【安全通告】微软发布3月补丁修复68个安全问题

作者:   广州非凡信息安全技术有限公司(总部广州) 2019/03/26 16:28:25 311次阅读 国际

【安全通告】微软发布3月补丁修复68个安全问题
8f6cf86226266af57c31d5dd36c10673.png
微软于周二发布了3月安全更新补丁,修复了68个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及Active Directory、Adobe Flash Player、Azure、Internet Explorer、Microsoft Browsers、Microsoft Edge、Microsoft Graphics Component、Microsoft JET Database Engine、Microsoft Office、Microsoft Office SharePoint、Microsoft Scripting Engine、Microsoft Windows、Microsoft XML、NuGet、Servicing Stack Updates、Skype for Business、Team Foundation Server、Visual Studio、Windows DHCP Client、Windows Hyper-V、Windows Kernel、Windows Kernel-Mode Drivers、Windows Print Spooler Components、Windows SMB Server以及Windows Subsystem for Linux。



相关信息


产品

CVE 编号

CVE 标题

严重程度

Active Directory

CVE-2019-0683

Active Directory 特权提升漏洞

Important

Adobe Flash Player

ADV190008

March 2019 Adobe Flash 安全更新

Low

Azure

CVE-2019-0816

Azure SSH Keypairs 安全功能绕过漏洞

Moderate

Internet Explorer

CVE-2019-0761

Internet Explorer 安全功能绕过漏洞

Low

Internet Explorer

CVE-2019-0763

Internet Explorer 内存破坏漏洞

Moderate

Internet Explorer

CVE-2019-0768

Internet Explorer 安全功能绕过漏洞

Important

Microsoft Browsers

CVE-2019-0762

Microsoft Browsers 安全功能绕过漏洞

Low

Microsoft Browsers

CVE-2019-0780

Microsoft Browser 内存破坏漏洞

Important

Microsoft Edge

CVE-2019-0612

Microsoft Edge 安全功能绕过漏洞

Important

Microsoft Edge

CVE-2019-0678

Microsoft Edge 特权提升漏洞

Important

Microsoft Edge

CVE-2019-0779

Microsoft Edge 内存破坏漏洞

Important

Microsoft Graphics Component

CVE-2019-0774

Windows GDI 信息泄露漏洞

Important

Microsoft Graphics Component

CVE-2019-0797

Win32k 特权提升漏洞

Important

Microsoft Graphics Component

CVE-2019-0808

Win32k 特权提升漏洞

Important

Microsoft Graphics Component

CVE-2019-0614

Windows GDI 信息泄露漏洞

Important

Microsoft JET Database Engine

CVE-2019-0617

Jet Database Engine 远程代码执行漏洞

Important

Microsoft Office

CVE-2019-0748

Microsoft Office Access Connectivity Engine 远程代码执行漏洞

Important

Microsoft Office SharePoint

CVE-2019-0778

Microsoft Office SharePoint XSS Vulnerability

Important

Microsoft Scripting Engine

CVE-2019-0609

Scripting Engine 内存破坏漏洞

Critical

Microsoft Scripting Engine

CVE-2019-0611

Chakra Scripting Engine 内存破坏漏洞

Low

Microsoft Scripting Engine

CVE-2019-0639

Scripting Engine 内存破坏漏洞

Moderate

Microsoft Scripting Engine

CVE-2019-0746

Chakra Scripting Engine 内存破坏漏洞

Important

Microsoft Scripting Engine

CVE-2019-0769

Scripting Engine 内存破坏漏洞

Critical

Microsoft Scripting Engine

CVE-2019-0770

Scripting Engine 内存破坏漏洞

Critical

Microsoft Scripting Engine

CVE-2019-0771

Scripting Engine 内存破坏漏洞

Critical

Microsoft Scripting Engine<

CVE-2019-0772

Windows VBScript Engine 远程代码执行漏洞

Important

Microsoft Scripting Engine

CVE-2019-0773

Scripting Engine 内存破坏漏洞

Critical

Microsoft Scripting Engine

CVE-2019-0783

Scripting Engine 内存破坏漏洞

Important

Microsoft Scripting Engine

CVE-2019-0592

Chakra Scripting Engine 内存破坏漏洞

Critical

Microsoft Scripting Engine

CVE-2019-0665

Windows VBScript Engine 远程代码执行漏洞

Important

Microsoft Scripting Engine

CVE-2019-0666

Windows VBScript Engine 远程代码执行漏洞

Critical

Microsoft Scripting Engine

CVE-2019-0667

Windows VBScript Engine 远程代码执行漏洞

Critical

Microsoft Scripting Engine

CVE-2019-0680

Scripting Engine 内存破坏漏洞

Critical

Microsoft Windows

CVE-2019-0754

Windows 拒绝服务漏洞

Important

Microsoft Windows<

CVE-2019-0765

Comctl32 远程代码执行漏洞

Important

Microsoft Windows

CVE-2019-0766

Microsoft Windows 特权提升漏洞

Important

Microsoft Windows

CVE-2019-0784

Windows ActiveX 远程代码执行漏洞

Critical

Microsoft Windows

ADV190009

SHA-2 Code Sign Support Advisory

Unknown

Microsoft Windows

ADV190010

Best Practices Regarding Sharing of a Single User Account Across Multiple Users

Unknown

Microsoft Windows

CVE-2019-0603

Windows Deployment Services TFTP Server 远程代码执行漏洞

Critical<

Microsoft XML

CVE-2019-0756

MS XML 远程代码执行漏洞

Critical

NuGet

CVE-2019-0757

NuGet Package Manager Tampering Vulnerability

Important

Servicing Stack Updates

ADV990001

Latest Servicing Stack Updates

Critical

Skype for Business

CVE-2019-0798

Skype for Business and Lync 欺骗漏洞

Important

Team Foundation Server

CVE-2019-0777

Team Foundation Server Cross-site Scripting Vulnerability

Low

Visual Studio

CVE-2019-0809

Visual Studio 远程代码执行漏洞

Important

Windows DHCP Client

CVE-2019-0697

Windows DHCP Client 远程代码执行漏洞

Critical

Windows DHCP Client

CVE-2019-0698

Windows DHCP Client 远程代码执行漏洞

Critical

Windows DHCP Client<

CVE-2019-0726

Windows DHCP Client 远程代码执行漏洞

Critical

Windows Hyper-V

CVE-2019-0690

Windows Hyper-V 拒绝服务漏洞<

Important

Windows Hyper-V

CVE-2019-0695

Windows Hyper-V 拒绝服务漏洞

Important

Windows Hyper-V

CVE-2019-0701

Windows Hyper-V 拒绝服务漏洞

Important

Windows Kernel<

CVE-2019-0755

Windows Kernel 信息泄露漏洞

Important

Windows Kernel

CVE-2019-0767

Windows Kernel 信息泄露漏洞

Important

Windows Kernel

CVE-2019-0775

Windows Kernel 信息泄露漏洞

Important

Windows Kernel

CVE-2019-0782

Windows Kernel 信息泄露漏洞

Important

Windows Kernel

CVE-2019-0696

Windows Kernel 特权提升漏洞

Important

Windows Kernel

CVE-2019-0702

Windows Kernel 信息泄露漏洞

Important

Windows Kernel-Mode Drivers

CVE-2019-0776

Win32k 信息泄露漏洞

Important

Windows Print Spooler Components

CVE-2019-0759

Windows Print Spooler 信息泄露漏洞

Important

Windows SMB Server

CVE-2019-0703

Windows SMB 信息泄露漏洞

Important

Windows SMB Server

CVE-2019-0704

Windows SMB 信息泄露漏洞

Important

Windows SMB Server

CVE-2019-0821<

Windows SMB 信息泄露漏洞

Important

Windows Subsystem for Linux

CVE-2019-0682

Windows Subsystem for Linux 特权提升漏洞

Important

Windows Subsystem for Linux

CVE-2019-0689

Windows Subsystem for Linux 特权提升漏洞

Important

Windows Subsystem for Linux

CVE-2019-0692

Windows Subsystem for Linux 特权提升漏洞

Important

Windows Subsystem for Linux<

CVE-2019-0693

Windows Subsystem for Linux 特权提升漏洞

Important

Windows Subsystem for Linux

CVE-2019-0694>

Windows Subsystem for Linux 特权提升漏洞

Important






修复建议

微软官方已经发布更新补丁,请及时进行补丁更新。


指导单位
广东省公安厅网络警察总队 广东省信息安全等级保护协调小组办公室