政府电脑保安事故协调中心 - 高危保安警报 (A19-04-02): Microsoft 产品多个漏洞 (2019年4月)

描述:

Microsoft 发布了安全性更新以应对多个影响个别 Microsoft 产品或元件的多个漏洞。有关安全性更新的列表，请参考以下网址:

https://support.microsoft.com/en-us/help/20190409/security-update-deployment-information-april-9-2019

有报告观察到针对 Microsoft Windows (CVE-2019-0803 及 CVE-2019-0859) 漏洞的攻击。用户应立即为受影响的系统安装修补程式，以免增加受到网络攻击的风险。

受影响的系统:

Microsoft Internet Explorer 9, 10, 11
Microsoft Edge
Microsoft Windows 7, 8.1, RT 8.1, 10
Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
Microsoft Windows Server, version 1709, version 1803
Microsoft Office 2010, 2013, 2013 RT, 2016, 2016 for Mac, 2019, 2019 for Mac
Microsoft Excel 2010, 2013, 2013 RT, 2016
Office 365 ProPlus
Microsoft SharePoint Enterprise Server 2013, 2016
Microsoft SharePoint Foundation 2010, 2013
Microsoft SharePoint Server 2010, 2019
Microsoft Exchange Server 2010, 2013, 2016, 2019
ASP.NET Core 2.2
Azure DevOps Server 2019
ChakraCore
Open Enclave SDK
Team Foundation Server 2015, 2017, 2018
Windows Admin Center

有关受影响产品的完整列表，请参考以下网址:
- https://portal.msrc.microsoft.com/en-us/security-guidance

影响:

成功利用这些漏洞可以导致远端执行程式码、泄漏资讯、绕过保安功能、提高权限、仿冒诈骗、篡改及拒绝服务，视乎攻击者利用哪个漏洞而定。

建议:

受影响产品的修补程式可在 Windows Update 或 Microsoft Update Catalog 获取。受影响系统的用户应遵从产品供应商的建议，立即采取行动以降低风险。

进一步信息:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/18306ed5-1019-e911-a98b-000d3a33a34d
https://support.microsoft.com/en-us/help/20190409/security-update-deployment-information-april-9-2019
https://www.hkcert.org/my_url/zh/alert/19041001
https://www.us-cert.gov/ncas/current-activity/2019/04/09/Microsoft-Releases-April-2019-Security-Updates
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0685
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0688
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0730 (to CVE-2019-0732)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0764
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0790 (to CVE-2019-0796)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0801 (to CVE-2019-0803)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0812 (to CVE-2019-0815)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0822 (to CVE-2019-0831)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0833
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0835 (to CVE-2019-0842)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0844 (to CVE-2019-0849)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0851
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0856 (to CVE-2019-0862)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0866 (to CVE-2019-0871)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0874 (to CVE-2019-0877)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0879

标签 : Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , Excel , Office 365 , SharePoint , Exchange Server , ASP.NET Core , Azure DevOps Server , ChakraCore , Open Enclave SDK , Team Foundation Server , Windows Admin Center