政府電腦保安事故協調中心 - 高危保安警報 (A19-05-07): Microsoft 產品多個漏洞 (2019年5月)

描述:

Microsoft 發布了安全性更新以應對多個影響個別 Microsoft 產品或元件的多個漏洞。有關安全性更新的列表，請參考以下網址：

https://support.microsoft.com/en-us/help/20190514/security-update-deployment-information-May-14-2019
https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

根據Microsoft，攻擊者可以利用Remote Desktop Services漏洞(CVE-2019-0708) 遠端執行程式碼。Microsoft為已停止支援的Windows XP 及 Windows Server 2003額外提供特別的安全更新，詳情請參閱以下Microsoft的建議。

Windows Vista、XP、及Windows Server 2003:
https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

Windows 7及Windows Server 2008:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

此外，有報告觀察到針對 Microsoft Windows (CVE-2019-0863 及 CVE-2019-0932) 漏洞的攻擊。

用戶應立即為受影響的系統安裝修補程式，包括運行Windows XP的電腦，以免增加受到網絡攻擊的風險。

受影響的系統:

Microsoft Internet Explorer 9, 10, 11
Microsoft Edge
Microsoft Windows XP, 7, 8.1, RT 8.1, 10
Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
Microsoft Windows Server, version 1803, version 1903
Microsoft Office 2010, 2013, 2013 RT, 2016, 2016 for Mac, 2019, 2019 for Mac
Microsoft Office Online Server
Microsoft Word 2016
Office 365 ProPlus
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2010, 2013
Microsoft SharePoint Server 2019
ASP.NET Core 2.1, 2.2
.NET Core 1.0, 1.1, 2.1, 2.2
Microsoft .NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6. 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8
Azure DevOps Server 2019
ChakraCore
Microsoft Azure Active Directory Connect
Microsoft Dynamics 365 (on-premises) version 8.2, version 9.0
Microsoft Dynamics CRM 2015 (on-premises) version 7.0
Microsoft SQL Server 2017
Microsoft Visual Studio 2015, 2017 version 15.0, 2017 version 15.9, 2019 version 16.0
Nuget 5.0.2
Skype 8.35 for Android Devices
Team Foundation Server 2015, 2017, 2018

有關受影響產品的完整列表，請參考以下網址:
https://portal.msrc.microsoft.com/en-us/security-guidance

影響:

成功利用這些漏洞可以導致遠端執行程式碼、泄漏資訊、繞過保安功能、提高權限、仿冒詐騙、篡改或服務受阻斷，視乎攻擊者利用哪個漏洞而定。

建議:

受影響產品的修補程式可在 Windows Update 或 Microsoft Update Catalog 獲取。受影響系統的用戶應遵從產品供應商的建議，立即採取行動以降低風險。

進一步資訊:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/e5989c8b-7046-e911-a98e-000d3a33a34d
https://support.microsoft.com/en-us/help/20190514/security-update-deployment-information-May-14-2019
https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
https://www.hkcert.org/my_url/zh/alert/19051501
https://www.us-cert.gov/ncas/current-activity/2019/05/14/Microsoft-Releases-May-2019-Security-Updates
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190012
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0707
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0708
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0727
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0864
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0872
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0884 (to CVE-2019-0886)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0889 (to CVE-2019-0903)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0911 (to CVE-2019-0918)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0921 (to CVE-2019-0927)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0929 (to CVE-2019-0933)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0936 (to CVE-2019-0938)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0945 (to CVE-2019-0947)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0949 (to CVE-2019-0953)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0956 (to CVE-2019-0958)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0976
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0979 (to CVE-2019-0982)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1008

標籤 : Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , Word , Office 365 , SharePoint , ASP .NET Core , .NET Core , .NET Framework , ChakraCore , Azure DevOps Server , Azure Active Directory Connect , Dynamics 365 , Dynamics CRM , SQL Server , Visual Studio , Nuget , Skype , Team Foundation Server