【漏洞情报】微软2019年05月补丁情报

【风险详情】

微软已发布2019年05月安全补丁，修复了82个安全漏洞，其中critical漏洞22个，涉及Adobe Flash Player、Internet Explorer、Windows RDP等产品组件，修复的漏洞详细列表如下，请用户依据自身业务评估实际漏洞影响安排补丁升级，以提高系统安全性：

序号	产品	CVE 编号	CVE 标题	严重程度
1	NET Core	CVE-2019-0980	.Net Framework and .Net Core 拒绝服务漏洞	Important
2	.NET Core	CVE-2019-0981	.Net Framework and .Net Core 拒绝服务漏洞	Important
3	.NET Core	CVE-2019-0982	ASP.NET Core 拒绝服务漏洞	Important
4	.NET Framework	CVE-2019-0820	.NET Framework and .NET Core 拒绝服务漏洞	Important
5	.NET Framework	CVE-2019-0864	.NET Framework 拒绝服务漏洞	Important
6	Adobe Flash Player	ADV190012	May 2019 Adobe Flash 安全更新	Critical
7	Azure	CVE-2019-1000	Microsoft Azure AD Connect 特权提升漏洞	Important
8	Internet Explorer	CVE-2019-0921	Internet Explorer 欺骗漏洞	Important
9	Internet Explorer	CVE-2019-0929	Internet Explorer 内存破坏漏洞	Critical
10	Internet Explorer	CVE-2019-0930	Internet Explorer 信息泄露漏洞	Important
11	Internet Explorer	CVE-2019-0995	Internet Explorer 安全功能绕过漏洞	Important
12	Kerberos	CVE-2019-0734	Windows 特权提升漏洞	Important
13	Microsoft Browsers	CVE-2019-0940	Microsoft Browser 内存破坏漏洞	Critical
14	Microsoft Dynamics	CVE-2019-1008	Microsoft Dynamics On-Premise Security Feature Bypass	Important
15	Microsoft Edge	CVE-2019-0926	Microsoft Edge 内存破坏漏洞	Critical
16	Microsoft Edge	CVE-2019-0938	Microsoft Edge 特权提升漏洞	Important
17	Microsoft Graphics Component	CVE-2019-0882	Windows GDI 信息泄露漏洞	Important
18	Microsoft Graphics Component	CVE-2019-0892	Win32k 特权提升漏洞	Important
19	Microsoft Graphics Component	CVE-2019-0903	GDI+ 远程代码执行漏洞	Critical
20	Microsoft Graphics Component	CVE-2019-0961	Windows GDI 信息泄露漏洞	Important
21	Microsoft Graphics Component	CVE-2019-0758	Windows GDI 信息泄露漏洞	Important
22	Microsoft JET Database Engine	CVE-2019-0893	Jet Database Engine 远程代码执行漏洞	Important
23	Microsoft JET Database Engine	CVE-2019-0894	Jet Database Engine 远程代码执行漏洞	Important
24	Microsoft JET Database Engine	CVE-2019-0895	Jet Database Engine 远程代码执行漏洞	Important
25	Microsoft JET Database Engine	CVE-2019-0896	Jet Database Engine 远程代码执行漏洞	Important
26	Microsoft JET Database Engine	CVE-2019-0897	Jet Database Engine 远程代码执行漏洞	Important
27	Microsoft JET Database Engine	CVE-2019-0898	Jet Database Engine 远程代码执行漏洞	Important
28	Microsoft JET Database Engine	CVE-2019-0899	Jet Database Engine 远程代码执行漏洞	Important
29	Microsoft JET Database Engine	CVE-2019-0900	Jet Database Engine 远程代码执行漏洞	Important
30	Microsoft JET Database Engine	CVE-2019-0901	Jet Database Engine 远程代码执行漏洞	Important
31	Microsoft JET Database Engine	CVE-2019-0902	Jet Database Engine 远程代码执行漏洞	Important
32	Microsoft JET Database Engine	CVE-2019-0889	Jet Database Engine 远程代码执行漏洞	Important
33	Microsoft JET Database Engine	CVE-2019-0890	Jet Database Engine 远程代码执行漏洞	Important
34	Microsoft JET Database Engine	CVE-2019-0891	Jet Database Engine 远程代码执行漏洞	Important
35	Microsoft Office	CVE-2019-0945	Microsoft Office Access Connectivity Engine 远程代码执行漏洞	Important
36	Microsoft Office	CVE-2019-0946	Microsoft Office Access Connectivity Engine 远程代码执行漏洞	Important
37	Microsoft Office	CVE-2019-0947	Microsoft Office Access Connectivity Engine 远程代码执行漏洞	Important
38	Microsoft Office	CVE-2019-0953	Microsoft Word 远程代码执行漏洞	Critical
39	Microsoft Office SharePoint	CVE-2019-0956	Microsoft SharePoint Server 信息泄露漏洞	Important
40	Microsoft Office SharePoint	CVE-2019-0957	Microsoft SharePoint 特权提升漏洞	Important
41	Microsoft Office SharePoint	CVE-2019-0958	Microsoft SharePoint 特权提升漏洞	Important
42	Microsoft Office SharePoint	CVE-2019-0963	Microsoft Office SharePoint XSS Vulnerability	Important
43	Microsoft Office SharePoint	CVE-2019-0949	Microsoft SharePoint 欺骗漏洞	Important
44	Microsoft Office SharePoint	CVE-2019-0950	Microsoft SharePoint 欺骗漏洞	Important
45	Microsoft Office SharePoint	CVE-2019-0951	Microsoft SharePoint 欺骗漏洞	Important
46	Microsoft Office SharePoint	CVE-2019-0952	Microsoft SharePoint Server 远程代码执行漏洞	Important
47	Microsoft Scripting Engine	CVE-2019-0884	Scripting Engine 内存破坏漏洞	Critical
48	Microsoft Scripting Engine	CVE-2019-0911	Scripting Engine 内存破坏漏洞	Critical
49	Microsoft Scripting Engine	CVE-2019-0912	Chakra Scripting Engine 内存破坏漏洞	Critical
50	Microsoft Scripting Engine	CVE-2019-0913	Chakra Scripting Engine 内存破坏漏洞	Critical
51	Microsoft Scripting Engine	CVE-2019-0914	Chakra Scripting Engine 内存破坏漏洞	Moderate
52	Microsoft Scripting Engine	CVE-2019-0915	Chakra Scripting Engine 内存破坏漏洞	Critical
53	Microsoft Scripting Engine	CVE-2019-0916	Chakra Scripting Engine 内存破坏漏洞	Critical
54	Microsoft Scripting Engine	CVE-2019-0917	Chakra Scripting Engine 内存破坏漏洞	Critical
55	Microsoft Scripting Engine	CVE-2019-0918	Scripting Engine 内存破坏漏洞	Moderate
56	Microsoft Scripting Engine	CVE-2019-0922	Chakra Scripting Engine 内存破坏漏洞	Critical
57	Microsoft Scripting Engine	CVE-2019-0923	Chakra Scripting Engine 内存破坏漏洞	Important
58	Microsoft Scripting Engine	CVE-2019-0924	Chakra Scripting Engine 内存破坏漏洞	Critical
59	Microsoft Scripting Engine	CVE-2019-0925	Chakra Scripting Engine 内存破坏漏洞	Critical
60	Microsoft Scripting Engine	CVE-2019-0927	Chakra Scripting Engine 内存破坏漏洞	Critical
61	Microsoft Scripting Engine	CVE-2019-0933	Chakra Scripting Engine 内存破坏漏洞	Critical
62	Microsoft Scripting Engine	CVE-2019-0937	Chakra Scripting Engine 内存破坏漏洞	Critical
63	Microsoft Windows	CVE-2019-0863	Windows Error Reporting 特权提升漏洞	Important
64	Microsoft Windows	CVE-2019-0886	Windows Hyper-V 信息泄露漏洞	Important
65	Microsoft Windows	CVE-2019-0942	Unified Write Filter 特权提升漏洞	Important
66	Microsoft Windows	CVE-2019-0733	Windows Defender Application Control 安全功能绕过漏洞	Important
67	Microsoft Windows	CVE-2019-0885	Windows OLE 远程代码执行漏洞	Important
68	Microsoft Windows	CVE-2019-0931	Windows Storage Service 特权提升漏洞	Important
69	Microsoft Windows	ADV190013	Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilities	Important
70	Microsoft Windows	CVE-2019-0936	Windows 特权提升漏洞	Important
71	NuGet	CVE-2019-0976	NuGet Package Manager Tampering Vulnerability	Important
72	Servicing Stack Updates	ADV990001	Latest Servicing Stack Updates	Critical
73	Skype for Android	CVE-2019-0932	Skype for Android 信息泄露漏洞	Important
74	SQL Server	CVE-2019-0819	Microsoft SQL Server Analysis Services 信息泄露漏洞	Important
75	Team Foundation Server	CVE-2019-0971	Azure DevOps Server and Team Foundation Server 信息泄露漏洞	Important
76	Team Foundation Server	CVE-2019-0872	Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability	Important
77	Team Foundation Server	CVE-2019-0979	Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability	Important
78	Windows DHCP Server	CVE-2019-0725	Windows DHCP Server 远程代码执行漏洞	Critical
79	Windows Diagnostic Hub	CVE-2019-0727	Diagnostic Hub Standard Collector, Visual Studio Standard Collector 特权提升漏洞	Important
80	Windows Kernel	CVE-2019-0881	Windows Kernel 特权提升漏洞	Important
81	Windows NDIS	CVE-2019-0707	Windows NDIS 特权提升漏洞	Important
82	Windows RDP	CVE-2019-0708	Remote Desktop Services 远程代码执行漏洞	Critical

【风险评级】

高危

【影响范围】

5月漏洞及补丁涉及组件如下：

.NET Core

.NET Framework

Adobe Flash Player

Azure

Internet Explorer

Kerberos

Microsoft Browsers

Microsoft Dynamics

Microsoft Edge

Microsoft Graphics Component

Microsoft JET Database Engine

Microsoft Office

Microsoft Office SharePoint

Microsoft scripting Engine

Microsoft Windows

NuGet

Servicing Stack Updates

Skype for Android

SQL Server

Team Foundation Server

Windows DHCP Server

Windows Diagnostic Hub

Windows Kernel

Windows NDIS

Windows RDP

【修复建议】

1、建议用户关注并依据业务评估实际漏洞影响，选择更新相关产品补丁，以提高系统安全性；

2、修复方法：打开 Windows Update 更新功能，点击“检查更新”按钮，依据业务需求下载安装相关安全补丁，安装完毕后重启系统，并检查系统运行情况。

【参考链接】

https://support.microsoft.com/en-us/help/20190514/security-update-deployment-information-may-14-2019

平安云公告

【漏洞情报】微软2019年05月补丁情报