高危保安警报 (A19-02-02): Microsoft 产品多个漏洞 (2019年2月)

描述:

Microsoft 发布了安全性更新以应对多个影响个别 Microsoft 产品或元件的多个漏洞。有关安全性更新的列表，请参考以下网址：

https://support.microsoft.com/en-us/help/20190212/security-update-deployment-information

有报告观察到针对 Microsoft Internet Explorer 漏洞 (CVE-2019-0676) 的攻击。建议用家应立即为受影响的系统安装修补程式，以减低受到网络攻击的风险。

受影响的系统:

• Microsoft Internet Explorer 9, 10, 11
• Microsoft Edge
• Microsoft Windows 7, 8.1, RT 8.1, 10
• Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
• Microsoft Windows Server, version 1709, version 1803
• Microsoft Office 2010, 2013, 2013 RT, 2016, 2016 for Mac, 2019, 2019 for Mac
• Microsoft Office Compatibility Pack
• Microsoft Office Word Viewer
• Office 365 ProPlus
• Microsoft Excel 2010, 2013, 2013 RT, 2016
• Microsoft Excel Viewer
• Microsoft PowerPoint Viewer
• Microsoft SharePoint Enterprise Server 2013, 2016
• Microsoft SharePoint Foundation 2013
• Microsoft SharePoint Server 2010, 2019
• Microsoft Exchange Server 2010, 2013, 2016, 2019
• Microsoft .NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6. 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2
• Microsoft Visual Studio 2017
• .NET Core 1.0, 1.1, 2.1, 2.2
• ChakraCore
• Java SDK for Azure IoT
• Team Foundation Server 2018
• Visual Studio Code

有关受影响产品的完整列表，请参考以下网址:

https://portal.msrc.microsoft.com/en-us/security-guidance

影响:

成功利用这些漏洞可以导致远端执行程式码、提高权限、泄漏资讯、绕过保安功能及篡改，视乎攻击者利用哪个漏洞而定。

建议:

受影响产品的修补程式可在 Windows Update 或 Microsoft Update Catalog 获取。受影响系统的用户应遵从产品供应商的建议，立即采取行动以降低风险。

进一步信息:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/51503ac5-e6d2-e811-a983-000d3a33c573
https://support.microsoft.com/en-us/help/20190212/security-update-deployment-information
https://www.hkcert.org/my_url/zh/alert/19021301
https://www.us-cert.gov/ncas/current-activity/2019/02/12/Microsoft-Releases-February-2019-Security-Updates
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190004
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0590
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0591
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0593 (to CVE-2019-0602)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0604 (to CVE-2019-0607)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0613
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0619
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0623
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0625 (to CVE-2019-0628)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0630 (to CVE-2019-0637)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0640 (to CVE-2019-0645)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0648 (to CVE-2019-0652)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0654 (to CVE-2019-0662)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0668 (to CVE-2019-0676)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0686
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0728
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0741 (to CVE-2019-0743)