微软于周二发布了3月安全更新补丁,修复了68个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及Active Directory、Adobe Flash Player、Azure、Internet Explorer、Microsoft Browsers、Microsoft Edge、Microsoft Graphics Component、Microsoft JET Database Engine、Microsoft Office、Microsoft Office SharePoint、Microsoft Scripting Engine、Microsoft Windows、Microsoft XML、NuGet、Servicing Stack Updates、Skype for Business、Team Foundation Server、Visual Studio、Windows DHCP Client、Windows Hyper-V、Windows Kernel、Windows Kernel-Mode Drivers、Windows Print Spooler Components、Windows SMB Server以及Windows Subsystem for Linux。
漏洞列表
相关信息如下:
产品 | CVE 编号 | CVE 标题 | 严重程度 |
Active Directory | CVE-2019-0683 | Active Directory 特权提升漏洞 | Important |
Adobe Flash Player | ADV190008 | March 2019 Adobe Flash 安全更新 | Low |
Azure | CVE-2019-0816 | Azure SSH Keypairs 安全功能绕过漏洞 | Moderate |
Internet Explorer | CVE-2019-0761 | Internet Explorer 安全功能绕过漏洞 | Low |
Internet Explorer | CVE-2019-0763 | Internet Explorer 内存破坏漏洞 | Moderate |
Internet Explorer | CVE-2019-0768 | Internet Explorer 安全功能绕过漏洞 | Important |
Microsoft Browsers | CVE-2019-0762 | Microsoft Browsers 安全功能绕过漏洞 | Low |
Microsoft Browsers | CVE-2019-0780 | Microsoft Browser 内存破坏漏洞 | Important |
Microsoft Edge | CVE-2019-0612 | Microsoft Edge 安全功能绕过漏洞 | Important |
Microsoft Edge | CVE-2019-0678 | Microsoft Edge 特权提升漏洞 | Important |
Microsoft Edge | CVE-2019-0779 | Microsoft Edge 内存破坏漏洞 | Important |
Microsoft Graphics Component | CVE-2019-0774 | Windows GDI 信息泄露漏洞 | Important |
Microsoft Graphics Component | CVE-2019-0797 | Win32k 特权提升漏洞 | Important |
Microsoft Graphics Component | CVE-2019-0808 | Win32k 特权提升漏洞 | Important |
Microsoft Graphics Component | CVE-2019-0614 | Windows GDI 信息泄露漏洞 | Important |
Microsoft JET Database Engine | CVE-2019-0617 | Jet Database Engine 远程代码执行漏洞 | Important |
Microsoft Office | CVE-2019-0748 | Microsoft Office Access Connectivity Engine 远程代码执行漏洞 | Important |
Microsoft Office SharePoint | CVE-2019-0778 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Scripting Engine | CVE-2019-0609 | Scripting Engine 内存破坏漏洞 | Critical |
Microsoft Scripting Engine | CVE-2019-0611 | Chakra Scripting Engine 内存破坏漏洞 | Low |
Microsoft Scripting Engine | CVE-2019-0639 | Scripting Engine 内存破坏漏洞 | Moderate |
Microsoft Scripting Engine | CVE-2019-0746 | Chakra Scripting Engine 内存破坏漏洞 | Important |
Microsoft Scripting Engine | CVE-2019-0769 | Scripting Engine 内存破坏漏洞 | Critical |
Microsoft Scripting Engine | CVE-2019-0770 | Scripting Engine 内存破坏漏洞 | Critical |
Microsoft Scripting Engine | CVE-2019-0771 | Scripting Engine 内存破坏漏洞 | Critical |
Microsoft Scripting Engine | CVE-2019-0772 | Windows VBScript Engine 远程代码执行漏洞 | Important |
Microsoft Scripting Engine | CVE-2019-0773 | Scripting Engine 内存破坏漏洞 | Critical |
Microsoft Scripting Engine | CVE-2019-0783 | Scripting Engine 内存破坏漏洞 | Important |
Microsoft Scripting Engine | CVE-2019-0592 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
Microsoft Scripting Engine | CVE-2019-0665 | Windows VBScript Engine 远程代码执行漏洞 | Important |
Microsoft Scripting Engine | CVE-2019-0666 | Windows VBScript Engine 远程代码执行漏洞 | Critical |
Microsoft Scripting Engine | CVE-2019-0667 | Windows VBScript Engine 远程代码执行漏洞 | Critical |
Microsoft Scripting Engine | CVE-2019-0680 | Scripting Engine 内存破坏漏洞 | Critical |
Microsoft Windows | CVE-2019-0754 | Windows 拒绝服务漏洞 | Important |
Microsoft Windows | CVE-2019-0765 | Comctl32 远程代码执行漏洞 | Important |
Microsoft Windows | CVE-2019-0766 | Microsoft Windows 特权提升漏洞 | Important |
Microsoft Windows | CVE-2019-0784 | Windows ActiveX 远程代码执行漏洞 | Critical |
Microsoft Windows | ADV190009 | SHA-2 Code Sign Support Advisory | Unknown |
Microsoft Windows | ADV190010 | Best Practices Regarding Sharing of a Single User Account Across Multiple Users | Unknown |
Microsoft Windows | CVE-2019-0603 | Windows Deployment Services TFTP Server 远程代码执行漏洞 | Critical |
Microsoft XML | CVE-2019-0756 | MS XML 远程代码执行漏洞 | Critical |
NuGet | CVE-2019-0757 | NuGet Package Manager Tampering Vulnerability | Important |
Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates | Critical |
Skype for Business | CVE-2019-0798 | Skype for Business and Lync 欺骗漏洞 | Important |
Team Foundation Server | CVE-2019-0777 | Team Foundation Server Cross-site Scripting Vulnerability | Low |
Visual Studio | CVE-2019-0809 | Visual Studio 远程代码执行漏洞 | Important |
Windows DHCP Client | CVE-2019-0697 | Windows DHCP Client 远程代码执行漏洞 | Critical |
Windows DHCP Client | CVE-2019-0698 | Windows DHCP Client 远程代码执行漏洞 | Critical |
Windows DHCP Client | CVE-2019-0726 | Windows DHCP Client 远程代码执行漏洞 | Critical |
Windows Hyper-V | CVE-2019-0690 | Windows Hyper-V 拒绝服务漏洞 | Important |
Windows Hyper-V | CVE-2019-0695 | Windows Hyper-V 拒绝服务漏洞 | Important |
Windows Hyper-V | CVE-2019-0701 | Windows Hyper-V 拒绝服务漏洞 | Important |
Windows Kernel | CVE-2019-0755 | Windows Kernel 信息泄露漏洞 | Important |
Windows Kernel | CVE-2019-0767 | Windows Kernel 信息泄露漏洞 | Important |
Windows Kernel | CVE-2019-0775 | Windows Kernel 信息泄露漏洞 | Important |
Windows Kernel | CVE-2019-0782 | Windows Kernel 信息泄露漏洞 | Important |
Windows Kernel | CVE-2019-0696 | Windows Kernel 特权提升漏洞 | Important |
Windows Kernel | CVE-2019-0702 | Windows Kernel 信息泄露漏洞 | Important |
Windows Kernel-Mode Drivers | CVE-2019-0776 | Win32k 信息泄露漏洞 | Important |
Windows Print Spooler Components | CVE-2019-0759 | Windows Print Spooler 信息泄露漏洞 | Important |
Windows SMB Server | CVE-2019-0703 | Windows SMB 信息泄露漏洞 | Important |
Windows SMB Server | CVE-2019-0704 | Windows SMB 信息泄露漏洞 | Important |
Windows SMB Server | CVE-2019-0821 | Windows SMB 信息泄露漏洞 | Important |
Windows Subsystem for Linux | CVE-2019-0682 | Windows Subsystem for Linux 特权提升漏洞 | Important |
Windows Subsystem for Linux | CVE-2019-0689 | Windows Subsystem for Linux 特权提升漏洞 | Important |
Windows Subsystem for Linux | CVE-2019-0692 | Windows Subsystem for Linux 特权提升漏洞 | Important |
Windows Subsystem for Linux | CVE-2019-0693 | Windows Subsystem for Linux 特权提升漏洞 | Important |
Windows Subsystem for Linux | CVE-2019-0694 | Windows Subsystem for Linux 特权提升漏洞 | Important |
修复建议
微软官方已经发布更新补丁,请及时进行补丁更新。