微软2019年1月安全补丁修复绕过以及信息泄露
|
2019-05-17
近日,腾讯云安全中心监测到微软发布了 2019 年 1 月安全补丁更新,共披露了 49 个安全漏洞,其中包含 7 个严重漏洞,攻击者可利用漏洞实施远程代码执行等攻击。
为避免您的业务受影响,腾讯云安全中心建议您及时开展安全自查,如在受影响范围,请您及时进行更新修复,避免被外部攻击者入侵。
【漏洞详情】
严重漏洞(7个):
CVE-2019-0550 - Windows Hyper-V remote code execution vulnerability
CVE-2019-0551 - Windows Hyper-V remote code execution vulnerability
CVE-2019-0539 - Chakra Scripting Engine memory corruption vulnerability
CVE-2019-0567 - Chakra Scripting Engine memory corruption vulnerability
CVE-2019-0568 - Chakra Scripting Engine memory corruption vulnerability
CVE-2019-0547 - Windows DHCP client memory corruption vulnerability
CVE-2019-0565 - Microsoft Edge memory corruption vulnerability
重要漏洞(41个):
CVE-2019-0555 - Microsoft XmlDocument escalation of privilege vulnerability
CVE-2019-0572 - Windows Data Sharing elevation of privilege vulnerability
CVE-2019-0573 - Windows Data Sharing elevation of privilege vulnerability
CVE-2019-0574 - Windows Data Sharing elevation of privilege vulnerability
CVE-2019-0536 - Windows kernel information disclosure vulnerability
CVE-2019-0537 - Visual Studio information disclosure vulnerability
CVE-2019-0538 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0541 - MSHTML engine remote code execution vulnerability
CVE-2019-0543 - Windows elevation of privilege vulnerability
CVE-2019-0545 - .NET Framework and .NET Core information disclosure vulnerability
CVE-2019-0548 - ASP.NET Core denial of service vulnerability
CVE-2019-0549 - Windows kernel information disclosure vulnerability
CVE-2019-0552 - Windows COM Desktop Broker elevation of privilege vulnerability
CVE-2019-0553 - Windows Subsystem for Linux information disclosure vulnerability
CVE-2019-0554 - Windows kernel information disclosure vulnerability
CVE-2019-0556 - Microsoft SharePoint Server cross-site-scripting (XSS) vulnerability
CVE-2019-0557 - Microsoft SharePoint Server cross-site-scripting (XSS) vulnerability
CVE-2019-0558 - Microsoft SharePoint Server cross-site-scripting (XSS) vulnerability
CVE-2019-0559 - Microsoft Outlook information disclosure vulnerability
CVE-2019-0560 - Microsoft Office information disclosure vulnerability
CVE-2019-0561 - Microsoft Word information disclosure vulnerability
CVE-2019-0562 - Microsoft SharePoint Server elevation of privilege vulnerability
CVE-2019-0564 - ASP.NET Core denial of service vulnerability
CVE-2019-0566 - Microsoft Edge Browser Broker COM object elevation of privilege vulnerability
CVE-2019-0569 - Windows kernel information disclosure vulnerability
CVE-2019-0570 - Windows Runtime elevation of privilege vulnerability
CVE-2019-0571 - Windows Data Sharing Service elevation of privilege vulnerability
CVE-2019-0575 - Windows Data Sharing Service remote code execution vulnerability
CVE-2019-0576 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0577 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0578 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0579 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0580 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0581 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0582 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0583 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0584 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0585 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0586 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0588 - Microsoft Exchange PowerShell API information disclosure vulnerability
CVE-2019-0542 - 暂未披露详细信息
【风险等级】
高风险
【漏洞风险】
代码执行、权限提升、安全绕过以及信息泄露
【影响版本】
目前已知受影响产品如下:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office
ChakraCore
.NET Framework
ASP.NET
Microsoft Exchange Server
Microsoft Visual Studio
【修复建议】
目前微软官方均已发布漏洞修复更新,腾讯云安全团队建议您:
1)不要打开来历不明的文件或者链接,避免被被攻击者利用在机器上执行恶意代码;
2)打开Windows Update更新功能,点击“检查更新”,根据业务情况开展评估,下载安装相应的安全补丁;
3)补丁更新完毕后,重启系统生效,并观察系统及业务运行状态;
您也可以直接通过微软官方链接进行下载安装,补丁下载地址:https://portal.msrc.microsoft.com/en-us/security-guidance
【备注】建议您在安装补丁前做好数据备份工作,避免出现意外。
【漏洞参考】
编辑:航网科技 来源:腾讯云 本文版权归原作者所有 转载请注明出处
关注我们
微信扫一扫关注我们
推荐阅读
