综述
微软于本周二发布了11月安全更新补丁,修复了112个从简单的欺骗攻击到远程执行代码的安全问题。其中Critical级别漏洞17个,Important 级别漏洞93 个,Low级别漏洞2个。强烈建议所有用户尽快安装更新。
受影响产品涉及Azure DevOps、Azure Sphere、Common Log File System Driver、Microsoft Browsers、Microsoft Dynamics、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft Office、Microsoft Office SharePoint、Microsoft Scripting Engine、Microsoft Teams、Microsoft Windows、Microsoft Windows Codecs Library、Visual Studio、Windows Defender、Windows Kernel、Windows NDIS、Windows Update Stack以及Windows WalletService。
Critical & Important漏洞概述
分 Critical 及Important 漏洞描述如下:
- Windows内核本地特权提升漏洞(CVE-2020-17087)
本月2号,Google Project Zero团队发布了一篇关于Windows cng.sys提权漏洞(CVE-2020-17087)的文章。该漏洞允许攻击者在未授权的情况下,通过诱使用户运行精心制作的恶意程序,达到权限提升的效果。当时CVE-2020-17087已经有在野利用的行为出现,并且微软官方没有发布相关补丁。
在本次更新中,该漏洞被修复。请受影响用户尽快安装补丁进行防护。
官方评级 Important,CVSS:3.0 7.8/7.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087
- Windows网络文件系统(NFS)漏洞(CVE-2020-17051/ 17056)
CVE-2020-17051是一个存在于nfssvr.sys驱动中的远程代码执行漏洞,可导致蓝屏死机(BSOD)。
CVE-2020-17056是一个存在于nfssvr.sys驱动中的远程内核数据读取漏洞,可导致ASLR(地址空间布局随机化)被绕过。
当这两个漏洞被组合利用时,在Windows服务器上绕过漏洞缓解措施并实现远程利用的可能性大大增加。
NFS用于在Windows和Unix/Linux环境中做文件共享。
CVE-2020-17051官方评级 Critical,CVSS:3.0 9.8/8.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2020-17056官方评级 Important,CVSS:3.0 5.5/4.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17051
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17056
- Microsoft Exchange服务器漏洞(CVE-2020-17083/17084/17085)
CVE-2020-17083和CVE-2020-17084是存在于Microsoft Exchange服务器中的远程代码执行漏洞。 CVE-2020-17085是一枚拒绝服务漏洞。
三个漏洞官方评级均为 Important。
CVE-2020-17083 CVSS:3.0 5.5/4.8
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C
CVE-2020-17084 CVSS:3.0 8.5/7.4
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2020-17085 CVSS:3.0 6.2/5.4
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17083
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17084
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17085
- Windows Hyper-V 安全功能绕过漏洞(CVE-2020-17040)
Hyper-V 中存在一个利用复杂度低、无需特权、无需用户交互的安全功能绕过漏洞。
官方评级 Important,CVSS:3.0 6.5/5.7
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17040
本次更新概括
| 产品 | CVE 编号 | CVE 标题 | 严重程度 |
| Azure Sphere | CVE-2020-16988 | Azure Sphere 特权提升漏洞 | Critical |
| Microsoft Browsers | CVE-2020-17058 | Microsoft Browser 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2020-17048 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2020-17052 | Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2020-17053 | Internet Explorer 内存破坏漏洞 | Critical |
| Microsoft Windows | CVE-2020-17042 | Windows Print Spooler 远程代码执行漏洞 | Critical |
| Microsoft Windows | CVE-2020-17051 | Windows Network File System 远程代码执行漏洞 | Critical |
| Microsoft Windows Codecs Library | CVE-2020-17078 | Raw Image Extension 远程代码执行漏洞 | Critical |
| Microsoft Windows Codecs Library | CVE-2020-17079 | Raw Image Extension 远程代码执行漏洞 | Critical |
| Microsoft Windows Codecs Library | CVE-2020-17101 | HEIF Image Extensions 远程代码执行漏洞 | Critical |
| Microsoft Windows Codecs Library | CVE-2020-17105 | AV1 Video Extension 远程代码执行漏洞 | Critical |
| Microsoft Windows Codecs Library | CVE-2020-17106 | HEVC Video Extensions 远程代码执行漏洞 | Critical |
| Microsoft Windows Codecs Library | CVE-2020-17107 | HEVC Video Extensions 远程代码执行漏洞 | Critical |
| Microsoft Windows Codecs Library | CVE-2020-17108 | HEVC Video Extensions 远程代码执行漏洞 | Critical |
| Microsoft Windows Codecs Library | CVE-2020-17109 | HEVC Video Extensions 远程代码执行漏洞 | Critical |
| Microsoft Windows Codecs Library | CVE-2020-17110 | HEVC Video Extensions 远程代码执行漏洞 | Critical |
| Microsoft Windows Codecs Library | CVE-2020-17082 | Raw Image Extension 远程代码执行漏洞 | Critical |
| Azure DevOps | CVE-2020-1325 | Azure DevOps Server and Team Foundation Services 欺骗漏洞 | Important |
| Azure Sphere | CVE-2020-16970 | Azure Sphere Unsigned Code Execution Vulnerability | Important |
| Azure Sphere | CVE-2020-16981 | Azure Sphere 特权提升漏洞 | Important |
| Azure Sphere | CVE-2020-16982 | Azure Sphere Unsigned Code Execution Vulnerability | Important |
| Azure Sphere | CVE-2020-16983 | Azure Sphere Tampering Vulnerability | Important |
| Azure Sphere | CVE-2020-16984 | Azure Sphere Unsigned Code Execution Vulnerability | Important |
| Azure Sphere | CVE-2020-16985 | Azure Sphere 信息泄露漏洞 | Important |
| Azure Sphere | CVE-2020-16986 | Azure Sphere 拒绝服务漏洞 | Important |
| Azure Sphere | CVE-2020-16987 | Azure Sphere Unsigned Code Execution Vulnerability | Important |
| Azure Sphere | CVE-2020-16989 | Azure Sphere 特权提升漏洞 | Important |
| Azure Sphere | CVE-2020-16990 | Azure Sphere 信息泄露漏洞 | Important |
| Azure Sphere | CVE-2020-16991 | Azure Sphere Unsigned Code Execution Vulnerability | Important |
| Azure Sphere | CVE-2020-16992 | Azure Sphere 特权提升漏洞 | Important |
| Azure Sphere | CVE-2020-16993 | Azure Sphere 特权提升漏洞 | Important |
| Azure Sphere | CVE-2020-16994 | Azure Sphere Unsigned Code Execution Vulnerability | Important |
| Common Log File System Driver | CVE-2020-17088 | Windows Common Log File System Driver 特权提升漏洞 | Important |
| Microsoft Dynamics | CVE-2020-17005 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2020-17006 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2020-17018 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2020-17021 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Exchange Server | CVE-2020-17083 | Microsoft Exchange Server 远程代码执行漏洞 | Important |
| Microsoft Exchange Server | CVE-2020-17084 | Microsoft Exchange Server 远程代码执行漏洞 | Important |
| Microsoft Exchange Server | CVE-2020-17085 | Microsoft Exchange Server 拒绝服务漏洞 | Important |
| Microsoft Graphics Component | CVE-2020-16998 | DirectX 特权提升漏洞 | Important |
| Microsoft Graphics Component | CVE-2020-17004 | Windows Graphics Component 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2020-17068 | Windows GDI+ 远程代码执行漏洞 | Important |
| Microsoft Graphics Component | CVE-2020-17029 | Windows Canonical Display Driver 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2020-17038 | Win32k 特权提升漏洞 | Important |
| Microsoft Office | CVE-2020-17019 | Microsoft Excel 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2020-17020 | Microsoft Word 安全功能绕过漏洞 | Important |
| Microsoft Office | CVE-2020-17062 | Microsoft Office Access Connectivity Engine 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2020-17063 | Microsoft Office Online 欺骗漏洞 | Important |
| Microsoft Office | CVE-2020-17064 | Microsoft Excel 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2020-17065 | Microsoft Excel 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2020-17066 | Microsoft Excel 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2020-17067 | Microsoft Excel 安全功能绕过漏洞 | Important |
| Microsoft Office SharePoint | CVE-2020-16979 | Microsoft SharePoint 信息泄露漏洞 | Important |
| Microsoft Office SharePoint | CVE-2020-17016 | Microsoft SharePoint 欺骗漏洞 | Important |
| Microsoft Office SharePoint | CVE-2020-17017 | Microsoft SharePoint 信息泄露漏洞 | Important |
| Microsoft Office SharePoint | CVE-2020-17060 | Microsoft SharePoint 欺骗漏洞 | Important |
| Microsoft Office SharePoint | CVE-2020-17061 | Microsoft SharePoint 远程代码执行漏洞 | Important |
| Microsoft Scripting Engine | CVE-2020-17054 | Chakra Scripting Engine 内存破坏漏洞 | Important |
| Microsoft Teams | CVE-2020-17091 | Microsoft Teams 远程代码执行漏洞 | Important |
| Microsoft Windows | CVE-2020-16997 | Remote Desktop Protocol Server 信息泄露漏洞 | Important |
| Microsoft Windows | CVE-2020-17000 | Remote Desktop Protocol Client 信息泄露漏洞 | Important |
| Microsoft Windows | CVE-2020-17001 | Windows Print Spooler 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2020-17055 | Windows Remote Access 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2020-17056 | Windows Network File System 信息泄露漏洞 | Important |
| Microsoft Windows | CVE-2020-17057 | Windows Win32k 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2020-1599 | Windows 欺骗漏洞 | Important |
| Microsoft Windows | CVE-2020-17007 | Windows Error Reporting 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2020-17010 | Win32k 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2020-17011 | Windows Port Class Library 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2020-17012 | Windows Bind Filter Driver 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2020-17013 | Win32k 信息泄露漏洞 | Important |
| Microsoft Windows | CVE-2020-17014 | Windows Print Spooler 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2020-17024 | Windows Client Side Rendering Print Provider 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2020-17025 | Windows Remote Access 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2020-17026 | Windows Remote Access 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2020-17027 | Windows Remote Access 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2020-17028 | Windows Remote Access 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2020-17030 | Windows MSCTF Server 信息泄露漏洞 | Important |
| Microsoft Windows | CVE-2020-17031 | Windows Remote Access 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2020-17032 | Windows Remote Access 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2020-17033 | Windows Remote Access 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2020-17034 | Windows Remote Access 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2020-17036 | Windows Function Discovery SSDP Provider 信息泄露漏洞 | Important |
| Microsoft Windows | CVE-2020-17040 | Windows Hyper-V 安全功能绕过漏洞 | Important |
| Microsoft Windows | CVE-2020-17041 | Windows Print Configuration 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2020-17043 | Windows Remote Access 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2020-17044 | Windows Remote Access 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2020-17045 | Windows KernelStream 信息泄露漏洞 | Important |
| Microsoft Windows | CVE-2020-17047 | Windows Network File System 拒绝服务漏洞 | Important |
| Microsoft Windows | CVE-2020-17049 | Kerberos 安全功能绕过漏洞 | Important |
| Microsoft Windows Codecs Library | CVE-2020-17102 | WebP Image Extensions 信息泄露漏洞 | Important |
| Microsoft Windows Codecs Library | CVE-2020-17113 | Windows Camera Codec 信息泄露漏洞 | Important |
| Microsoft Windows Codecs Library | CVE-2020-17081 | Microsoft Raw Image Extension 信息泄露漏洞 | Important |
| Microsoft Windows Codecs Library | CVE-2020-17086 | Raw Image Extension 远程代码执行漏洞 | Important |
| Visual Studio | CVE-2020-17100 | Visual Studio Tampering Vulnerability | Important |
| Visual Studio | CVE-2020-17104 | Visual Studio Code JSHint Extension 远程代码执行漏洞 | Important |
| Windows Defender | CVE-2020-17090 | Microsoft Defender for Endpoint 安全功能绕过漏洞 | Important |
| Windows Kernel | CVE-2020-17087 | Windows Kernel Local 特权提升漏洞 | Important |
| Windows Kernel | CVE-2020-17035 | Windows Kernel 特权提升漏洞 | Important |
| Windows NDIS | CVE-2020-17069 | Windows NDIS 信息泄露漏洞 | Important |
| Windows Update Stack | CVE-2020-17070 | Windows Update Medic Service 特权提升漏洞 | Important |
| Windows Update Stack | CVE-2020-17071 | Windows Delivery Optimization 信息泄露漏洞 | Important |
| Windows Update Stack | CVE-2020-17073 | Windows Update Orchestrator Service 特权提升漏洞 | Important |
| Windows Update Stack | CVE-2020-17074 | Windows Update Orchestrator Service 特权提升漏洞 | Important |
| Windows Update Stack | CVE-2020-17075 | Windows USO Core Worker 特权提升漏洞 | Important |
| Windows Update Stack | CVE-2020-17076 | Windows Update Orchestrator Service 特权提升漏洞 | Important |
| Windows Update Stack | CVE-2020-17077 | Windows Update Stack 特权提升漏洞 | Important |
| Windows WalletService | CVE-2020-16999 | Windows WalletService 信息泄露漏洞 | Important |
| Windows WalletService | CVE-2020-17037 | Windows WalletService 特权提升漏洞 | Important |
| Microsoft Office SharePoint | CVE-2020-17015 | Microsoft SharePoint 欺骗漏洞 | Low |
| Microsoft Windows | CVE-2020-17046 | Windows Error Reporting 拒绝服务漏洞 | Low |
修复建议
微软官方已经发布更新补丁,请及时进行补丁更新。