1. 主頁
  2. 保安警報
  3. 保安警報 (A20-05-02)

保安警報 (A20-05-02): Microsoft 產品多個漏洞 (2020年5月)


 

發布日期: 2020年 5月 13日

  
  

描述:

Microsoft 發布了安全性更新以應對多個影響 Microsoft 產品或元件的多個漏洞。有關安全性更新的列表,請參考以下網址:

https://support.microsoft.com/en-us/help/20200512/security-update-deployment-information-may-12-2020

 

受影響的系統:

  • Microsoft Internet Explorer 9, 11
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Windows 7, 8.1, RT 8.1, 10
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
  • Microsoft Windows Server, version 1803, version 1903, version 1909
  • Microsoft Office 2016 for Mac, 2019, 2019 for Mac
  • Microsoft Excel 2010, 2013, 2013 RT, 2016
  • Microsoft SharePoint Foundation 2013
  • Microsoft SharePoint Enterprise Server 2013, 2016
  • Microsoft SharePoint Server 2010, 2019
  • Microsoft Dynamics 365 (on-premises) 8.2, 9.0
  • Microsoft Visual Studio 2017, 2019
  • Microsoft .NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8
  • .NET Core 2.1, 3.1, 5.0
  • ASP.NET Core 3.1
  • ChakraCore
  • Power BI Report Server
  • Visual Studio Code

 

影響:

成功利用這些漏洞可以導致遠端執行程式碼、提高權限、服務受阻斷、泄漏資訊、仿冒詐騙及繞過保安功能,視乎攻擊者利用哪個漏洞而定。

 

建議:

受影響產品的修補程式可在 Windows Update 或 Microsoft Update Catalog 獲取。受影響系統的用戶應遵從產品供應商的建議,立即採取行動以降低風險。

 

進一步資訊:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-May
https://support.microsoft.com/en-us/help/20200512/security-update-deployment-information-may-12-2020
https://www.hkcert.org/my_url/zh/alert/20051301
https://www.us-cert.gov/ncas/current-activity/2020/05/12/microsoft-releases-may-2020-security-updates
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0909
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1058
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1059
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1060 (to CVE-2020-1072)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1075 (to CVE-2020-1079)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1084
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1086 (to CVE-2020-1088)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1090
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1099 (to CVE-2020-1114)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1116 (to CVE-2020-1118)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1121
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1123 (to CVE-2020-1126)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1134 (to CVE-2020-1145)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1149
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1150
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1153 (to CVE-2020-1158)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1164 (to CVE-2020-1166)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1173 (to CVE-2020-1176)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1184 (to CVE-2020-1192)

 



標籤 : Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , Excel , SharePoint , Dynamics 365 , Visual Studio , .NET Framework , .NET Core , ASP .NET Core , ChakraCore , Power BI Report , Visual Studio Code
標籤