政府電腦保安事故協調中心 - 高危保安警報 (A19-03-03): Microsoft 產品多個漏洞 (2019年3月)

描述:

Microsoft 發布了安全性更新以應對多個影響個別 Microsoft 產品或元件的多個漏洞。有關安全性更新的列表，請參考以下網址:

https://support.microsoft.com/en-us/help/20190312/security-update-deployment-information-march-12-2019

有報告觀察到針對 Microsoft Windows 及 Windows Server (CVE-2019-0797及 CVE-2019-0808) 漏洞的攻擊。用戶應立即為受影響的系統安裝修補程式，以免增加受到網絡攻擊的風險。

受影響的系統:

Microsoft Internet Explorer 9, 10, 11
Microsoft Edge
Microsoft Windows 7, 8.1, RT 8.1, 10
Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
Microsoft Windows Server, version 1709, version 1803
Microsoft Office 2010
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2013
.NET Core SDK 1.1, 2.1.500
ChakraCore
Mono Framework Version 5.18.0.223, 5.20.0
Nuget 4.3.1, 4.4.2, 4.5.2, 4.6.3, 4.7.2, 4.8.2, 4.9.4
Skype for Business Server 2015
Microsoft Lync Server 2013- Team Foundation Server 2017, 2018- Microsoft Visual Studio 2017, Visual Studio for Mac

有關受影響產品的完整列表，請參考以下網址:
https://portal.msrc.microsoft.com/en-us/security-guidance

影響:

成功利用這些漏洞可以導致遠端執行程式碼、泄漏資訊、繞過保安功能、提高權限、仿冒詐騙、篡改及拒絕服務，視乎攻擊者利用哪個漏洞而定。

建議:

受影響產品的修補程式可在 Windows Update 或 Microsoft Update Catalog 獲取。受影響系統的用戶應遵從產品供應商的建議，立即採取行動以降低風險。

進一步資訊:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ac45e477-1019-e911-a98b-000d3a33a34d
https://support.microsoft.com/en-us/help/20190312/security-update-deployment-information-march-12-2019
https://www.hkcert.org/my_url/zh/alert/19031301
https://www.us-cert.gov/ncas/current-activity/2019/03/12/Microsoft-Releases-March-2019-Security-Updates
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190009
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0592
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0603
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0617
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0665 (to CVE-2019-0667)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0678
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0680
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0682
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0689
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0692 (to CVE-2019-0698)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0701 (to CVE-2019-0704)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0748
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0754 (to CVE-2019-0757)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0759
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0761 (to CVE-2019-0763)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0765 (to CVE-2019-0780)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0782 (to CVE-2019-0784)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0821

標籤 : Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , SharePoint , .NET Core , ChakraCore , Mono Framework , Nuget , Skype , Lync , Team Foundation Server , Visual Studio