微软于周二发布了7月安全更新补丁,修复了79个从简单的欺骗攻击到远程执行代码的安全问题
综述
微软于周二发布了7月安全更新补丁,修复了79个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Framework、ASP.NET、Azure、Azure DevOps、Internet Explorer、Microsoft Browsers、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft Office、Microsoft Office SharePoint、Microsoft Scripting Engine、Microsoft Windows、Microsoft Windows DNS、Open Source Software、Servicing Stack Updates、SQL Server、Visual Studio、Windows Kernel、Windows Media、Windows RDP以及Windows Shell。
相关信息如下:
| 产品 | CVE 编号 | CVE 标题 | 严重程度 |
| .NET Framework | CVE-2019-1113 | .NET Framework 远程代码执行漏洞 | Critical |
| .NET Framework | CVE-2019-1006 | WCF/WIF SAML Token Authentication Bypass Vulnerability | Important |
| .NET Framework | CVE-2019-1083 | .NET 拒绝服务漏洞 | Important |
| ASP.NET | CVE-2019-1075 | ASP.NET Core 欺骗漏洞 | Moderate |
| Azure | CVE-2019-0962 | Azure Automation 特权提升漏洞 | Important |
| Azure DevOps | CVE-2019-1072 | Azure DevOps Server and Team Foundation Server 远程代码执行漏洞 | Critical |
| Azure DevOps | CVE-2019-1076 | Team Foundation Server Cross-site Scripting Vulnerability | Important |
| Internet Explorer | CVE-2019-1063 | Internet Explorer 内存破坏漏洞 | Critical |
| Microsoft Browsers | CVE-2019-1104 | Microsoft Browser 内存破坏漏洞 | Critical |
| Microsoft Exchange Server | CVE-2019-1136 | Microsoft Exchange Server 特权提升漏洞 | Important |
| Microsoft Exchange Server | CVE-2019-1137 | Microsoft Exchange Server 欺骗漏洞 | Important |
| Microsoft Exchange Server | ADV190021 | Outlook on the web 跨站脚本漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1093 | DirectWrite 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1094 | Windows GDI 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1095 | Windows GDI 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1096 | Win32k 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1097 | DirectWrite 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1098 | Windows GDI 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1100 | Windows GDI 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1101 | Windows GDI 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1102 | GDI+ 远程代码执行漏洞 | Critical |
| Microsoft Graphics Component | CVE-2019-1116 | Windows GDI 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1117 | DirectWrite 远程代码执行漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1118 | DirectWrite 远程代码执行漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1119 | DirectWrite 远程代码执行漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1120 | DirectWrite 远程代码执行漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1121 | DirectWrite 远程代码执行漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1122 | DirectWrite 远程代码执行漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1123 | DirectWrite 远程代码执行漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1124 | DirectWrite 远程代码执行漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1127 | DirectWrite 远程代码执行漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1128 | DirectWrite 远程代码执行漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-0999 | DirectX 特权提升漏洞 | Important |
| Microsoft Office | CVE-2019-1109 | Microsoft Office 欺骗漏洞 | Important |
| Microsoft Office | CVE-2019-1110 | Microsoft Excel 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2019-1111 | Microsoft Excel 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2019-1112 | Microsoft Excel 信息泄露漏洞 | Important |
| Microsoft Office | CVE-2019-1084 | Microsoft Exchange 信息泄露漏洞 | Important |
| Microsoft Office SharePoint | CVE-2019-1134 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2019-1056 | Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-1059 | Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-1062 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-1092 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-1103 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-1106 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-1107 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-1001 | Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-1004 | Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Windows | CVE-2019-0865 | SymCrypt 拒绝服务漏洞 | Important |
| Microsoft Windows | CVE-2019-0887 | Remote Desktop Services 远程代码执行漏洞 | Important |
| Microsoft Windows | CVE-2019-0966 | Windows Hyper-V 拒绝服务漏洞 | Important |
| Microsoft Windows | CVE-2019-0975 | ADFS 安全功能绕过漏洞 | Important |
| Microsoft Windows | CVE-2019-1126 | ADFS 安全功能绕过漏洞 | Important |
| Microsoft Windows | CVE-2019-0785 | Windows DHCP Server 远程代码执行漏洞 | Critical |
| Microsoft Windows | CVE-2019-0880 | Microsoft splwow64 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1037 | Windows Error Reporting 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1067 | Windows Kernel 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1074 | Microsoft Windows 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1082 | Microsoft Windows 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1091 | Microsoft unistore.dll 信息泄露漏洞 | Important |
| Microsoft Windows | CVE-2019-1129 | Windows 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1130 | Windows 特权提升漏洞 | Important |
| Microsoft Windows DNS | CVE-2019-0811 | Windows DNS Server 拒绝服务漏洞 | Important |
| Microsoft Windows DNS | CVE-2019-1090 | Windows dnsrlvr.dll 特权提升漏洞 | Important |
| Open Source Software | CVE-2018-15664 | Docker 特权提升漏洞 | Important |
| Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates | Critical |
| SQL Server | CVE-2019-1068 | Microsoft SQL Server 远程代码执行漏洞 | Important |
| Visual Studio | CVE-2019-1077 | Visual Studio 特权提升漏洞 | Important |
| Visual Studio | CVE-2019-1079 | Visual Studio 信息泄露漏洞 | Important |
| Windows Kernel | CVE-2019-1071 | Windows Kernel 信息泄露漏洞 | Important |
| Windows Kernel | CVE-2019-1073 | Windows Kernel 信息泄露漏洞 | Important |
| Windows Kernel | CVE-2019-1089 | Windows RPCSS 特权提升漏洞 | Important |
| Windows Kernel | CVE-2019-1132 | Win32k 特权提升漏洞 | Important |
| Windows Media | CVE-2019-1085 | Windows WLAN Service 特权提升漏洞 | Important |
| Windows Media | CVE-2019-1086 | Windows Audio Service 特权提升漏洞 | Important |
| Windows Media | CVE-2019-1087 | Windows Audio Service 特权提升漏洞 | Important |
| Windows Media | CVE-2019-1088 | Windows Audio Service 特权提升漏洞 | Important |
| Windows RDP | CVE-2019-1108 | Remote Desktop Protocol Client 信息泄露漏洞 | Important |
| Windows Shell | CVE-2019-1099 | Windows GDI 信息泄露漏洞 | Important |
修复建议
微软官方已经发布更新补丁,请及时进行补丁更新。