微软于周二发布了5月安全更新补丁,修复了82个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Core、.NET Framework、Adobe Flash Player、Azure、Internet Explorer、Kerberos、Microsoft Browsers、Microsoft Dynamics、Microsoft Edge、Microsoft Graphics Component、Microsoft JET Database Engine、Microsoft Office、Microsoft Office SharePoint、Microsoft Scripting Engine、Microsoft Windows、NuGet、Servicing Stack Updates、Skype for Android、SQL Server、Team Foundation Server、Windows DHCP Server、Windows Diagnostic Hub、Windows Kernel、Windows NDIS以及Windows RDP。
相关信息
相关信息如下:
| 产品 | CVE 编号 | CVE 标题 | 严重程度 |
| .NET Core | CVE-2019-0980 | .Net Framework and .Net Core 拒绝服务漏洞 | Important |
| .NET Core | CVE-2019-0981 | .Net Framework and .Net Core 拒绝服务漏洞 | Important |
| .NET Core | CVE-2019-0982 | ASP.NET Core 拒绝服务漏洞 | Important |
| .NET Framework | CVE-2019-0820 | .NET Framework and .NET Core 拒绝服务漏洞 | Important |
| .NET Framework | CVE-2019-0864 | .NET Framework 拒绝服务漏洞 | Important |
| Adobe Flash Player | ADV190012 | May 2019 Adobe Flash 安全更新 | Critical |
| Azure | CVE-2019-1000 | Microsoft Azure AD Connect 特权提升漏洞 | Important |
| Internet Explorer | CVE-2019-0921 | Internet Explorer 欺骗漏洞 | Important |
| Internet Explorer | CVE-2019-0929 | Internet Explorer 内存破坏漏洞 | Critical |
| Internet Explorer | CVE-2019-0930 | Internet Explorer 信息泄露漏洞 | Important |
| Internet Explorer | CVE-2019-0995 | Internet Explorer 安全功能绕过漏洞 | Important |
| Kerberos | CVE-2019-0734 | Windows 特权提升漏洞 | Important |
| Microsoft Browsers | CVE-2019-0940 | Microsoft Browser 内存破坏漏洞 | Critical |
| Microsoft Dynamics | CVE-2019-1008 | Microsoft Dynamics On-Premise Security Feature Bypass | Important |
| Microsoft Edge | CVE-2019-0926 | Microsoft Edge 内存破坏漏洞 | Critical |
| Microsoft Edge | CVE-2019-0938 | Microsoft Edge 特权提升漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-0882 | Windows GDI 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-0892 | Win32k 特权提升漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-0903 | GDI+ 远程代码执行漏洞 | Critical |
| Microsoft Graphics Component | CVE-2019-0961 | Windows GDI 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-0758 | Windows GDI 信息泄露漏洞 | Important |
| Microsoft JET Database Engine | CVE-2019-0893 | Jet Database Engine 远程代码执行漏洞 | Important |
| Microsoft JET Database Engine | CVE-2019-0894 | Jet Database Engine 远程代码执行漏洞 | Important |
| Microsoft JET Database Engine | CVE-2019-0895 | Jet Database Engine 远程代码执行漏洞 | Important |
| Microsoft JET Database Engine | CVE-2019-0896 | Jet Database Engine 远程代码执行漏洞 | Important |
| Microsoft JET Database Engine | CVE-2019-0897 | Jet Database Engine 远程代码执行漏洞 | Important |
| Microsoft JET Database Engine | CVE-2019-0898 | Jet Database Engine 远程代码执行漏洞 | Important |
| Microsoft JET Database Engine | CVE-2019-0899 | Jet Database Engine 远程代码执行漏洞 | Important |
| Microsoft JET Database Engine | CVE-2019-0900 | Jet Database Engine 远程代码执行漏洞 | Important |
| Microsoft JET Database Engine | CVE-2019-0901 | Jet Database Engine 远程代码执行漏洞 | Important |
| Microsoft JET Database Engine | CVE-2019-0902 | Jet Database Engine 远程代码执行漏洞 | Important |
| Microsoft JET Database Engine | CVE-2019-0889 | Jet Database Engine 远程代码执行漏洞 | Important |
| Microsoft JET Database Engine | CVE-2019-0890 | Jet Database Engine 远程代码执行漏洞 | Important |
| Microsoft JET Database Engine | CVE-2019-0891 | Jet Database Engine 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2019-0945 | Microsoft Office Access Connectivity Engine 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2019-0946 | Microsoft Office Access Connectivity Engine 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2019-0947 | Microsoft Office Access Connectivity Engine 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2019-0953 | Microsoft Word 远程代码执行漏洞 | Critical |
| Microsoft Office SharePoint | CVE-2019-0956 | Microsoft SharePoint Server 信息泄露漏洞 | Important |
| Microsoft Office SharePoint | CVE-2019-0957 | Microsoft SharePoint 特权提升漏洞 | Important |
| Microsoft Office SharePoint | CVE-2019-0958 | Microsoft SharePoint 特权提升漏洞 | Important |
| Microsoft Office SharePoint | CVE-2019-0963 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2019-0949 | Microsoft SharePoint 欺骗漏洞 | Important |
| Microsoft Office SharePoint | CVE-2019-0950 | Microsoft SharePoint 欺骗漏洞 | Important |
| Microsoft Office SharePoint | CVE-2019-0951 | Microsoft SharePoint 欺骗漏洞 | Important |
| Microsoft Office SharePoint | CVE-2019-0952 | Microsoft SharePoint Server 远程代码执行漏洞 | Important |
| Microsoft Scripting Engine | CVE-2019-0884 | Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-0911 | Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-0912 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-0913 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-0914 | Chakra Scripting Engine 内存破坏漏洞 | Moderate |
| Microsoft Scripting Engine | CVE-2019-0915 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-0916 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-0917 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-0918 | Scripting Engine 内存破坏漏洞 | Moderate |
| Microsoft Scripting Engine | CVE-2019-0922 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-0923 | Chakra Scripting Engine 内存破坏漏洞 | Important |
| Microsoft Scripting Engine | CVE-2019-0924 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-0925 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-0927 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-0933 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-0937 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Windows | CVE-2019-0863 | Windows Error Reporting 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-0886 | Windows Hyper-V 信息泄露漏洞 | Important |
| Microsoft Windows | CVE-2019-0942 | Unified Write Filter 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-0733 | Windows Defender Application Control 安全功能绕过漏洞 | Important |
| Microsoft Windows | CVE-2019-0885 | Windows OLE 远程代码执行漏洞 | Important |
| Microsoft Windows | CVE-2019-0931 | Windows Storage Service 特权提升漏洞 | Important |
| Microsoft Windows | ADV190013 | Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilities | Important |
| Microsoft Windows | CVE-2019-0936 | Windows 特权提升漏洞 | Important |
| NuGet | CVE-2019-0976 | NuGet Package Manager Tampering Vulnerability | Important |
| Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates | Critical |
| Skype for Android | CVE-2019-0932 | Skype for Android 信息泄露漏洞 | Important |
| SQL Server | CVE-2019-0819 | Microsoft SQL Server Analysis Services 信息泄露漏洞 | Important |
| Team Foundation Server | CVE-2019-0971 | Azure DevOps Server and Team Foundation Server 信息泄露漏洞 | Important |
| Team Foundation Server | CVE-2019-0872 | Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability | Important |
| Team Foundation Server | CVE-2019-0979 | Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability | Important |
| Windows DHCP Server | CVE-2019-0725 | Windows DHCP Server 远程代码执行漏洞 | Critical |
| Windows Diagnostic Hub | CVE-2019-0727 | Diagnostic Hub Standard Collector, Visual Studio Standard Collector 特权提升漏洞 | Important |
| Windows Kernel | CVE-2019-0881 | Windows Kernel 特权提升漏洞 | Important |
| Windows NDIS | CVE-2019-0707 | Windows NDIS 特权提升漏洞 | Important |
| Windows RDP | CVE-2019-0708 | Remote Desktop Services 远程代码执行漏洞 | Critical |
修复建议
微软官方已经发布更新补丁,请及时进行补丁更新。
附件