政府電腦保安事故協調中心 - 高危保安警報 (A19-02-02): Microsoft 產品多個漏洞 (2019年2月)

描述:

Microsoft 發布了安全性更新以應對多個影響個別 Microsoft 產品或元件的多個漏洞。有關安全性更新的列表，請參考以下網址：

https://support.microsoft.com/en-us/help/20190212/security-update-deployment-information

有報告觀察到針對 Microsoft Internet Explorer 漏洞 (CVE-2019-0676) 的攻擊。建議用家應立即為受影響的系統安裝修補程式，以減低受到網絡攻擊的風險。

受影響的系統:

Microsoft Internet Explorer 9, 10, 11
Microsoft Edge
Microsoft Windows 7, 8.1, RT 8.1, 10
Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
Microsoft Windows Server, version 1709, version 1803
Microsoft Office 2010, 2013, 2013 RT, 2016, 2016 for Mac, 2019, 2019 for Mac
Microsoft Office Compatibility Pack
Microsoft Office Word Viewer
Office 365 ProPlus
Microsoft Excel 2010, 2013, 2013 RT, 2016
Microsoft Excel Viewer
Microsoft PowerPoint Viewer
Microsoft SharePoint Enterprise Server 2013, 2016
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2010, 2019
Microsoft Exchange Server 2010, 2013, 2016, 2019
Microsoft .NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6. 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2
Microsoft Visual Studio 2017
.NET Core 1.0, 1.1, 2.1, 2.2
ChakraCore
Java SDK for Azure IoT
Team Foundation Server 2018
Visual Studio Code

有關受影響產品的完整列表，請參考以下網址:

https://portal.msrc.microsoft.com/en-us/security-guidance

影響:

成功利用這些漏洞可以導致遠端執行程式碼、提高權限、泄漏資訊、繞過保安功能及篡改，視乎攻擊者利用哪個漏洞而定。

建議:

受影響產品的修補程式可在 Windows Update 或 Microsoft Update Catalog 獲取。受影響系統的用戶應遵從產品供應商的建議，立即採取行動以降低風險。

進一步資訊:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/51503ac5-e6d2-e811-a983-000d3a33c573
https://support.microsoft.com/en-us/help/20190212/security-update-deployment-information
https://www.hkcert.org/my_url/zh/alert/19021301
https://www.us-cert.gov/ncas/current-activity/2019/02/12/Microsoft-Releases-February-2019-Security-Updates
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190004
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0590
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0591
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0593 (to CVE-2019-0602)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0604 (to CVE-2019-0607)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0613
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0619
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0623
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0625 (to CVE-2019-0628)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0630 (to CVE-2019-0637)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0640 (to CVE-2019-0645)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0648 (to CVE-2019-0652)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0654 (to CVE-2019-0662)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0668 (to CVE-2019-0676)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0686
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0728
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0741 (to CVE-2019-0743)

標籤 : Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , Office 365 , Excel , PowerPoint , SharePoint , Exchange Server , .NET Framework , Visual Studio , .NET Core , ChakraCore , Azure IoT , Team Foundation Server , Visual Studio Code