【漏洞详情】
微软于本周二发布了2019年11月安全补丁,共修复安全漏洞74个,包含Microsoft Exchange 远程代码执行、Scripting Engine 内存破坏、Microsoft Windows Win32k远程代码执行等13个高危漏洞,修复详细漏洞列表如下,请受影响的用户综合评估漏洞风险,并选择升级相关补丁。
序号 |
产品 |
CVE 编号 |
CVE 标题 |
严重程度 |
1 |
Microsoft Exchange Server |
CVE-2019-1373 |
Microsoft Exchange 远程代码执行漏洞 |
Critical |
2 |
Microsoft Graphics Component |
CVE-2019-1441 |
Win32k Graphics 远程代码执行漏洞 |
Critical |
3 |
Microsoft Graphics Component |
CVE-2019-1419 |
OpenType Font Parsing 远程代码执行漏洞 |
Critical |
4 |
Microsoft Scripting Engine |
CVE-2019-1429 |
Scripting Engine 内存破坏漏洞 |
Critical |
5 |
Microsoft Scripting Engine |
CVE-2019-1390 |
VBScript 远程代码执行漏洞 |
Critical |
6 |
Microsoft Scripting Engine |
CVE-2019-1427 |
Scripting Engine 内存破坏漏洞 |
Critical |
7 |
Microsoft Scripting Engine |
CVE-2019-1428 |
Scripting Engine 内存破坏漏洞 |
Critical |
8 |
Windows Hyper-V |
CVE-2019-0719 |
Hyper-V 远程代码执行漏洞 |
Critical |
9 |
Windows Hyper-V |
CVE-2019-0721 |
Hyper-V 远程代码执行漏洞 |
Critical |
10 |
Windows Hyper-V |
CVE-2019-1389 |
Windows Hyper-V 远程代码执行漏洞 |
Critical |
11 |
Windows Hyper-V |
CVE-2019-1397 |
Windows Hyper-V 远程代码执行漏洞 |
Critical |
12 |
Windows Hyper-V |
CVE-2019-1398 |
Windows Hyper-V 远程代码执行漏洞 |
Critical |
13 |
Windows Media Player |
CVE-2019-1430 |
Microsoft Windows Media Foundation 远程代码执行漏洞 |
Critical |
14 |
Azure Stack |
CVE-2019-1234 |
Azure Stack 欺骗漏洞 |
Important |
15 |
Graphic Fonts |
CVE-2019-1456 |
OpenType Font Parsing 远程代码执行漏洞 |
Important |
16 |
Microsoft Edge |
CVE-2019-1413 |
Microsoft Edge 安全功能绕过漏洞 |
Important |
17 |
Microsoft Graphics Component |
CVE-2019-1432 |
DirectWrite 信息泄露漏洞 |
Important |
18 |
Microsoft Graphics Component |
CVE-2019-1433 |
Windows Graphics Component 特权提升漏洞 |
Important |
19 |
Microsoft Graphics Component |
CVE-2019-1434 |
Win32k 特权提升漏洞 |
Important |
20 |
Microsoft Graphics Component |
CVE-2019-1435 |
Windows Graphics Component 特权提升漏洞 |
Important |
21 |
Microsoft Graphics Component |
CVE-2019-1436 |
Win32k 信息泄露漏洞 |
Important |
22 |
Microsoft Graphics Component |
CVE-2019-1437 |
Windows Graphics Component 特权提升漏洞 |
Important |
23 |
Microsoft Graphics Component |
CVE-2019-1438 |
Windows Graphics Component 特权提升漏洞 |
Important |
24 |
Microsoft Graphics Component |
CVE-2019-1439 |
Windows GDI 信息泄露漏洞 |
Important |
25 |
Microsoft Graphics Component |
CVE-2019-1440 |
Win32k 信息泄露漏洞 |
Important |
26 |
Microsoft Graphics Component |
CVE-2019-1393 |
Win32k 特权提升漏洞 |
Important |
27 |
Microsoft Graphics Component |
CVE-2019-1394 |
Win32k 特权提升漏洞 |
Important |
28 |
Microsoft Graphics Component |
CVE-2019-1395 |
Win32k 特权提升漏洞 |
Important |
29 |
Microsoft Graphics Component |
CVE-2019-1396 |
Win32k 特权提升漏洞 |
Important |
30 |
Microsoft Graphics Component |
CVE-2019-1407 |
Windows Graphics Component 特权提升漏洞 |
Important |
31 |
Microsoft Graphics Component |
CVE-2019-1408 |
Win32k 特权提升漏洞 |
Important |
32 |
Microsoft Graphics Component |
CVE-2019-1411 |
DirectWrite 信息泄露漏洞 |
Important |
33 |
Microsoft Graphics Component |
CVE-2019-1412 |
OpenType Font Driver 信息泄露漏洞 |
Important |
34 |
Microsoft JET Database Engine |
CVE-2019-1406 |
Jet Database Engine 远程代码执行漏洞 |
Important |
35 |
Microsoft Office |
CVE-2019-1457 |
Microsoft Office Excel Security Feature Bypass |
Important |
36 |
Microsoft Office |
CVE-2019-1402 |
Microsoft Office 信息泄露漏洞 |
Important |
37 |
Microsoft Office |
CVE-2019-1445 |
Microsoft Office Online 欺骗漏洞 |
Important |
38 |
Microsoft Office |
CVE-2019-1446 |
Microsoft Excel 信息泄露漏洞 |
Important |
39 |
Microsoft Office |
CVE-2019-1447 |
Microsoft Office Online 欺骗漏洞 |
Important |
40 |
Microsoft Office |
CVE-2019-1448 |
Microsoft Excel 远程代码执行漏洞 |
Important |
41 |
Microsoft Office |
CVE-2019-1449 |
Microsoft Office ClickToRun 安全功能绕过漏洞 |
Important |
42 |
Microsoft Office SharePoint |
CVE-2019-1442 |
Microsoft Office 安全功能绕过漏洞 |
Important |
43 |
Microsoft Office SharePoint |
CVE-2019-1443 |
Microsoft SharePoint 信息泄露漏洞 |
Important |
44 |
Microsoft RPC |
CVE-2019-1409 |
Windows Remote Procedure Call 信息泄露漏洞 |
Important |
45 |
Microsoft Windows |
CVE-2019-1374 |
Windows Error Reporting 信息泄露漏洞 |
Important |
46 |
Microsoft Windows |
CVE-2019-1415 |
Windows Installer 特权提升漏洞 |
Important |
47 |
Microsoft Windows |
CVE-2019-1417 |
Windows Data Sharing Service 特权提升漏洞 |
Important |
48 |
Microsoft Windows |
CVE-2019-1418 |
Windows Modules Installer Service 信息泄露漏洞 |
Important |
49 |
Microsoft Windows |
CVE-2018-12207 |
Windows 拒绝服务漏洞 |
Important |
50 |
Microsoft Windows |
CVE-2019-1324 |
Windows TCP/IP 信息泄露漏洞 |
Important |
51 |
Microsoft Windows |
CVE-2019-1379 |
Windows Data Sharing Service 特权提升漏洞 |
Important |
52 |
Microsoft Windows |
CVE-2019-1380 |
Microsoft splwow64 特权提升漏洞 |
Important |
53 |
Microsoft Windows |
CVE-2019-1381 |
Microsoft Windows 信息泄露漏洞 |
Important |
54 |
Microsoft Windows |
CVE-2019-1382 |
Microsoft ActiveX Installer Service 特权提升漏洞 |
Important |
55 |
Microsoft Windows |
CVE-2019-1383 |
Windows Data Sharing Service 特权提升漏洞 |
Important |
56 |
Microsoft Windows |
CVE-2019-1384 |
Microsoft Windows 安全功能绕过漏洞 |
Important |
57 |
Microsoft Windows |
CVE-2019-1385 |
Windows AppX Deployment Extensions 特权提升漏洞 |
Important |
58 |
Microsoft Windows |
CVE-2019-1388 |
Windows Certificate Dialog 特权提升漏洞 |
Important |
59 |
Microsoft Windows |
CVE-2019-1391 |
Windows 拒绝服务漏洞 |
Important |
60 |
Microsoft Windows |
CVE-2019-1405 |
Windows UPnP Service 特权提升漏洞 |
Important |
61 |
Microsoft Windows |
CVE-2019-1420 |
Windows 特权提升漏洞 |
Important |
62 |
Microsoft Windows |
CVE-2019-1422 |
Windows 特权提升漏洞 |
Important |
63 |
Microsoft Windows |
CVE-2019-1423 |
Windows 特权提升漏洞 |
Important |
64 |
Microsoft Windows |
CVE-2019-1424 |
NetLogon 安全功能绕过漏洞 |
Important |
65 |
Open Source Software |
CVE-2019-1370 |
Open Enclave SDK 信息泄露漏洞 |
Important |
66 |
Visual Studio |
CVE-2019-1425 |
Visual Studio 特权提升漏洞 |
Important |
67 |
Windows Hyper-V |
CVE-2019-0712 |
Windows Hyper-V 拒绝服务漏洞 |
Important |
68 |
Windows Hyper-V |
CVE-2019-1309 |
Windows Hyper-V 拒绝服务漏洞 |
Important |
69 |
Windows Hyper-V |
CVE-2019-1310 |
Windows Hyper-V 拒绝服务漏洞 |
Important |
70 |
Windows Hyper-V |
CVE-2019-1399 |
Windows Hyper-V 拒绝服务漏洞 |
Important |
71 |
Windows Kernel |
CVE-2019-11135 |
Windows Kernel 信息泄露漏洞 |
Important |
72 |
Windows Kernel |
CVE-2019-1392 |
Windows Kernel 特权提升漏洞 |
Important |
73 |
Windows Subsystem for Linux |
CVE-2019-1416 |
Windows Subsystem for Linux 特权提升漏洞 |
Important |
74 |
Microsoft Scripting Engine |
CVE-2019-1426 |
Scripting Engine 内存破坏漏洞 |
Moderate |
【风险评级】
高危
【影响范围】
本次修复漏洞涉及如下产品:
l Microsoft Exchange Server
l Microsoft Graphics Component
l Microsoft Scripting Engine
l Windows Hyper-V
l Windows Media Player
l Azure Stack
l Graphic Fonts
l Microsoft Edge
l Microsoft JET Database Engine
l Microsoft Office
l Microsoft Office SharePoint
l Microsoft RPC
l Microsoft Windows
l Open Source Software
l Visual Studio
l Windows Kernel
l Windows Subsystem for Linux
【修复建议】
建议用户关注并依据实际业务评估漏洞风险影响,选择更新相关产品补丁,以提高系统安全性;
修复方法:打开 Windows Update 更新功能,点击“检查更新”按钮,依据业务需求下载安装相关安全补丁,安装完毕后重启系统,并检查系统运行情况。
【参考链接】
https://portal.msrc.microsoft.com/en-us/security-guidance
特别提醒:修复漏洞前请进行充分测试,并务必做好数据备份和快照,防止出现意外。
平安云
2019年11月14日