Popular Products
Latest Products
Recommended Services
Computing
Storage
Backup
Network&CDN
Security
Database
Big Data Computing
Big Data Search and Analysis
Big Data Application
Big Data Solutions
Domain Name and Website
Platform
Communications
Intelligent Management
Office Automation
Auto Service
Management & Monitoring
Middleware
IT Management & Tools
Enterprise Service Solutions
Hybrid Cloud Solutions
Big Data Solutions
AI Solutions
Security Solutions
Private Cloud Solutions
Financial Solutions
Smart City Solutions
Medical Solutions
【漏洞详情】
微软已发布2019年06月安全补丁,修复了93个安全漏洞,其中critical漏洞22个,涉及Windows Authentication Methods、Adobe Flash Player、Microsoft Edge等产品组件,特别是NTLM 协议安全漏洞(CVE-2019-1040),该漏洞能使攻击者在仅有一个普通域账号的情况下,远程控制Windows 域内的任何终端设备,包括域控服务器,修复的漏洞详细列表如下,请用户依据自身业务评估实际漏洞影响及时安排补丁升级,以提高系统安全性:
|
序号 |
产品 |
CVE 编号 |
CVE 标题 |
严重程度 |
|
1 |
Adobe Flash Player |
ADV190015 |
June 2019 Adobe Flash 安全更新 |
Critical |
|
2 |
Kerberos |
CVE-2019-0972 |
Local Security Authority Subsystem Service 拒绝服务漏洞 |
Important |
|
3 |
Microsoft Browsers |
CVE-2019-1038 |
Microsoft Browser 内存破坏漏洞 |
Critical |
|
4 |
Microsoft Browsers |
CVE-2019-1081 |
Microsoft Browser 信息泄露漏洞 |
Important |
|
5 |
Microsoft Devices |
ADV190016 |
Bluetooth Low Energy Advisory |
Important |
|
6 |
Microsoft Devices |
ADV190017 |
Microsoft HoloLens Remote Code Execution Vulnerabilities |
Important |
|
7 |
Microsoft Edge |
CVE-2019-1054 |
Microsoft Edge 安全功能绕过漏洞 |
Important |
|
8 |
Microsoft Exchange Server |
ADV190018 |
Microsoft Exchange Server Defense in Depth Update |
Unknown |
|
9 |
Microsoft Graphics Component |
CVE-2019-1009 |
Windows GDI 信息泄露漏洞 |
Important |
|
10 |
Microsoft Graphics Component |
CVE-2019-1010 |
Windows GDI 信息泄露漏洞 |
Important |
|
11 |
Microsoft Graphics Component |
CVE-2019-1011 |
Windows GDI 信息泄露漏洞 |
Important |
|
12 |
Microsoft Graphics Component |
CVE-2019-1012 |
Windows GDI 信息泄露漏洞 |
Important |
|
13 |
Microsoft Graphics Component |
CVE-2019-1013 |
Windows GDI 信息泄露漏洞 |
Important |
|
14 |
Microsoft Graphics Component |
CVE-2019-1015 |
Windows GDI 信息泄露漏洞 |
Important |
|
15 |
Microsoft Graphics Component |
CVE-2019-1016 |
Windows GDI 信息泄露漏洞 |
Important |
|
16 |
Microsoft Graphics Component |
CVE-2019-1018 |
DirectX 特权提升漏洞 |
Important |
|
17 |
Microsoft Graphics Component |
CVE-2019-1046 |
Windows GDI 信息泄露漏洞 |
Important |
|
18 |
Microsoft Graphics Component |
CVE-2019-1047 |
Windows GDI 信息泄露漏洞 |
Important |
|
19 |
Microsoft Graphics Component |
CVE-2019-1048 |
Windows GDI 信息泄露漏洞 |
Important |
|
20 |
Microsoft Graphics Component |
CVE-2019-1049 |
Windows GDI 信息泄露漏洞 |
Important |
|
21 |
Microsoft Graphics Component |
CVE-2019-1050 |
Windows GDI 信息泄露漏洞 |
Important |
|
22 |
Microsoft Graphics Component |
CVE-2019-0960 |
Win32k 特权提升漏洞 |
Important |
|
23 |
Microsoft Graphics Component |
CVE-2019-0968 |
Windows GDI 信息泄露漏洞 |
Important |
|
24 |
Microsoft Graphics Component |
CVE-2019-0977 |
Windows GDI 信息泄露漏洞 |
Important |
|
25 |
Microsoft Graphics Component |
CVE-2019-0985 |
Microsoft Speech API 远程代码执行漏洞 |
Critical |
|
26 |
Microsoft JET Database Engine |
CVE-2019-0904 |
Jet Database Engine 远程代码执行漏洞 |
Important |
|
27 |
Microsoft JET Database Engine |
CVE-2019-0905 |
Jet Database Engine 远程代码执行漏洞 |
Important |
|
28 |
Microsoft JET Database Engine |
CVE-2019-0906 |
Jet Database Engine 远程代码执行漏洞 |
Important |
|
29 |
Microsoft JET Database Engine |
CVE-2019-0907 |
Jet Database Engine 远程代码执行漏洞 |
Important |
|
30 |
Microsoft JET Database Engine |
CVE-2019-0908 |
Jet Database Engine 远程代码执行漏洞 |
Important |
|
31 |
Microsoft JET Database Engine |
CVE-2019-0909 |
Jet Database Engine 远程代码执行漏洞 |
Important |
|
32 |
Microsoft JET Database Engine |
CVE-2019-0974 |
Jet Database Engine 远程代码执行漏洞 |
Important |
|
33 |
Microsoft Office |
CVE-2019-1034 |
Microsoft Word 远程代码执行漏洞 |
Important |
|
34 |
Microsoft Office |
CVE-2019-1035 |
Microsoft Word 远程代码执行漏洞 |
Important |
|
35 |
Microsoft Office SharePoint |
CVE-2019-1036 |
Microsoft Office SharePoint XSS Vulnerability |
Important |
|
36 |
Microsoft Office SharePoint |
CVE-2019-1031 |
Microsoft Office SharePoint XSS Vulnerability |
Important |
|
37 |
Microsoft Office SharePoint |
CVE-2019-1032 |
Microsoft Office SharePoint XSS Vulnerability |
Important |
|
38 |
Microsoft Office SharePoint |
CVE-2019-1033 |
Microsoft Office SharePoint XSS Vulnerability |
Important |
|
39 |
Microsoft scripting Engine |
CVE-2019-0988 |
scripting Engine 内存破坏漏洞 |
Critical |
|
40 |
Microsoft scripting Engine |
CVE-2019-0989 |
Chakra scripting Engine 内存破坏漏洞 |
Critical |
|
41 |
Microsoft scripting Engine |
CVE-2019-1055 |
scripting Engine 内存破坏漏洞 |
Critical |
|
42 |
Microsoft scripting Engine |
CVE-2019-0920 |
scripting Engine 内存破坏漏洞 |
Moderate |
|
43 |
Microsoft scripting Engine |
CVE-2019-0990 |
scripting Engine 信息泄露漏洞 |
Critical |
|
44 |
Microsoft scripting Engine |
CVE-2019-0991 |
Chakra scripting Engine 内存破坏漏洞 |
Critical |
|
45 |
Microsoft scripting Engine |
CVE-2019-0992 |
Chakra scripting Engine 内存破坏漏洞 |
Critical |
|
46 |
Microsoft scripting Engine |
CVE-2019-0993 |
Chakra scripting Engine 内存破坏漏洞 |
Critical |
|
47 |
Microsoft scripting Engine |
CVE-2019-1002 |
Chakra scripting Engine 内存破坏漏洞 |
Critical |
|
48 |
Microsoft scripting Engine |
CVE-2019-1003 |
Chakra scripting Engine 内存破坏漏洞 |
Critical |
|
49 |
Microsoft scripting Engine |
CVE-2019-1023 |
scripting Engine 信息泄露漏洞 |
Critical |
|
50 |
Microsoft scripting Engine |
CVE-2019-1024 |
Chakra scripting Engine 内存破坏漏洞 |
Critical |
|
51 |
Microsoft scripting Engine |
CVE-2019-1051 |
Chakra scripting Engine 内存破坏漏洞 |
Critical |
|
52 |
Microsoft scripting Engine |
CVE-2019-1052 |
Chakra scripting Engine 内存破坏漏洞 |
Critical |
|
53 |
Microsoft scripting Engine |
CVE-2019-1080 |
scripting Engine 内存破坏漏洞 |
Moderate |
|
54 |
Microsoft Windows |
CVE-2019-0888 |
ActiveX Data Objects (ADO) 远程代码执行漏洞 |
Critical |
|
55 |
Microsoft Windows |
CVE-2019-0943 |
Windows ALPC 特权提升漏洞 |
Important |
|
56 |
Microsoft Windows |
CVE-2019-0948 |
Windows Event Viewer 信息泄露漏洞 |
Moderate |
|
57 |
Microsoft Windows |
CVE-2019-0959 |
Windows Common Log File System Driver 特权提升漏洞 |
Important |
|
58 |
Microsoft Windows |
CVE-2019-0984 |
Windows Common Log File System Driver 特权提升漏洞 |
Important |
|
59 |
Microsoft Windows |
CVE-2019-0709 |
Windows Hyper-V 远程代码执行漏洞 |
Critical |
|
60 |
Microsoft Windows |
CVE-2019-0710 |
Windows Hyper-V 拒绝服务漏洞 |
Important |
|
61 |
Microsoft Windows |
CVE-2019-0711 |
Windows Hyper-V 拒绝服务漏洞 |
Important |
|
62 |
Microsoft Windows |
CVE-2019-0713 |
Windows Hyper-V 拒绝服务漏洞 |
Important |
|
63 |
Microsoft Windows |
CVE-2019-0722 |
Windows Hyper-V 远程代码执行漏洞 |
Critical |
|
64 |
Microsoft Windows |
CVE-2019-0983 |
Windows Storage Service 特权提升漏洞 |
Important |
|
65 |
Microsoft Windows |
CVE-2019-0998 |
Windows Storage Service 特权提升漏洞 |
Important |
|
66 |
Microsoft Windows |
CVE-2019-1025 |
Windows 拒绝服务漏洞 |
Important |
|
67 |
Microsoft Windows |
CVE-2019-1043 |
Comctl32 远程代码执行漏洞 |
Important |
|
68 |
Microsoft Windows |
CVE-2019-1045 |
Windows Network File System 特权提升漏洞 |
Important |
|
69 |
Microsoft Windows |
CVE-2019-1064 |
Windows 特权提升漏洞 |
Important |
|
70 |
Microsoft Windows |
CVE-2019-1069 |
Task Scheduler 特权提升漏洞 |
Important |
|
71 |
Servicing Stack Updates |
ADV990001 |
Latest Servicing Stack Updates |
Critical |
|
72 |
Skype for Business and Microsoft Lync |
CVE-2019-1029 |
Skype for Business and Lync Server 拒绝服务漏洞 |
Important |
|
73 |
Team Foundation Server |
CVE-2019-0996 |
Azure DevOps Server 欺骗漏洞 |
Important |
|
74 |
vbscript |
CVE-2019-1005 |
scripting Engine 内存破坏漏洞 |
Important |
|
75 |
Windows Authentication Methods |
CVE-2019-1040 |
Windows NTLM Tampering Vulnerability |
Important |
|
76 |
Windows Hyper-V |
CVE-2019-0620 |
Windows Hyper-V 远程代码执行漏洞 |
Critical |
|
77 |
Windows IIS |
CVE-2019-0941 |
Microsoft IIS Server 拒绝服务漏洞 |
Important |
|
78 |
Windows Installer |
CVE-2019-0973 |
Windows Installer 特权提升漏洞 |
Important |
|
79 |
Windows Kernel |
CVE-2019-1014 |
Win32k 特权提升漏洞 |
Important |
|
80 |
Windows Kernel |
CVE-2019-1017 |
Win32k 特权提升漏洞 |
Important |
|
81 |
Windows Kernel |
CVE-2019-1039 |
Windows Kernel 信息泄露漏洞 |
Important |
|
82 |
Windows Kernel |
CVE-2019-1041 |
Windows Kernel 特权提升漏洞 |
Important |
|
83 |
Windows Kernel |
CVE-2019-1044 |
Windows Secure Kernel Mode 安全功能绕过漏洞 |
Important |
|
84 |
Windows Kernel |
CVE-2019-1065 |
Windows Kernel 特权提升漏洞 |
Important |
|
85 |
Windows Media |
CVE-2019-1007 |
Windows Audio Service 特权提升漏洞 |
Important |
|
86 |
Windows Media |
CVE-2019-1021 |
Windows Audio Service 特权提升漏洞 |
Important |
|
87 |
Windows Media |
CVE-2019-1022 |
Windows Audio Service 特权提升漏洞 |
Important |
|
88 |
Windows Media |
CVE-2019-1026 |
Windows Audio Service 特权提升漏洞 |
Important |
|
89 |
Windows Media |
CVE-2019-1027 |
Windows Audio Service 特权提升漏洞 |
Important |
|
90 |
Windows Media |
CVE-2019-1028 |
Windows Audio Service 特权提升漏洞 |
Important |
|
91 |
Windows NTLM |
CVE-2019-1019 |
Microsoft Windows 安全功能绕过漏洞 |
Important |
|
92 |
Windows Shell |
CVE-2019-0986 |
Windows User Profile Service 特权提升漏洞 |
Important |
|
93 |
Windows Shell |
CVE-2019-1053 |
Windows Shell 特权提升漏洞 |
Important |
【风险评级】
高危
【影响范围】
6月漏洞及补丁涉及组件如下:
Adobe Flash Player
Kerberos
Microsoft Browsers
Microsoft Devices
Microsoft Edge
Microsoft Exchange Server
Microsoft Graphics Component
Microsoft JET Database Engine
Microsoft Office
Microsoft Office SharePoint
Microsoft scripting Engine
Microsoft Windows
Servicing Stack Updates
Skype for Business and Microsoft Lync
Team Foundation Server
vbscript
Windows Authentication Methods
Windows Hyper-V
Windows IIS
Windows Installer
Windows Kernel
Windows Media
Windows NTLM
Windows Shell
【修复建议】
1、建议用户关注并依据业务评估实际漏洞影响,选择更新相关产品补丁,以提高系统安全性;
2、修复方法:打开 Windows Update 更新功能,点击“检查更新”按钮,依据业务需求下载安装相关安全补丁,安装完毕后重启系统,并检查系统运行情况;
3、如仅修复NTLM 协议安全漏洞(CVE-2019-1040),也可单独下载补丁并更新,安装完毕后重启系统,补丁下载地址:https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-1040。
【参考链接】
特别提醒:修复漏洞前请进行充分测试,并务必做好数据备份和快照,防止出现意外。
