微软于周二发布了11月安全更新补丁,修复了76个从简单的欺骗攻击到远程执行代码的安全问题 。
综述
微软于周二发布了11月安全更新补丁,修复了76个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及Azure Stack、Chipsets、Graphic Fonts、Microsoft Edge、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft JET Database Engine、Microsoft Office、Microsoft Office SharePoint、Microsoft RPC、Microsoft Scripting Engine、Microsoft Windows、Open Source Software、Servicing Stack Updates、Visual Studio、Windows Hyper-V、Windows Kernel、Windows Media Player以及Windows Subsystem for Linux。
相关信息如下:
| 产品 | CVE 编号 | CVE 标题 | 严重程度 |
| Azure Stack | CVE-2019-1234 | Azure Stack 欺骗漏洞 | Important |
| Chipsets | ADV190024 | Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM) | Unknown |
| Graphic Fonts | CVE-2019-1456 | OpenType Font Parsing 远程代码执行漏洞 | Important |
| Microsoft Edge | CVE-2019-1413 | Microsoft Edge 安全功能绕过漏洞 | Important |
| Microsoft Exchange Server | CVE-2019-1373 | Microsoft Exchange 远程代码执行漏洞 | Critical |
| Microsoft Graphics Component | CVE-2019-1432 | DirectWrite 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1433 | Windows Graphics Component 特权提升漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1434 | Win32k 特权提升漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1435 | Windows Graphics Component 特权提升漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1436 | Win32k 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1437 | Windows Graphics Component 特权提升漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1438 | Windows Graphics Component 特权提升漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1439 | Windows GDI 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1440 | Win32k 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1441 | Win32k Graphics 远程代码执行漏洞 | Critical |
| Microsoft Graphics Component | CVE-2019-1393 | Win32k 特权提升漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1394 | Win32k 特权提升漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1395 | Win32k 特权提升漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1396 | Win32k 特权提升漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1407 | Windows Graphics Component 特权提升漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1408 | Win32k 特权提升漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1411 | DirectWrite 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1412 | OpenType Font Driver 信息泄露漏洞 | Important |
| Microsoft Graphics Component | CVE-2019-1419 | OpenType Font Parsing 远程代码执行漏洞 | Critical |
| Microsoft JET Database Engine | CVE-2019-1406 | Jet Database Engine 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2019-1457 | Microsoft Office Excel Security Feature Bypass | Important |
| Microsoft Office | CVE-2019-1402 | Microsoft Office 信息泄露漏洞 | Important |
| Microsoft Office | CVE-2019-1445 | Microsoft Office Online 欺骗漏洞 | Important |
| Microsoft Office | CVE-2019-1446 | Microsoft Excel 信息泄露漏洞 | Important |
| Microsoft Office | CVE-2019-1447 | Microsoft Office Online 欺骗漏洞 | Important |
| Microsoft Office | CVE-2019-1448 | Microsoft Excel 远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2019-1449 | Microsoft Office ClickToRun 安全功能绕过漏洞 | Important |
| Microsoft Office SharePoint | CVE-2019-1442 | Microsoft Office 安全功能绕过漏洞 | Important |
| Microsoft Office SharePoint | CVE-2019-1443 | Microsoft SharePoint 信息泄露漏洞 | Important |
| Microsoft RPC | CVE-2019-1409 | Windows Remote Procedure Call 信息泄露漏洞 | Important |
| Microsoft Scripting Engine | CVE-2019-1429 | Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-1390 | VBScript 远程代码执行漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-1426 | Scripting Engine 内存破坏漏洞 | Moderate |
| Microsoft Scripting Engine | CVE-2019-1427 | Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Scripting Engine | CVE-2019-1428 | Scripting Engine 内存破坏漏洞 | Critical |
| Microsoft Windows | CVE-2019-1374 | Windows Error Reporting 信息泄露漏洞 | Important |
| Microsoft Windows | CVE-2019-1415 | Windows Installer 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1417 | Windows Data Sharing Service 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1418 | Windows Modules Installer Service 信息泄露漏洞 | Important |
| Microsoft Windows | CVE-2018-12207 | Windows 拒绝服务漏洞 | Important |
| Microsoft Windows | CVE-2019-1324 | Windows TCP/IP 信息泄露漏洞 | Important |
| Microsoft Windows | CVE-2019-1379 | Windows Data Sharing Service 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1380 | Microsoft splwow64 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1381 | Microsoft Windows 信息泄露漏洞 | Important |
| Microsoft Windows | CVE-2019-1382 | Microsoft ActiveX Installer Service 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1383 | Windows Data Sharing Service 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1384 | Microsoft Windows 安全功能绕过漏洞 | Important |
| Microsoft Windows | CVE-2019-1385 | Windows AppX Deployment Extensions 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1388 | Windows Certificate Dialog 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1391 | Windows 拒绝服务漏洞 | Important |
| Microsoft Windows | CVE-2019-1405 | Windows UPnP Service 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1420 | Windows 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1422 | Windows 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1423 | Windows 特权提升漏洞 | Important |
| Microsoft Windows | CVE-2019-1424 | NetLogon 安全功能绕过漏洞 | Important |
| Open Source Software | CVE-2019-1370 | Open Enclave SDK 信息泄露漏洞 | Important |
| Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates | Critical |
| Visual Studio | CVE-2019-1425 | Visual Studio 特权提升漏洞 | Important |
| Windows Hyper-V | CVE-2019-0712 | Windows Hyper-V 拒绝服务漏洞 | Important |
| Windows Hyper-V | CVE-2019-0719 | Hyper-V 远程代码执行漏洞 | Critical |
| Windows Hyper-V | CVE-2019-0721 | Hyper-V 远程代码执行漏洞 | Critical |
| Windows Hyper-V | CVE-2019-1309 | Windows Hyper-V 拒绝服务漏洞 | Important |
| Windows Hyper-V | CVE-2019-1310 | Windows Hyper-V 拒绝服务漏洞 | Important |
| Windows Hyper-V | CVE-2019-1389 | Windows Hyper-V 远程代码执行漏洞 | Critical |
| Windows Hyper-V | CVE-2019-1397 | Windows Hyper-V 远程代码执行漏洞 | Critical |
| Windows Hyper-V | CVE-2019-1398 | Windows Hyper-V 远程代码执行漏洞 | Critical |
| Windows Hyper-V | CVE-2019-1399 | Windows Hyper-V 拒绝服务漏洞 | Important |
| Windows Kernel | CVE-2019-11135 | Windows Kernel 信息泄露漏洞 | Important |
| Windows Kernel | CVE-2019-1392 | Windows Kernel 特权提升漏洞 | Important |
| Windows Media Player | CVE-2019-1430 | Microsoft Windows Media Foundation 远程代码执行漏洞 | Critical |
| Windows Subsystem for Linux | CVE-2019-1416 | Windows Subsystem for Linux 特权提升漏洞 | Important |
修复建议
微软官方已经发布更新补丁,请及时进行补丁更新。