微软于周二发布了4月安全更新补丁,修复了76个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Core、Adobe Flash Player、CSRSS、Microsoft Browsers、Microsoft Edge、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft JET Database Engine、Microsoft Office、Microsoft Office SharePoint、Microsoft Scripting Engine、Microsoft Windows、Microsoft XML、Open Source Software、Servicing Stack Updates、Team Foundation Server、Windows Admin Center、Windows Kernel以及Windows SMB Server。
漏洞介绍
相关信息如下:
| 产品 | CVE 编号 | CVE 标题 | 严重程度 |
| .NET Core | CVE-2019-0815 | ASP.NET Core 拒绝服务漏洞 | Important |
| Adobe Flash Player | ADV190011 | April 2019 Adobe Flash 安全更新 | Critical |
| CSRSS | CVE-2019-0735 | Windows CSRSS 特权提升漏洞 | Important |
| Microsoft Browsers | CVE-2019-0764 | Microsoft Browsers Tampering Vulnerability | Low |
| Microsoft Edge | CVE-2019-0833 | Microsoft Edge 信息泄露漏洞 | Important |
| Microsoft Exchange Server | CVE-2019-0858 | Microsoft Exchange 欺骗漏洞 | Important |
| Microsoft Exchange Server | CVE-2019-0817 | Microsoft Exchange 欺骗漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-0802 | Windows GDI 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-0803 | Win32k 特权提升漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-0849 | Windows GDI 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-0853 | GDI+ 远程代码执行漏洞 | Critical |
| Microsoft JET Database Engine | CVE-2019-0846 | Jet Database Engine 远程代码执行漏洞 | Important |
| Microsoft JET Database Engine | CVE-2019-0847 | Jet Database Engine 远程代码执行漏洞 | Important |
| Microsoft JET Database Engine | CVE-2019-0851 | Jet Database Engine 远程代码执行漏洞 | Important |
| Microsoft JET Database Engine | CVE-2019-0877 | Jet Database Engine 远程代码执行漏洞 | Important |
| Microsoft JET Database Engine | CVE-2019-0879 | Jet Database Engine 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2019-0822 | Microsoft Graphics Components 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2019-0823 | Microsoft Office Access Connectivity Engine 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2019-0824 | Microsoft Office Access Connectivity Engine 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2019-0825 | Microsoft Office Access Connectivity Engine 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2019-0826 | Microsoft Office Access Connectivity Engine 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2019-0827 | Microsoft Office Access Connectivity Engine 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2019-0801 | Office 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2019-0828 | Microsoft Excel 远程代码执行漏洞 | Important |
| Microsoft Office SharePoint | CVE-2019-0830 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2019-0831 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2019-0739 | Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-0812 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-0829 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-0752 | Scripting Engine 内存破坏漏洞 | Important |
| Microsoft Scripting Engine | CVE-2019-0753 | Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-0806 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-0810 | Chakra Scripting Engine 内存破坏漏洞 | Moderate |
| Microsoft Scripting Engine | CVE-2019-0835 | Microsoft Scripting Engine 信息泄露漏洞 | Important |
| Microsoft Scripting Engine | CVE-2019-0860 | Chakra Scripting Engine 内存破坏漏洞 | Moderate |
| Microsoft Scripting Engine | CVE-2019-0861 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-0862 | Scripting Engine 内存破坏漏洞 | Important |
| Microsoft Windows | CVE-2019-0794 | OLE Automation 远程代码执行漏洞 | Important |
| Microsoft Windows | CVE-2019-0805 | Windows 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-0838 | Windows 信息泄露漏洞 | Important |
| Microsoft Windows | CVE-2019-0839 | Windows 信息泄露漏洞 | Important |
| Microsoft Windows | CVE-2019-0840 | Windows Kernel 信息泄露漏洞 | Important |
| Microsoft Windows | CVE-2019-0841 | Windows 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-0842 | Windows VBScript Engine 远程代码执行漏洞 | Important |
| Microsoft Windows | CVE-2019-0845 | Windows IOleCvt Interface 远程代码执行漏洞 | Critical |
| Microsoft Windows | CVE-2019-0848 | Win32k 信息泄露漏洞 | Important |
| Microsoft Windows | CVE-2019-0685 | Win32k 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-0688 | Windows TCP/IP 信息泄露漏洞 | Important |
| Microsoft Windows | CVE-2019-0730 | Windows 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-0731 | Windows 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-0732 | Windows 安全功能绕过漏洞 | Important |
| Microsoft Windows | CVE-2019-0796 | Windows 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-0814 | Win32k 信息泄露漏洞 | Important |
| Microsoft Windows | CVE-2019-0836 | Windows 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-0837 | DirectX 信息泄露漏洞 | Important |
| Microsoft XML | CVE-2019-0790 | MS XML 远程代码执行漏洞 | Critical |
| Microsoft XML | CVE-2019-0791 | MS XML 远程代码执行漏洞 | Critical |
| Microsoft XML | CVE-2019-0792 | MS XML 远程代码执行漏洞 | Critical |
| Microsoft XML | CVE-2019-0793 | MS XML 远程代码执行漏洞 | Critical |
| Microsoft XML | CVE-2019-0795 | MS XML 远程代码执行漏洞 | Critical |
| Open Source Software | CVE-2019-0876 | Open Enclave SDK 信息泄露漏洞 | Important |
| Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates | Critical |
| Team Foundation Server | CVE-2019-0857 | Azure DevOps Server 欺骗漏洞 | Important |
| Team Foundation Server | CVE-2019-0866 | Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability | Important |
| Team Foundation Server | CVE-2019-0867 | Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability | Important |
| Team Foundation Server | CVE-2019-0868 | Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability | Important |
| Team Foundation Server | CVE-2019-0869 | Azure DevOps Server HTML Injection Vulnerability | Important |
| Team Foundation Server | CVE-2019-0870 | Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability | Important |
| Team Foundation Server | CVE-2019-0871 | Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability | Important |
| Team Foundation Server | CVE-2019-0874 | Azure DevOps Server Cross-site Scripting Vulnerability | Important |
| Team Foundation Server | CVE-2019-0875 | Azure DevOps Server 特权提升漏洞 | Important |
| Windows Admin Center | CVE-2019-0813 | Windows Admin Center 特权提升漏洞 | Important |
| Windows Kernel | CVE-2019-0844 | Windows Kernel 信息泄露漏洞 | Important |
| Windows Kernel | CVE-2019-0856 | Windows 远程代码执行漏洞 | Important |
| Windows Kernel | CVE-2019-0859 | Win32k 特权提升漏洞 | Important |
| Windows SMB Server | CVE-2019-0786 | SMB Server 特权提升漏洞 | Critical |
修复建议
微软官方已经发布更新补丁,请及时进行补丁更新。