930 Internet Explorer 信息泄露漏洞 Important
Internet Explorer CVE-2019-0995 Internet Explorer 安全功能绕过漏洞 Important
Kerberos CVE-2019-0734 Windows 特权提升漏洞 Important
Microsoft Browsers CVE-2019-0940 Microsoft Browser 内存破坏漏洞 Critical
Microsoft Dynamics CVE-2019-1008 Microsoft Dynamics On-Premise Security Feature Bypass Important
Microsoft Edge CVE-2019-0926 Microsoft Edge 内存破坏漏洞 Critical
Microsoft Edge CVE-2019-0938 Microsoft Edge 特权提升漏洞 Important
Microsoft Graphics Component CVE-2019-0882 Windows GDI 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2019-0892 Win32k 特权提升漏洞 Important
Microsoft Graphics Component CVE-2019-0903 GDI+ 远程代码执行漏洞 Critical
Microsoft Graphics Component CVE-2019-0961 Windows GDI 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2019-0758 Windows GDI 信息泄露漏洞 Important
Microsoft JET Database Engine CVE-2019-0893 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2019-0894 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2019-0895 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2019-0896 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2019-0897 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2019-0898 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2019-0899 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2019-0900 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2019-0901 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2019-0902 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2019-0889 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2019-0890 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2019-0891 Jet Database Engine 远程代码执行漏洞 Important
Microsoft Office CVE-2019-0945 Microsoft Office Access Connectivity Engine 远程代码执行漏洞 Important
Microsoft Office CVE-2019-0946 Microsoft Office Access Connectivity Engine 远程代码执行漏洞 Important
Microsoft Office CVE-2019-0947 Microsoft Office Access Connectivity Engine 远程代码执行漏洞 Important
Microsoft Office CVE-2019-0953 Microsoft Word 远程代码执行漏洞 Critical
Microsoft Office SharePoint CVE-2019-0956 Microsoft SharePoint Server 信息泄露漏洞 Important
Microsoft Office SharePoint CVE-2019-0957 Microsoft SharePoint 特权提升漏洞 Important
Microsoft Office SharePoint CVE-2019-0958 Microsoft SharePoint 特权提升漏洞 Important
Microsoft Office SharePoint CVE-2019-0963 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2019-0949 Microsoft SharePoint 欺骗漏洞 Important
Microsoft Office SharePoint CVE-2019-0950 Microsoft SharePoint 欺骗漏洞 Important
Microsoft Office SharePoint CVE-2019-0951 Microsoft SharePoint 欺骗漏洞 Important
Microsoft Office SharePoint CVE-2019-0952 Microsoft SharePoint Server 远程代码执行漏洞 Important
Microsoft Scripting Engine CVE-2019-0884 Scripting Engine 内存破坏漏洞 Critical
Microsoft Scripting Engine CVE-2019-0911 Scripting Engine 内存破坏漏洞 Critical
Microsoft Scripting Engine CVE-2019-0912 Chakra Scripting Engine 内存破坏漏洞 Critical
Microsoft Scripting Engine CVE-2019-0913 Chakra Scripting Engine 内存破坏漏洞 Critical
Microsoft Scripting Engine CVE-2019-0914 Chakra Scripting Engine 内存破坏漏洞 Moderate
Microsoft Scripting Engine CVE-2019-0915 Chakra Scripting Engine 内存破坏漏洞 Critical
Microsoft Scripting Engine CVE-2019-0916 Chakra Scripting Engine 内存破坏漏洞 Critical
Microsoft Scripting Engine CVE-2019-0917 Chakra Scripting Engine 内存破坏漏洞 Critical
Microsoft Scripting Engine CVE-2019-0918 Scripting Engine 内存破坏漏洞 Moderate
Microsoft Scripting Engine CVE-2019-0922 Chakra Scripting Engine 内存破坏漏洞 Critical
Microsoft Scripting Engine CVE-2019-0923 Chakra Scripting Engine 内存破坏漏洞 Important
Microsoft Scripting Engine CVE-2019-0924 Chakra Scripting Engine 内存破坏漏洞 Critical
Microsoft Scripting Engine CVE-2019-0925 Chakra Scripting Engine 内存破坏漏洞 Critical
Microsoft Scripting Engine CVE-2019-0927 Chakra Scripting Engine 内存破坏漏洞 Critical
Microsoft Scripting Engine CVE-2019-0933 Chakra Scripting Engine 内存破坏漏洞 Critical
Microsoft Scripting Engine CVE-2019-0937 Chakra Scripting Engine 内存破坏漏洞 Critical
Microsoft Windows CVE-2019-0863 Windows Error Reporting 特权提升漏洞 Important
Microsoft Windows CVE-2019-0886 Windows Hyper-V 信息泄露漏洞 Important
Microsoft Windows CVE-2019-0942 Unified Write Filter 特权提升漏洞 Important
Microsoft Windows CVE-2019-0733 Windows Defender Application Control 安全功能绕过漏洞 Important
Microsoft Windows CVE-2019-0885 Windows OLE 远程代码执行漏洞 Important
Microsoft Windows CVE-2019-0931 Windows Storage Service 特权提升漏洞 Important
Microsoft Windows ADV190013 Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilities Important
Microsoft Windows CVE-2019-0936 Windows 特权提升漏洞 Important
NuGet CVE-2019-0976 NuGet Package Manager Tampering Vulnerability Important
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical
Skype for Android CVE-2019-0932 Skype for Android 信息泄露漏洞 Important
SQL Server CVE-2019-0819 Microsoft SQL Server Analysis Services 信息泄露漏洞 Important
Team Foundation Server CVE-2019-0971 Azure DevOps Server and Team Foundation Server 信息泄露漏洞 Important
Team Foundation Server CVE-2019-0872 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Important
Team Foundation Server CVE-2019-0979 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Important
Windows DHCP Server CVE-2019-0725 Windows DHCP Server 远程代码执行漏洞 Critical
Windows Diagnostic Hub CVE-2019-0727 Diagnostic Hub Standard Collector, Visual Studio Standard Collector 特权提升漏洞 Important
Windows Kernel CVE-2019-0881 Windows Kernel 特权提升漏洞 Important
Windows NDIS CVE-2019-0707 Windows NDIS 特权提升漏洞 Important
Windows RDP CVE-2019-0708 Remote Desktop Services 远程代码执行漏洞 Critical

修复建议

    微软官方已经发布更新补丁,请及时进行补丁更新。


推荐关注

指导单位
广东省公安厅网络警察总队 广东省信息安全等级保护协调小组办公室