政府电脑保安事故协调中心 - 高危保安警报 (A19-05-07): Microsoft 产品多个漏洞 (2019年5月)

描述:

Microsoft 发布了安全性更新以应对多个影响个别 Microsoft 产品或元件的多个漏洞。有关安全性更新的列表，请参考以下网址：

https://support.microsoft.com/en-us/help/20190514/security-update-deployment-information-May-14-2019
https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

根据Microsoft，攻击者可以利用Remote Desktop Services漏洞(CVE-2019-0708) 远端执行程式码。Microsoft为已停止支援的Windows XP 及 Windows Server 2003额外提供特别的安全更新，详情请参阅以下Microsoft的建议。

Windows Vista、XP、及Windows Server 2003:
https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

Windows 7及Windows Server 2008:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

此外，有报告观察到针对 Microsoft Windows (CVE-2019-0863 及 CVE-2019-0932) 漏洞的攻击。

用户应立即为受影响的系统安装修补程式，包括运行Windows XP的电脑，以免增加受到网络攻击的风险。

受影响的系统:

Microsoft Internet Explorer 9, 10, 11
Microsoft Edge
Microsoft Windows XP, 7, 8.1, RT 8.1, 10
Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
Microsoft Windows Server, version 1803, version 1903
Microsoft Office 2010, 2013, 2013 RT, 2016, 2016 for Mac, 2019, 2019 for Mac
Microsoft Office Online Server
Microsoft Word 2016
Office 365 ProPlus
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2010, 2013
Microsoft SharePoint Server 2019
ASP.NET Core 2.1, 2.2
.NET Core 1.0, 1.1, 2.1, 2.2
Microsoft .NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6. 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8
Azure DevOps Server 2019
ChakraCore
Microsoft Azure Active Directory Connect
Microsoft Dynamics 365 (on-premises) version 8.2, version 9.0
Microsoft Dynamics CRM 2015 (on-premises) version 7.0
Microsoft SQL Server 2017
Microsoft Visual Studio 2015, 2017 version 15.0, 2017 version 15.9, 2019 version 16.0
Nuget 5.0.2
Skype 8.35 for Android Devices
Team Foundation Server 2015, 2017, 2018

有关受影响产品的完整列表，请参考以下网址:
https://portal.msrc.microsoft.com/en-us/security-guidance

影响:

成功利用这些漏洞可以导致远端执行程式码、泄漏资讯、绕过保安功能、提高权限、仿冒诈骗、篡改或服务受阻断，视乎攻击者利用哪个漏洞而定。

建议:

受影响产品的修补程式可在 Windows Update 或 Microsoft Update Catalog 获取。受影响系统的用户应遵从产品供应商的建议，立即采取行动以降低风险。

进一步信息:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/e5989c8b-7046-e911-a98e-000d3a33a34d
https://support.microsoft.com/en-us/help/20190514/security-update-deployment-information-May-14-2019
https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
https://www.hkcert.org/my_url/zh/alert/19051501
https://www.us-cert.gov/ncas/current-activity/2019/05/14/Microsoft-Releases-May-2019-Security-Updates
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190012
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0707
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0708
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0727
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0864
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0872
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0884 (to CVE-2019-0886)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0889 (to CVE-2019-0903)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0911 (to CVE-2019-0918)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0921 (to CVE-2019-0927)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0929 (to CVE-2019-0933)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0936 (to CVE-2019-0938)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0945 (to CVE-2019-0947)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0949 (to CVE-2019-0953)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0956 (to CVE-2019-0958)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0976
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0979 (to CVE-2019-0982)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1008

标签 : Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , Word , Office 365 , SharePoint , ASP .NET Core , .NET Core , .NET Framework , ChakraCore , Azure DevOps Server , Azure Active Directory Connect , Dynamics 365 , Dynamics CRM , SQL Server , Visual Studio , Nuget , Skype , Team Foundation Server