高危保安警报 (A20-06-07): Microsoft 产品多个漏洞 (2020年6月)

描述:

Microsoft 发布了安全性更新以应对多个影响 Microsoft 产品或元件的多个漏洞。有关安全性更新的列表，请参考以下网址：
https://support.microsoft.com/en-us/help/20200609/security-update-deployment-information-june-9-2020

Microsoft 发布的2020年6月安全性更新应对了Server Message Block (SMB) 规约 (protocol) 中的漏洞(CVE-2020-1206)。Windows 10以及Windows Server版本1903、版本1909及版本2004均受到影响。成功利用这个漏洞可以让未通过认证的远端攻击者在目标SMB Server或 SMB Client上泄泄Kernel记忆体。用户应立即为受影响的系统安装修补程式，以减低受到网络攻击的风险。

受影响的系统:

• Microsoft Internet Explorer 9, 11
• Microsoft Edge (EdgeHTML-based)
• Microsoft Windows 7, 8.1, RT 8.1, 10
• Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
• Microsoft Windows Server, version 1803, version 1903, version 1909, version 2004
• Microsoft 365 Apps for Enterprise
• Microsoft Office 2010, 2013, 2013RT, 2016, 2016 for Mac, 2019, 2019 for Mac
• Microsoft Excel 2010, 2013, 2013 RT, 2016
• Microsoft Word 2010, 2013, 2013 RT, 2016
• Microsoft Word for Android
• Microsoft Project 2010, 2013, 2016
• Microsoft SharePoint Foundation 2010, 2013
• Microsoft SharePoint Enterprise Server 2013, 2016
• Microsoft SharePoint Server 2010, 2019
• Microsoft Visual Studio 2015, 2017, 2019
• Microsoft Visual Studio Code Live Share extension
• Microsoft Dynamics 365
• Microsoft Forefront Endpoint Protection 2010
• Microsoft Security Essentials
• Microsoft System Center Endpoint Protection, 2012, 2012 R2
• Windows Defender
• Azure DevOps Server 2019, 2019.0.1
• ChakraCore

影响:

成功利用这些漏洞可以导致远端执行程式码、提高权限、服务受阻断、泄漏资讯、仿冒诈骗及绕过保安功能，视乎攻击者利用哪个漏洞而定。

建议:

受影响产品的修补程式可在 Windows Update 或 Microsoft Update Catalog 获取。受影响系统的用户应遵从产品供应商的建议，立即采取行动以降低风险。

进一步信息:

https://support.microsoft.com/en-us/help/20200609/security-update-deployment-information-june-9-2020
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jun
https://www.hkcert.org/my_url/zh/alert/20061001
https://www.us-cert.gov/ncas/current-activity/2020/06/09/microsoft-releases-june-2020-security-updates
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0915
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1201 (to CVE-2020-1204)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1206 (to CVE-2020-1209)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1211 (to CVE-2020-1217)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1219 (to CVE-2020-1223)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1225
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1229 (to CVE-2020-1239)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1246 (to CVE-2020-1248)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1251
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1253 (to CVE-2020-1255)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1257 (to CVE-2020-1266)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1268 (to CVE-2020-1284)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1289 (to CVE-2020-1302)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1304 (to CVE-2020-1307)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1309 (to CVE-2020-1318)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1320 (to CVE-2020-1324)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1327 (to CVE-2020-1329)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1331
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1334
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1348