【威胁通告】微软发布9月补丁修复81个安全问题

微软于周二发布了9月安全更新补丁，修复了81个从简单的欺骗攻击到远程执行代码的安全问题

综述

微软于周二发布了9月安全更新补丁，修复了81个从简单的欺骗攻击到远程执行代码的安全问题，产品涉及.NET Core、.NET Framework、Active Directory、Adobe Flash Player、ASP.NET、Common Log File System Driver、Microsoft Browsers、Microsoft Edge、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft JET Database Engine、Microsoft Office、Microsoft Office SharePoint、Microsoft Scripting Engine、Microsoft Windows、Microsoft Yammer、Project Rome、Servicing Stack Updates、Skype for Business and Microsoft Lync、Team Foundation Server、Visual Studio、Windows Hyper-V、Windows Kernel以及Windows RDP。

相关信息如下：

产品	CVE 编号	CVE 标题	严重程度
.NET Core	CVE-2019-1301	.NET Core 拒绝服务漏洞	Important
.NET Framework	CVE-2019-1142	.NET Framework 特权提升漏洞	Important
Active Directory	CVE-2019-1273	Active Directory Federation Services XSS Vulnerability	Important
Adobe Flash Player	ADV190022	September 2019 Adobe Flash 安全更新	Critical
ASP.NET	CVE-2019-1302	ASP.NET Core Elevation Of Privilege Vulnerability	Important
Common Log File System Driver	CVE-2019-1214	Windows Common Log File System Driver 特权提升漏洞	Important
Common Log File System Driver	CVE-2019-1282	Windows Common Log File System Driver 信息泄露漏洞	Important
Microsoft Browsers	CVE-2019-1220	Microsoft Browser 安全功能绕过漏洞	Important
Microsoft Edge	CVE-2019-1299	Microsoft Edge based on Edge HTML 信息泄露漏洞	Important
Microsoft Exchange Server	CVE-2019-1233	Microsoft Exchange 拒绝服务漏洞	Important
Microsoft Exchange Server	CVE-2019-1266	Microsoft Exchange 欺骗漏洞	Important
Microsoft Graphics Component	CVE-2019-1216	DirectX 信息泄露漏洞	Important
Microsoft Graphics Component	CVE-2019-1244	DirectWrite 信息泄露漏洞	Important
Microsoft Graphics Component	CVE-2019-1245	DirectWrite 信息泄露漏洞	Important
Microsoft Graphics Component	CVE-2019-1251	DirectWrite 信息泄露漏洞	Important
Microsoft Graphics Component	CVE-2019-1252	Windows GDI 信息泄露漏洞	Important
Microsoft Graphics Component	CVE-2019-1283	Microsoft Graphics Components 信息泄露漏洞	Important
Microsoft Graphics Component	CVE-2019-1284	DirectX 特权提升漏洞	Important
Microsoft Graphics Component	CVE-2019-1286	Windows GDI 信息泄露漏洞	Important
Microsoft JET Database Engine	CVE-2019-1240	Jet Database Engine 远程代码执行漏洞	Important
Microsoft JET Database Engine	CVE-2019-1241	Jet Database Engine 远程代码执行漏洞	Important
Microsoft JET Database Engine	CVE-2019-1242	Jet Database Engine 远程代码执行漏洞	Important
Microsoft JET Database Engine	CVE-2019-1243	Jet Database Engine 远程代码执行漏洞	Important
Microsoft JET Database Engine	CVE-2019-1246	Jet Database Engine 远程代码执行漏洞	Important
Microsoft JET Database Engine	CVE-2019-1247	Jet Database Engine 远程代码执行漏洞	Important
Microsoft JET Database Engine	CVE-2019-1248	Jet Database Engine 远程代码执行漏洞	Important
Microsoft JET Database Engine	CVE-2019-1249	Jet Database Engine 远程代码执行漏洞	Important
Microsoft JET Database Engine	CVE-2019-1250	Jet Database Engine 远程代码执行漏洞	Important
Microsoft Office	CVE-2019-1297	Microsoft Excel 远程代码执行漏洞	Important
Microsoft Office	CVE-2019-1263	Microsoft Excel 信息泄露漏洞	Important
Microsoft Office	CVE-2019-1264	Microsoft Office 安全功能绕过漏洞	Important
Microsoft Office SharePoint	CVE-2019-1257	Microsoft SharePoint 远程代码执行漏洞	Critical
Microsoft Office SharePoint	CVE-2019-1259	Microsoft SharePoint 欺骗漏洞	Moderate
Microsoft Office SharePoint	CVE-2019-1260	Microsoft SharePoint 特权提升漏洞	Important
Microsoft Office SharePoint	CVE-2019-1261	Microsoft SharePoint 欺骗漏洞	Important
Microsoft Office SharePoint	CVE-2019-1262	Microsoft Office SharePoint XSS Vulnerability	Important
Microsoft Office SharePoint	CVE-2019-1295	Microsoft SharePoint 远程代码执行漏洞	Critical
Microsoft Office SharePoint	CVE-2019-1296	Microsoft SharePoint 远程代码执行漏洞	Critical
Microsoft Scripting Engine	CVE-2019-1138	Chakra Scripting Engine 内存破坏漏洞	Moderate
Microsoft Scripting Engine	CVE-2019-1208	VBScript 远程代码执行漏洞	Critical
Microsoft Scripting Engine	CVE-2019-1217	Chakra Scripting Engine 内存破坏漏洞	Critical
Microsoft Scripting Engine	CVE-2019-1221	Scripting Engine 内存破坏漏洞	Critical
Microsoft Scripting Engine	CVE-2019-1236	VBScript 远程代码执行漏洞	Critical
Microsoft Scripting Engine	CVE-2019-1237	Chakra Scripting Engine 内存破坏漏洞	Critical
Microsoft Scripting Engine	CVE-2019-1298	Chakra Scripting Engine 内存破坏漏洞	Moderate
Microsoft Scripting Engine	CVE-2019-1300	Chakra Scripting Engine 内存破坏漏洞	Critical
Microsoft Windows	CVE-2019-1215	Windows 特权提升漏洞	Important
Microsoft Windows	CVE-2019-1219	Windows Transaction Manager 信息泄露漏洞	Important
Microsoft Windows	CVE-2019-1267	Microsoft Compatibility Appraiser 特权提升漏洞	Important
Microsoft Windows	CVE-2019-1268	Winlogon 特权提升漏洞	Important
Microsoft Windows	CVE-2019-1269	Windows ALPC 特权提升漏洞	Important
Microsoft Windows	CVE-2019-1270	Microsoft Windows Store Installer 特权提升漏洞	Important
Microsoft Windows	CVE-2019-1271	Windows Media 特权提升漏洞	Important
Microsoft Windows	CVE-2019-1272	Windows ALPC 特权提升漏洞	Important
Microsoft Windows	CVE-2019-1235	Windows Text Service Framework 特权提升漏洞	Important
Microsoft Windows	CVE-2019-1253	Windows 特权提升漏洞	Important
Microsoft Windows	CVE-2019-1277	Windows Audio Service 特权提升漏洞	Important
Microsoft Windows	CVE-2019-1278	Windows 特权提升漏洞	Important
Microsoft Windows	CVE-2019-1280	LNK 远程代码执行漏洞	Critical
Microsoft Windows	CVE-2019-1287	Windows Network Connectivity Assistant 特权提升漏洞	Important
Microsoft Windows	CVE-2019-1289	Windows Update Delivery Optimization 特权提升漏洞	Important
Microsoft Windows	CVE-2019-1292	Windows 拒绝服务漏洞	Important
Microsoft Windows	CVE-2019-1294	Windows Secure Boot 安全功能绕过漏洞	Important
Microsoft Windows	CVE-2019-1303	Windows 特权提升漏洞	Important
Microsoft Yammer	CVE-2019-1265	Microsoft Yammer 安全功能绕过漏洞	Important
Project Rome	CVE-2019-1231	Rome SDK 信息泄露漏洞	Important
Servicing Stack Updates	ADV990001	Latest Servicing Stack Updates	Critical
Skype for Business and Microsoft Lync	CVE-2019-1209	Lync 2013 信息泄露漏洞	Important
Team Foundation Server	CVE-2019-1305	Team Foundation Server Cross-site Scripting Vulnerability	Important
Team Foundation Server	CVE-2019-1306	Azure DevOps and Team Foundation Server 远程代码执行漏洞	Critical
Visual Studio	CVE-2019-1232	Diagnostics Hub Standard Collector Service 特权提升漏洞	Important
Windows Hyper-V	CVE-2019-0928	Windows Hyper-V 拒绝服务漏洞	Important
Windows Hyper-V	CVE-2019-1254	Windows Hyper-V 信息泄露漏洞	Important
Windows Kernel	CVE-2019-1274	Windows Kernel 信息泄露漏洞	Important
Windows Kernel	CVE-2019-1256	Win32k 特权提升漏洞	Important
Windows Kernel	CVE-2019-1285	Win32k 特权提升漏洞	Important
Windows Kernel	CVE-2019-1293	Windows SMB Client Driver 信息泄露漏洞	Important
Windows RDP	CVE-2019-0787	Remote Desktop Client 远程代码执行漏洞	Critical
Windows RDP	CVE-2019-0788	Remote Desktop Client 远程代码执行漏洞	Critical
Windows RDP	CVE-2019-1290	Remote Desktop Client 远程代码执行漏洞	Critical
Windows RDP	CVE-2019-1291	Remote Desktop Client 远程代码执行漏洞	Critical

 

修复建议

微软官方已经发布更新补丁，请及时进行补丁更新。

 

完整报告原文下载：

微软发布9月补丁修复81个安全问题