【威胁通告】微软发布10月补丁修复61个安全问题

微软于周二发布了10月安全更新补丁,修复了61个从简单的欺骗攻击到远程执行代码的安全问题

综述

微软于周二发布了10月安全更新补丁,修复了61个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及Azure、Internet Explorer、Microsoft Browsers、Microsoft Devices、Microsoft Dynamics、Microsoft Edge、Microsoft Graphics Component、Microsoft JET Database Engine、Microsoft Office、Microsoft Office SharePoint、Microsoft Scripting Engine、Microsoft Windows、Open Source Software、Secure Boot、Servicing Stack Updates、SQL Server、Windows Hyper-V、Windows IIS、Windows Installer、Windows Kernel、Windows NTLM、Windows RDP以及Windows Update Stack。

相关信息如下:

产品CVE 编号CVE 标题严重程度
AzureCVE-2019-1372Azure App Service 远程代码执行漏洞Critical
Internet ExplorerCVE-2019-1371Internet Explorer 内存破坏漏洞Important
Microsoft BrowsersCVE-2019-0608Microsoft Browser 欺骗漏洞Important
Microsoft BrowsersCVE-2019-1357Microsoft Browser 欺骗漏洞Important
Microsoft DevicesCVE-2019-1314Windows 10 Mobile 安全功能绕过漏洞Important
Microsoft DynamicsCVE-2019-1375Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityImportant
Microsoft EdgeCVE-2019-1356Microsoft Edge based on Edge HTML 信息泄露漏洞Important
Microsoft Graphics ComponentCVE-2019-1361Microsoft Graphics Components 信息泄露漏洞Important
Microsoft Graphics ComponentCVE-2019-1362Win32k 特权提升漏洞Important
Microsoft Graphics ComponentCVE-2019-1363Windows GDI 信息泄露漏洞Important
Microsoft Graphics ComponentCVE-2019-1364Win32k 特权提升漏洞Important
Microsoft JET Database EngineCVE-2019-1358Jet Database Engine 远程代码执行漏洞Important
Microsoft JET Database EngineCVE-2019-1359Jet Database Engine 远程代码执行漏洞Important
Microsoft OfficeCVE-2019-1327Microsoft Excel 远程代码执行漏洞Important
Microsoft OfficeCVE-2019-1331Microsoft Excel 远程代码执行漏洞Important
Microsoft Office SharePointCVE-2019-1070Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2019-1328Microsoft SharePoint 欺骗漏洞Important
Microsoft Office SharePointCVE-2019-1329Microsoft SharePoint 特权提升漏洞Important
Microsoft Office SharePointCVE-2019-1330Microsoft SharePoint 特权提升漏洞Important
Microsoft Scripting EngineCVE-2019-1060MS XML 远程代码执行漏洞Critical
Microsoft Scripting EngineCVE-2019-1307Chakra Scripting Engine 内存破坏漏洞Critical
Microsoft Scripting EngineCVE-2019-1308Chakra Scripting Engine 内存破坏漏洞Critical
Microsoft Scripting EngineCVE-2019-1238VBScript 远程代码执行漏洞Critical
Microsoft Scripting EngineCVE-2019-1239VBScript 远程代码执行漏洞Critical
Microsoft Scripting EngineCVE-2019-1335Chakra Scripting Engine 内存破坏漏洞Critical
Microsoft Scripting EngineCVE-2019-1366Chakra Scripting Engine 内存破坏漏洞Critical
Microsoft WindowsCVE-2019-1341Windows Power Service 特权提升漏洞Important
Microsoft WindowsCVE-2019-1342Windows Error Reporting Manager 特权提升漏洞Important
Microsoft WindowsCVE-2019-1344Windows Code Integrity Module 信息泄露漏洞Important
Microsoft WindowsCVE-2019-1346Windows 拒绝服务漏洞Important
Microsoft WindowsCVE-2019-1347Windows 拒绝服务漏洞Important
Microsoft WindowsCVE-2019-1311Windows Imaging API 远程代码执行漏洞Important
Microsoft WindowsCVE-2019-1315Windows Error Reporting Manager 特权提升漏洞Important
Microsoft WindowsCVE-2019-1316Microsoft Windows Setup 特权提升漏洞Important
Microsoft WindowsCVE-2019-1317Microsoft Windows 拒绝服务漏洞Important
Microsoft WindowsCVE-2019-1318Microsoft Windows Transport Layer Security 欺骗漏洞Important
Microsoft WindowsCVE-2019-1319Windows Error Reporting 特权提升漏洞Important
Microsoft WindowsCVE-2019-1320Microsoft Windows 特权提升漏洞Important
Microsoft WindowsCVE-2019-1321Microsoft Windows CloudStore 特权提升漏洞Important
Microsoft WindowsCVE-2019-1322Microsoft Windows 特权提升漏洞Important
Microsoft WindowsCVE-2019-1325Windows Redirected Drive Buffering System 特权提升漏洞Moderate
Microsoft WindowsCVE-2019-1338Windows NTLM 安全功能绕过漏洞Important
Microsoft WindowsCVE-2019-1339Windows Error Reporting Manager 特权提升漏洞Important
Microsoft WindowsCVE-2019-1340Microsoft Windows 特权提升漏洞Important
Open Source SoftwareCVE-2019-1369Open Enclave SDK 信息泄露漏洞Important
Secure BootCVE-2019-1368Windows Secure Boot 安全功能绕过漏洞Important
Servicing Stack UpdatesADV990001Latest Servicing Stack UpdatesCritical
SQL ServerCVE-2019-1313SQL Server Management Studio 信息泄露漏洞Important
SQL ServerCVE-2019-1376SQL Server Management Studio 信息泄露漏洞Important
Windows Hyper-VCVE-2019-1230Hyper-V 信息泄露漏洞Important
Windows IISCVE-2019-1365Microsoft IIS Server 特权提升漏洞Important
Windows InstallerCVE-2019-1378Windows 10 Update Assistant 特权提升漏洞Important
Windows KernelCVE-2019-1343Windows 拒绝服务漏洞Important
Windows KernelCVE-2019-1345Windows Kernel 信息泄露漏洞Important
Windows KernelCVE-2019-1334Windows Kernel 信息泄露漏洞Important
Windows NTLMCVE-2019-1166Windows NTLM Tampering VulnerabilityImportant
Windows RDPCVE-2019-1326Windows Remote Desktop Protocol (RDP) 拒绝服务漏洞Important
Windows RDPCVE-2019-1333Remote Desktop Client 远程代码执行漏洞Critical
Windows Update StackCVE-2019-1323Microsoft Windows Update Client 特权提升漏洞Important
Windows Update StackCVE-2019-1336Microsoft Windows Update Client 特权提升漏洞Important
Windows Update StackCVE-2019-1337Windows Update Client 信息泄露漏洞Important

 

修复建议

微软官方已经发布更新补丁,请及时进行补丁更新。

全文下载

微软发布10月补丁修复61个安全问题

Spread the word. Share this post!

Meet The Author

Leave Comment