• 基础设施安全

  • 数据安全

  • 云计算安全

  • 工控安全

  • 物联网安全

  • 全部产品

  • 全部解决方案

基础设施安全


  • 政府

  • 运营商

  • 金融

  • 能源

  • 交通

  • 企业

  • 教育

  • 医疗

返回列表

微软发布5月补丁 修复111个安全问题

2020-05-13

微软于本周二发布了5月安全更新补丁,修复了111个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Core、.NET Framework、Active Directory、Common Log File System Driver、Internet Explorer、Microsoft Dynamics、Microsoft Edge、Microsoft Graphics Component、Microsoft JET Database Engine、Microsoft Office、Microsoft Office SharePoint、Microsoft Scripting Engine、Microsoft Windows、Power BI、Visual Studio、Windows Hyper-V、Windows Kernel、Windows Scripting、Windows Subsystem for Linux、Windows Task Scheduler以及Windows Update Stack。

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-May

 

Critical漏洞概述

本次微软共修复了15个Critical级别漏洞,下面重点介绍其中的 5个:

  • CVE-2020-1023,  CVE-2020-1024, CVE-2020-1069和 CVE-2020–1102

这些是微软SharePoint中的远程代码执行漏洞。攻击者可以利用这些漏洞中的任何一个来获得在受害机器或服务器上执行任意代码的能力,具体取决于特定的错误。对于CVE-2020-1069,攻击者需要上传一个特别制作的包到SharePoint服务器,以成功利用这个漏洞。剩下的部分需要用户打开一个特别制作的SharePoint文件。

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1024

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1069

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1102

  • CVE-2020-1062

这是Internet Explorer web浏览器中的一个内存损坏漏洞。当用户访问一个特别设计的、由攻击者控制的web页面时,可能会触发此漏洞。攻击者可以使用一种方式构造页面,这种方式会破坏目标机器上的内存,从而允许它们在当前用户的上下文中执行任意代码。微软的更新解决了浏览器在内存中处理对象的方式。

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1062

本次更新概括

产品 CVE
编号
CVE 标题 严重程度
Microsoft Graphics Component CVE-2020-1117 Microsoft Color Management 远程代码执行漏洞 Critical
Microsoft Graphics Component CVE-2020-1153 Microsoft Graphics Components 远程代码执行漏洞 Critical
Microsoft Office SharePoint CVE-2020-1023 Microsoft SharePoint 远程代码执行漏洞 Critical
Microsoft Office SharePoint CVE-2020-1024 Microsoft SharePoint 远程代码执行漏洞 Critical
Microsoft Office SharePoint CVE-2020-1069 Microsoft SharePoint Server 远程代码执行漏洞 Critical
Microsoft Office SharePoint CVE-2020-1102 Microsoft SharePoint 远程代码执行漏洞 Critical
Microsoft Scripting Engine CVE-2020-1065 Scripting Engine 内存破坏漏洞 Critical
Microsoft Windows CVE-2020-1028 Media Foundation 内存破坏漏洞 Critical
Microsoft Windows CVE-2020-1126 Media Foundation 内存破坏漏洞 Critical
Microsoft Windows CVE-2020-1136 Media Foundation 内存破坏漏洞 Critical
Visual Studio CVE-2020-1192 Visual Studio Code Python Extension 远程代码执行漏洞 Critical
Internet Explorer CVE-2020-1064 MSHTML Engine 远程代码执行漏洞 Critical
Internet Explorer CVE-2020-1093 VBScript 远程代码执行漏洞 Critical
Microsoft Edge CVE-2020-1056 Microsoft Edge 特权提升漏洞 Critical
Internet Explorer CVE-2020-1062 Internet Explorer 内存破坏漏洞 Critical
.NET Core CVE-2020-1108 .NET Core & .NET Framework 拒绝服务漏洞 Important
.NET Core CVE-2020-1161 ASP.NET Core 拒绝服务漏洞 Important
.NET Framework CVE-2020-1066 .NET Framework 特权提升漏洞 Important
Active Directory CVE-2020-1055 Microsoft Active Directory Federation Services 跨站脚本漏洞 Important
Common Log File System Driver CVE-2020-1154 Windows Common Log File System Driver 特权提升漏洞 Important
Microsoft Dynamics CVE-2020-1063 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important
Microsoft Edge CVE-2020-1059 Microsoft Edge 欺骗漏洞 Important
Microsoft Edge CVE-2020-1096 Microsoft Edge PDF 远程代码执行漏洞 Important
Microsoft Graphics Component CVE-2020-0963 Windows GDI 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2020-1054 Win32k 特权提升漏洞 Important
Microsoft Graphics Component CVE-2020-1135 Windows Graphics Component 特权提升漏洞 Important
Microsoft Graphics Component CVE-2020-1140 DirectX 特权提升漏洞 Important
Microsoft Graphics Component CVE-2020-1179 Windows GDI 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2020-1141 Windows GDI 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2020-1142 Windows GDI 特权提升漏洞 Important
Microsoft Graphics Component CVE-2020-1145 Windows GDI 信息泄露漏洞 Important
Microsoft JET Database Engine CVE-2020-1175 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2020-1051 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2020-1174 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2020-1176 Jet Database Engine 远程代码执行漏洞 Important
Microsoft Office CVE-2020-0901 Microsoft Excel 远程代码执行漏洞 Important
Microsoft Office SharePoint CVE-2020-1099 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2020-1101 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2020-1107 Microsoft SharePoint 欺骗漏洞 Important
Microsoft Office SharePoint CVE-2020-1100 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2020-1103 Microsoft SharePoint 信息泄露漏洞 Important
Microsoft Office SharePoint CVE-2020-1104 Microsoft SharePoint 欺骗漏洞 Important
Microsoft Office SharePoint CVE-2020-1105 Microsoft SharePoint 欺骗漏洞 Important
Microsoft Office SharePoint CVE-2020-1106 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Windows CVE-2020-1021 Windows Error Reporting 特权提升漏洞 Important
Microsoft Windows CVE-2020-1010 Microsoft Windows 特权提升漏洞 Important
Microsoft Windows CVE-2020-1048 Windows Print Spooler 特权提升漏洞 Important
Microsoft Windows CVE-2020-1071 Windows Remote Access Common Dialog 特权提升漏洞 Important
Microsoft Windows CVE-2020-1076 Windows 拒绝服务漏洞 Important
Microsoft Windows CVE-2020-1078 Windows Installer 特权提升漏洞 Important
Microsoft Windows CVE-2020-1084 Connected User Experiences and Telemetry Service 拒绝服务漏洞 Important
Microsoft Windows CVE-2020-1116 Windows CSRSS 信息泄露漏洞 Important
Microsoft Windows CVE-2020-1118 Microsoft Windows Transport Layer Security 拒绝服务漏洞 Important
Microsoft Windows CVE-2020-1124 Windows State Repository Service 特权提升漏洞 Important
Microsoft Windows CVE-2020-1134 Windows State Repository Service 特权提升漏洞 Important
Microsoft Windows CVE-2020-1137 Windows Push Notification Service 特权提升漏洞 Important
Microsoft Windows CVE-2020-1138 Windows Storage Service 特权提升漏洞 Important
Microsoft Windows CVE-2020-1143 Win32k 特权提升漏洞 Important
Microsoft Windows CVE-2020-1144 Windows State Repository Service 特权提升漏洞 Important
Microsoft Windows CVE-2020-1149 Windows Runtime 特权提升漏洞 Important
Microsoft Windows CVE-2020-1150 Media Foundation 内存破坏漏洞 Important
Microsoft Windows CVE-2020-1151 Windows Runtime 特权提升漏洞 Important
Microsoft Windows CVE-2020-1155 Windows Runtime 特权提升漏洞 Important
Microsoft Windows CVE-2020-1156 Windows Runtime 特权提升漏洞 Important
Microsoft Windows CVE-2020-1157 Windows Runtime 特权提升漏洞 Important
Microsoft Windows CVE-2020-1158 Windows Runtime 特权提升漏洞 Important
Microsoft Windows CVE-2020-1186 Windows State Repository Service 特权提升漏洞 Important
Microsoft Windows CVE-2020-1189 Windows State Repository Service 特权提升漏洞 Important
Microsoft Windows CVE-2020-1190 Windows State Repository Service 特权提升漏洞 Important
Microsoft Windows CVE-2020-1067 Windows 远程代码执行漏洞 Important
Microsoft Windows CVE-2020-1068 Microsoft Windows 特权提升漏洞 Important
Microsoft Windows CVE-2020-1070 Windows Print Spooler 特权提升漏洞 Important
Microsoft Windows CVE-2020-1072 Windows Kernel 信息泄露漏洞 Important
Microsoft Windows CVE-2020-1077 Windows Runtime 特权提升漏洞 Important
Microsoft Windows CVE-2020-1079 Microsoft Windows 特权提升漏洞 Important
Microsoft Windows CVE-2020-1081 Windows Printer Service 特权提升漏洞 Important
Microsoft Windows CVE-2020-1082 Windows Error Reporting 特权提升漏洞 Important
Microsoft Windows CVE-2020-1086 Windows Runtime 特权提升漏洞 Important
Microsoft Windows CVE-2020-1088 Windows Error Reporting 特权提升漏洞 Important
Microsoft Windows CVE-2020-1090 Windows Runtime 特权提升漏洞 Important
Microsoft Windows CVE-2020-1111 Windows Clipboard Service 特权提升漏洞 Important
Microsoft Windows CVE-2020-1112 Windows Background Intelligent Transfer Service 特权提升漏洞 Important
Microsoft Windows CVE-2020-1121 Windows Clipboard Service 特权提升漏洞 Important
Microsoft Windows CVE-2020-1123 Connected User Experiences and Telemetry Service 拒绝服务漏洞 Important
Microsoft Windows CVE-2020-1125 Windows Runtime 特权提升漏洞 Important
Microsoft Windows CVE-2020-1131 Windows State Repository Service 特权提升漏洞 Important
Microsoft Windows CVE-2020-1132 Windows Error Reporting Manager 特权提升漏洞 Important
Microsoft Windows CVE-2020-1139 Windows Runtime 特权提升漏洞 Important
Microsoft Windows CVE-2020-1164 Windows Runtime 特权提升漏洞 Important
Microsoft Windows CVE-2020-1165 Windows Clipboard Service 特权提升漏洞 Important
Microsoft Windows CVE-2020-1166 Windows Clipboard Service 特权提升漏洞 Important
Microsoft Windows CVE-2020-1184 Windows State Repository Service 特权提升漏洞 Important
Microsoft Windows CVE-2020-1185 Windows State Repository Service 特权提升漏洞 Important
Microsoft Windows CVE-2020-1187 Windows State Repository Service 特权提升漏洞 Important
Microsoft Windows CVE-2020-1188 Windows State Repository Service 特权提升漏洞 Important
Microsoft Windows CVE-2020-1191 Windows State Repository Service 特权提升漏洞 Important
Power BI CVE-2020-1173 Microsoft Power BI Report Server 欺骗漏洞 Important
Visual Studio CVE-2020-1171 Visual Studio Code Python Extension 远程代码执行漏洞 Important
Windows Hyper-V CVE-2020-0909 Windows Hyper-V 拒绝服务漏洞 Important
Windows Kernel CVE-2020-1114 Windows Kernel 特权提升漏洞 Important
Windows Kernel CVE-2020-1087 Windows Kernel 特权提升漏洞 Important
Windows Scripting CVE-2020-1061 Microsoft Script Runtime 远程代码执行漏洞 Important
Windows Subsystem for Linux CVE-2020-1075 Windows Subsystem for Linux 信息泄露漏洞 Important
Windows Task Scheduler CVE-2020-1113 Windows Task Scheduler 安全功能绕过漏洞 Important
Windows Update Stack CVE-2020-1110 Windows Update Stack 特权提升漏洞 Important
Windows Update Stack CVE-2020-1109 Windows Update Stack 特权提升漏洞 Important
Internet Explorer CVE-2020-1092 Internet Explorer 内存破坏漏洞 Low
Microsoft Scripting Engine CVE-2020-1035 VBScript 远程代码执行漏洞 Low
Microsoft Scripting Engine CVE-2020-1058 VBScript 远程代码执行漏洞 Low
Microsoft Scripting Engine CVE-2020-1060 VBScript 远程代码执行漏洞 Low
Microsoft Scripting Engine CVE-2020-1037 Chakra Scripting Engine 内存破坏漏洞 Moderate

微软官方已经发布更新补丁,请及时进行补丁更新。

<<上一篇

绿盟科技威胁情报月报(2020年4月)

>>下一篇

最后一页

您的联系方式

*姓名
*单位名称
*联系方式
*验证码
提交到邮箱

购买热线

  • 购买咨询:

    400-818-6868-1

  • 服务热线:

    010-68438880-5069

  • 投诉专线:

    010-59610080

提交项目需求

欢迎加入绿盟科技,成为我们的合作伙伴!
  • *请描述您的需求
  • *最终客户名称
  • *项目名称
  • 您感兴趣的产品
  • 项目预算
您的联系方式
  • *姓名
  • *联系电话
  • *邮箱
  • *职务
  • *公司
  • *城市
  • *行业
  • *验证码
  • 提交到邮箱

微博

微信

服务热线

400-818-6868

服务时间

7*24小时

© 2020 NSFOCUS 绿盟科技 www.nsfocus.com All Rights Reserved . 京公网安备 11010802021605号 京ICP备14004349号 京ICP证110355号