【威胁通告】微软发布9月补丁修复81个安全问题

微软于周二发布了9月安全更新补丁,修复了81个从简单的欺骗攻击到远程执行代码的安全问题

综述

微软于周二发布了9月安全更新补丁,修复了81个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Core、.NET Framework、Active Directory、Adobe Flash Player、ASP.NET、Common Log File System Driver、Microsoft Browsers、Microsoft Edge、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft JET Database Engine、Microsoft Office、Microsoft Office SharePoint、Microsoft Scripting Engine、Microsoft Windows、Microsoft Yammer、Project Rome、Servicing Stack Updates、Skype for Business and Microsoft Lync、Team Foundation Server、Visual Studio、Windows Hyper-V、Windows Kernel以及Windows RDP。

相关信息如下:

产品 CVE 编号 CVE 标题 严重程度
.NET Core CVE-2019-1301 .NET Core 拒绝服务漏洞 Important
.NET Framework CVE-2019-1142 .NET Framework 特权提升漏洞 Important
Active Directory CVE-2019-1273 Active Directory Federation Services XSS Vulnerability Important
Adobe Flash Player ADV190022 September 2019 Adobe Flash 安全更新 Critical
ASP.NET CVE-2019-1302 ASP.NET Core Elevation Of Privilege Vulnerability Important
Common Log File System Driver CVE-2019-1214 Windows Common Log File System Driver 特权提升漏洞 Important
Common Log File System Driver CVE-2019-1282 Windows Common Log File System Driver 信息泄露漏洞 Important
Microsoft Browsers CVE-2019-1220 Microsoft Browser 安全功能绕过漏洞 Important
Microsoft Edge CVE-2019-1299 Microsoft Edge based on Edge HTML 信息泄露漏洞 Important
Microsoft Exchange Server CVE-2019-1233 Microsoft Exchange 拒绝服务漏洞 Important
Microsoft Exchange Server CVE-2019-1266 Microsoft Exchange 欺骗漏洞 Important
Microsoft Graphics Component CVE-2019-1216 DirectX 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2019-1244 DirectWrite 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2019-1245 DirectWrite 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2019-1251 DirectWrite 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2019-1252 Windows GDI 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2019-1283 Microsoft Graphics Components 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2019-1284 DirectX 特权提升漏洞 Important
Microsoft Graphics Component CVE-2019-1286 Windows GDI 信息泄露漏洞 Important
Microsoft JET Database Engine CVE-2019-1240 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2019-1241 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2019-1242 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2019-1243 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2019-1246 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2019-1247 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2019-1248 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2019-1249 Jet Database Engine 远程代码执行漏洞 Important
Microsoft JET Database Engine CVE-2019-1250 Jet Database Engine 远程代码执行漏洞 Important
Microsoft Office CVE-2019-1297 Microsoft Excel 远程代码执行漏洞 Important
Microsoft Office CVE-2019-1263 Microsoft Excel 信息泄露漏洞 Important
Microsoft Office CVE-2019-1264 Microsoft Office 安全功能绕过漏洞 Important
Microsoft Office SharePoint CVE-2019-1257 Microsoft SharePoint 远程代码执行漏洞 Critical
Microsoft Office SharePoint CVE-2019-1259 Microsoft SharePoint 欺骗漏洞 Moderate
Microsoft Office SharePoint CVE-2019-1260 Microsoft SharePoint 特权提升漏洞 Important
Microsoft Office SharePoint CVE-2019-1261 Microsoft SharePoint 欺骗漏洞 Important
Microsoft Office SharePoint CVE-2019-1262 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2019-1295 Microsoft SharePoint 远程代码执行漏洞 Critical
Microsoft Office SharePoint CVE-2019-1296 Microsoft SharePoint 远程代码执行漏洞 Critical
Microsoft Scripting Engine CVE-2019-1138 Chakra Scripting Engine 内存破坏漏洞 Moderate
Microsoft Scripting Engine CVE-2019-1208 VBScript 远程代码执行漏洞 Critical
Microsoft Scripting Engine CVE-2019-1217 Chakra Scripting Engine 内存破坏漏洞 Critical
Microsoft Scripting Engine CVE-2019-1221 Scripting Engine 内存破坏漏洞 Critical
Microsoft Scripting Engine CVE-2019-1236 VBScript 远程代码执行漏洞 Critical
Microsoft Scripting Engine CVE-2019-1237 Chakra Scripting Engine 内存破坏漏洞 Critical
Microsoft Scripting Engine CVE-2019-1298 Chakra Scripting Engine 内存破坏漏洞 Moderate
Microsoft Scripting Engine CVE-2019-1300 Chakra Scripting Engine 内存破坏漏洞 Critical
Microsoft Windows CVE-2019-1215 Windows 特权提升漏洞 Important
Microsoft Windows CVE-2019-1219 Windows Transaction Manager 信息泄露漏洞 Important
Microsoft Windows CVE-2019-1267 Microsoft Compatibility Appraiser 特权提升漏洞 Important
Microsoft Windows CVE-2019-1268 Winlogon 特权提升漏洞 Important
Microsoft Windows CVE-2019-1269 Windows ALPC 特权提升漏洞 Important
Microsoft Windows CVE-2019-1270 Microsoft Windows Store Installer 特权提升漏洞 Important
Microsoft Windows CVE-2019-1271 Windows Media 特权提升漏洞 Important
Microsoft Windows CVE-2019-1272 Windows ALPC 特权提升漏洞 Important
Microsoft Windows CVE-2019-1235 Windows Text Service Framework 特权提升漏洞 Important
Microsoft Windows CVE-2019-1253 Windows 特权提升漏洞 Important
Microsoft Windows CVE-2019-1277 Windows Audio Service 特权提升漏洞 Important
Microsoft Windows CVE-2019-1278 Windows 特权提升漏洞 Important
Microsoft Windows CVE-2019-1280 LNK 远程代码执行漏洞 Critical
Microsoft Windows CVE-2019-1287 Windows Network Connectivity Assistant 特权提升漏洞 Important
Microsoft Windows CVE-2019-1289 Windows Update Delivery Optimization 特权提升漏洞 Important
Microsoft Windows CVE-2019-1292 Windows 拒绝服务漏洞 Important
Microsoft Windows CVE-2019-1294 Windows Secure Boot 安全功能绕过漏洞 Important
Microsoft Windows CVE-2019-1303 Windows 特权提升漏洞 Important
Microsoft Yammer CVE-2019-1265 Microsoft Yammer 安全功能绕过漏洞 Important
Project Rome CVE-2019-1231 Rome SDK 信息泄露漏洞 Important
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical
Skype for Business and Microsoft Lync CVE-2019-1209 Lync 2013 信息泄露漏洞 Important
Team Foundation Server CVE-2019-1305 Team Foundation Server Cross-site Scripting Vulnerability Important
Team Foundation Server CVE-2019-1306 Azure DevOps and Team Foundation Server 远程代码执行漏洞 Critical
Visual Studio CVE-2019-1232 Diagnostics Hub Standard Collector Service 特权提升漏洞 Important
Windows Hyper-V CVE-2019-0928 Windows Hyper-V 拒绝服务漏洞 Important
Windows Hyper-V CVE-2019-1254 Windows Hyper-V 信息泄露漏洞 Important
Windows Kernel CVE-2019-1274 Windows Kernel 信息泄露漏洞 Important
Windows Kernel CVE-2019-1256 Win32k 特权提升漏洞 Important
Windows Kernel CVE-2019-1285 Win32k 特权提升漏洞 Important
Windows Kernel CVE-2019-1293 Windows SMB Client Driver 信息泄露漏洞 Important
Windows RDP CVE-2019-0787 Remote Desktop Client 远程代码执行漏洞 Critical
Windows RDP CVE-2019-0788 Remote Desktop Client 远程代码执行漏洞 Critical
Windows RDP CVE-2019-1290 Remote Desktop Client 远程代码执行漏洞 Critical
Windows RDP CVE-2019-1291 Remote Desktop Client 远程代码执行漏洞 Critical

 

修复建议

微软官方已经发布更新补丁,请及时进行补丁更新。

 

完整报告原文下载:

微软发布9月补丁修复81个安全问题

Spread the word. Share this post!

Meet The Author

Leave Comment