【威胁通告】微软发布11月补丁修复76个安全问题

微软于周二发布了11月安全更新补丁,修复了76个从简单的欺骗攻击到远程执行代码的安全问题 。

综述  

微软于周二发布了11月安全更新补丁,修复了76个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及Azure Stack、Chipsets、Graphic Fonts、Microsoft Edge、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft JET Database Engine、Microsoft Office、Microsoft Office SharePoint、Microsoft RPC、Microsoft Scripting Engine、Microsoft Windows、Open Source Software、Servicing Stack Updates、Visual Studio、Windows Hyper-V、Windows Kernel、Windows Media Player以及Windows Subsystem for Linux。

相关信息如下:

产品 CVE 编号 CVE 标题 严重程度
Azure Stack CVE-2019-1234 Azure Stack 欺骗漏洞 Important
Chipsets ADV190024 Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM) Unknown
Graphic Fonts CVE-2019-1456 OpenType Font Parsing 远程代码执行漏洞 Important
Microsoft Edge CVE-2019-1413 Microsoft Edge 安全功能绕过漏洞 Important
Microsoft Exchange Server CVE-2019-1373 Microsoft Exchange 远程代码执行漏洞 Critical
Microsoft Graphics Component CVE-2019-1432 DirectWrite 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2019-1433 Windows Graphics Component 特权提升漏洞 Important
Microsoft Graphics Component CVE-2019-1434 Win32k 特权提升漏洞 Important
Microsoft Graphics Component CVE-2019-1435 Windows Graphics Component 特权提升漏洞 Important
Microsoft Graphics Component CVE-2019-1436 Win32k 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2019-1437 Windows Graphics Component 特权提升漏洞 Important
Microsoft Graphics Component CVE-2019-1438 Windows Graphics Component 特权提升漏洞 Important
Microsoft Graphics Component CVE-2019-1439 Windows GDI 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2019-1440 Win32k 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2019-1441 Win32k Graphics 远程代码执行漏洞 Critical
Microsoft Graphics Component CVE-2019-1393 Win32k 特权提升漏洞 Important
Microsoft Graphics Component CVE-2019-1394 Win32k 特权提升漏洞 Important
Microsoft Graphics Component CVE-2019-1395 Win32k 特权提升漏洞 Important
Microsoft Graphics Component CVE-2019-1396 Win32k 特权提升漏洞 Important
Microsoft Graphics Component CVE-2019-1407 Windows Graphics Component 特权提升漏洞 Important
Microsoft Graphics Component CVE-2019-1408 Win32k 特权提升漏洞 Important
Microsoft Graphics Component CVE-2019-1411 DirectWrite 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2019-1412 OpenType Font Driver 信息泄露漏洞 Important
Microsoft Graphics Component CVE-2019-1419 OpenType Font Parsing 远程代码执行漏洞 Critical
Microsoft JET Database Engine CVE-2019-1406 Jet Database Engine 远程代码执行漏洞 Important
Microsoft Office CVE-2019-1457 Microsoft Office Excel Security Feature Bypass Important
Microsoft Office CVE-2019-1402 Microsoft Office 信息泄露漏洞 Important
Microsoft Office CVE-2019-1445 Microsoft Office Online 欺骗漏洞 Important
Microsoft Office CVE-2019-1446 Microsoft Excel 信息泄露漏洞 Important
Microsoft Office CVE-2019-1447 Microsoft Office Online 欺骗漏洞 Important
Microsoft Office CVE-2019-1448 Microsoft Excel 远程代码执行漏洞 Important
Microsoft Office CVE-2019-1449 Microsoft Office ClickToRun 安全功能绕过漏洞 Important
Microsoft Office SharePoint CVE-2019-1442 Microsoft Office 安全功能绕过漏洞 Important
Microsoft Office SharePoint CVE-2019-1443 Microsoft SharePoint 信息泄露漏洞 Important
Microsoft RPC CVE-2019-1409 Windows Remote Procedure Call 信息泄露漏洞 Important
Microsoft Scripting Engine CVE-2019-1429 Scripting Engine 内存破坏漏洞 Critical
Microsoft Scripting Engine CVE-2019-1390 VBScript 远程代码执行漏洞 Critical
Microsoft Scripting Engine CVE-2019-1426 Scripting Engine 内存破坏漏洞 Moderate
Microsoft Scripting Engine CVE-2019-1427 Scripting Engine 内存破坏漏洞 Critical
Microsoft Scripting Engine CVE-2019-1428 Scripting Engine 内存破坏漏洞 Critical
Microsoft Windows CVE-2019-1374 Windows Error Reporting 信息泄露漏洞 Important
Microsoft Windows CVE-2019-1415 Windows Installer 特权提升漏洞 Important
Microsoft Windows CVE-2019-1417 Windows Data Sharing Service 特权提升漏洞 Important
Microsoft Windows CVE-2019-1418 Windows Modules Installer Service 信息泄露漏洞 Important
Microsoft Windows CVE-2018-12207 Windows 拒绝服务漏洞 Important
Microsoft Windows CVE-2019-1324 Windows TCP/IP 信息泄露漏洞 Important
Microsoft Windows CVE-2019-1379 Windows Data Sharing Service 特权提升漏洞 Important
Microsoft Windows CVE-2019-1380 Microsoft splwow64 特权提升漏洞 Important
Microsoft Windows CVE-2019-1381 Microsoft Windows 信息泄露漏洞 Important
Microsoft Windows CVE-2019-1382 Microsoft ActiveX Installer Service 特权提升漏洞 Important
Microsoft Windows CVE-2019-1383 Windows Data Sharing Service 特权提升漏洞 Important
Microsoft Windows CVE-2019-1384 Microsoft Windows 安全功能绕过漏洞 Important
Microsoft Windows CVE-2019-1385 Windows AppX Deployment Extensions 特权提升漏洞 Important
Microsoft Windows CVE-2019-1388 Windows Certificate Dialog 特权提升漏洞 Important
Microsoft Windows CVE-2019-1391 Windows 拒绝服务漏洞 Important
Microsoft Windows CVE-2019-1405 Windows UPnP Service 特权提升漏洞 Important
Microsoft Windows CVE-2019-1420 Windows 特权提升漏洞 Important
Microsoft Windows CVE-2019-1422 Windows 特权提升漏洞 Important
Microsoft Windows CVE-2019-1423 Windows 特权提升漏洞 Important
Microsoft Windows CVE-2019-1424 NetLogon 安全功能绕过漏洞 Important
Open Source Software CVE-2019-1370 Open Enclave SDK 信息泄露漏洞 Important
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical
Visual Studio CVE-2019-1425 Visual Studio 特权提升漏洞 Important
Windows Hyper-V CVE-2019-0712 Windows Hyper-V 拒绝服务漏洞 Important
Windows Hyper-V CVE-2019-0719 Hyper-V 远程代码执行漏洞 Critical
Windows Hyper-V CVE-2019-0721 Hyper-V 远程代码执行漏洞 Critical
Windows Hyper-V CVE-2019-1309 Windows Hyper-V 拒绝服务漏洞 Important
Windows Hyper-V CVE-2019-1310 Windows Hyper-V 拒绝服务漏洞 Important
Windows Hyper-V CVE-2019-1389 Windows Hyper-V 远程代码执行漏洞 Critical
Windows Hyper-V CVE-2019-1397 Windows Hyper-V 远程代码执行漏洞 Critical
Windows Hyper-V CVE-2019-1398 Windows Hyper-V 远程代码执行漏洞 Critical
Windows Hyper-V CVE-2019-1399 Windows Hyper-V 拒绝服务漏洞 Important
Windows Kernel CVE-2019-11135 Windows Kernel 信息泄露漏洞 Important
Windows Kernel CVE-2019-1392 Windows Kernel 特权提升漏洞 Important
Windows Media Player CVE-2019-1430 Microsoft Windows Media Foundation 远程代码执行漏洞 Critical
Windows Subsystem for Linux CVE-2019-1416 Windows Subsystem for Linux 特权提升漏洞 Important

修复建议

微软官方已经发布更新补丁,请及时进行补丁更新。

报告原文下载

Spread the word. Share this post!

Meet The Author

Leave Comment