高危保安警報 (A20-06-07): Microsoft 產品多個漏洞 (2020年6月)

描述:

Microsoft 發布了安全性更新以應對多個影響 Microsoft 產品或元件的多個漏洞。有關安全性更新的列表，請參考以下網址：
https://support.microsoft.com/en-us/help/20200609/security-update-deployment-information-june-9-2020

Microsoft 發布的2020年6月安全性更新應對了Server Message Block (SMB) 規約 (protocol) 中的漏洞(CVE-2020-1206)。Windows 10以及Windows Server版本1903、版本1909及版本2004均受到影響。成功利用這個漏洞可以讓未通過認證的遠端攻擊者在目標SMB Server或 SMB Client上泄洩Kernel記憶體。用戶應立即為受影響的系統安裝修補程式，以減低受到網絡攻擊的風險。

受影響的系統:

• Microsoft Internet Explorer 9, 11
• Microsoft Edge (EdgeHTML-based)
• Microsoft Windows 7, 8.1, RT 8.1, 10
• Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
• Microsoft Windows Server, version 1803, version 1903, version 1909, version 2004
• Microsoft 365 Apps for Enterprise
• Microsoft Office 2010, 2013, 2013RT, 2016, 2016 for Mac, 2019, 2019 for Mac
• Microsoft Excel 2010, 2013, 2013 RT, 2016
• Microsoft Word 2010, 2013, 2013 RT, 2016
• Microsoft Word for Android
• Microsoft Project 2010, 2013, 2016
• Microsoft SharePoint Foundation 2010, 2013
• Microsoft SharePoint Enterprise Server 2013, 2016
• Microsoft SharePoint Server 2010, 2019
• Microsoft Visual Studio 2015, 2017, 2019
• Microsoft Visual Studio Code Live Share extension
• Microsoft Dynamics 365
• Microsoft Forefront Endpoint Protection 2010
• Microsoft Security Essentials
• Microsoft System Center Endpoint Protection, 2012, 2012 R2
• Windows Defender
• Azure DevOps Server 2019, 2019.0.1
• ChakraCore

影響:

成功利用這些漏洞可以導致遠端執行程式碼、提高權限、服務受阻斷、泄漏資訊、仿冒詐騙及繞過保安功能，視乎攻擊者利用哪個漏洞而定。

建議:

受影響產品的修補程式可在 Windows Update 或 Microsoft Update Catalog 獲取。受影響系統的用戶應遵從產品供應商的建議，立即採取行動以降低風險。

進一步資訊:

https://support.microsoft.com/en-us/help/20200609/security-update-deployment-information-june-9-2020
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jun
https://www.hkcert.org/my_url/zh/alert/20061001
https://www.us-cert.gov/ncas/current-activity/2020/06/09/microsoft-releases-june-2020-security-updates
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0915
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1201 (to CVE-2020-1204)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1206 (to CVE-2020-1209)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1211 (to CVE-2020-1217)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1219 (to CVE-2020-1223)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1225
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1229 (to CVE-2020-1239)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1246 (to CVE-2020-1248)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1251
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1253 (to CVE-2020-1255)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1257 (to CVE-2020-1266)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1268 (to CVE-2020-1284)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1289 (to CVE-2020-1302)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1304 (to CVE-2020-1307)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1309 (to CVE-2020-1318)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1320 (to CVE-2020-1324)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1327 (to CVE-2020-1329)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1331
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1334
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1348