微软于周二发布了10月安全更新补丁,修复了61个从简单的欺骗攻击到远程执行代码的安全问题
综述
微软于周二发布了10月安全更新补丁,修复了61个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及Azure、Internet Explorer、Microsoft Browsers、Microsoft Devices、Microsoft Dynamics、Microsoft Edge、Microsoft Graphics Component、Microsoft JET Database Engine、Microsoft Office、Microsoft Office SharePoint、Microsoft Scripting Engine、Microsoft Windows、Open Source Software、Secure Boot、Servicing Stack Updates、SQL Server、Windows Hyper-V、Windows IIS、Windows Installer、Windows Kernel、Windows NTLM、Windows RDP以及Windows Update Stack。
相关信息如下:
| 产品 | CVE 编号 | CVE 标题 | 严重程度 |
| Azure | CVE-2019-1372 | Azure App Service 远程代码执行漏洞 | Critical |
| Internet Explorer | CVE-2019-1371 | Internet Explorer 内存破坏漏洞 | Important |
| Microsoft Browsers | CVE-2019-0608 | Microsoft Browser 欺骗漏洞 | Important |
| Microsoft Browsers | CVE-2019-1357 | Microsoft Browser 欺骗漏洞 | Important |
| Microsoft Devices | CVE-2019-1314 | Windows 10 Mobile 安全功能绕过漏洞 | Important |
| Microsoft Dynamics | CVE-2019-1375 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important |
| Microsoft Edge | CVE-2019-1356 | Microsoft Edge based on Edge HTML 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1361 | Microsoft Graphics Components 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1362 | Win32k 特权提升漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1363 | Windows GDI 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1364 | Win32k 特权提升漏洞 | Important |
| Microsoft JET Database Engine | CVE-2019-1358 | Jet Database Engine 远程代码执行漏洞 | Important |
| Microsoft JET Database Engine | CVE-2019-1359 | Jet Database Engine 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2019-1327 | Microsoft Excel 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2019-1331 | Microsoft Excel 远程代码执行漏洞 | Important |
| Microsoft Office SharePoint | CVE-2019-1070 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2019-1328 | Microsoft SharePoint 欺骗漏洞 | Important |
| Microsoft Office SharePoint | CVE-2019-1329 | Microsoft SharePoint 特权提升漏洞 | Important |
| Microsoft Office SharePoint | CVE-2019-1330 | Microsoft SharePoint 特权提升漏洞 | Important |
| Microsoft Scripting Engine | CVE-2019-1060 | MS XML 远程代码执行漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-1307 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-1308 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-1238 | VBScript 远程代码执行漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-1239 | VBScript 远程代码执行漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-1335 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-1366 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Windows | CVE-2019-1341 | Windows Power Service 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1342 | Windows Error Reporting Manager 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1344 | Windows Code Integrity Module 信息泄露漏洞 | Important |
| Microsoft Windows | CVE-2019-1346 | Windows 拒绝服务漏洞 | Important |
| Microsoft Windows | CVE-2019-1347 | Windows 拒绝服务漏洞 | Important |
| Microsoft Windows | CVE-2019-1311 | Windows Imaging API 远程代码执行漏洞 | Important |
| Microsoft Windows | CVE-2019-1315 | Windows Error Reporting Manager 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1316 | Microsoft Windows Setup 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1317 | Microsoft Windows 拒绝服务漏洞 | Important |
| Microsoft Windows | CVE-2019-1318 | Microsoft Windows Transport Layer Security 欺骗漏洞 | Important |
| Microsoft Windows | CVE-2019-1319 | Windows Error Reporting 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1320 | Microsoft Windows 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1321 | Microsoft Windows CloudStore 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1322 | Microsoft Windows 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1325 | Windows Redirected Drive Buffering System 特权提升漏洞 | Moderate |
| Microsoft Windows | CVE-2019-1338 | Windows NTLM 安全功能绕过漏洞 | Important |
| Microsoft Windows | CVE-2019-1339 | Windows Error Reporting Manager 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1340 | Microsoft Windows 特权提升漏洞 | Important |
| Open Source Software | CVE-2019-1369 | Open Enclave SDK 信息泄露漏洞 | Important |
| Secure Boot | CVE-2019-1368 | Windows Secure Boot 安全功能绕过漏洞 | Important |
| Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates | Critical |
| SQL Server | CVE-2019-1313 | SQL Server Management Studio 信息泄露漏洞 | Important |
| SQL Server | CVE-2019-1376 | SQL Server Management Studio 信息泄露漏洞 | Important |
| Windows Hyper-V | CVE-2019-1230 | Hyper-V 信息泄露漏洞 | Important |
| Windows IIS | CVE-2019-1365 | Microsoft IIS Server 特权提升漏洞 | Important |
| Windows Installer | CVE-2019-1378 | Windows 10 Update Assistant 特权提升漏洞 | Important |
| Windows Kernel | CVE-2019-1343 | Windows 拒绝服务漏洞 | Important |
| Windows Kernel | CVE-2019-1345 | Windows Kernel 信息泄露漏洞 | Important |
| Windows Kernel | CVE-2019-1334 | Windows Kernel 信息泄露漏洞 | Important |
| Windows NTLM | CVE-2019-1166 | Windows NTLM Tampering Vulnerability | Important |
| Windows RDP | CVE-2019-1326 | Windows Remote Desktop Protocol (RDP) 拒绝服务漏洞 | Important |
| Windows RDP | CVE-2019-1333 | Remote Desktop Client 远程代码执行漏洞 | Critical |
| Windows Update Stack | CVE-2019-1323 | Microsoft Windows Update Client 特权提升漏洞 | Important |
| Windows Update Stack | CVE-2019-1336 | Microsoft Windows Update Client 特权提升漏洞 | Important |
| Windows Update Stack | CVE-2019-1337 | Windows Update Client 信息泄露漏洞 | Important |
修复建议
微软官方已经发布更新补丁,请及时进行补丁更新。