2020年5月13日����,微軟發(fā)布5月軟件安全更新���。修復了111個安全問題����,涉及Microsoft Windows、Internet Explorer���、Microsoft Edge��、.NET Framework����、Microsoft Office�、Visual Studio等廣泛使用的產(chǎn)品,其中包括特權提升和遠程代碼執(zhí)行等高危漏洞類型�����。本月微軟月度更新修復的漏洞中�����,嚴重程度為關鍵(Critical)的漏洞共有16個�,重要(Important)漏洞有95個。其中Win32k 特權提升(CVE-2020-1054)漏洞的PoC已公開���,請相關用戶及時更新補丁進行防護����。
漏洞描述
1. CVE-2020-1153:Microsoft圖形組件遠程代碼執(zhí)行漏洞
Graphics Components是Microsoft Windows操作系統(tǒng)和Microsoft Windows Server操作系統(tǒng)的一個圖形組件。Microsoft Graphics Components在處理內存對象的過程中存在遠程代碼執(zhí)行漏洞�����。攻擊者可通過誘導用戶打開特制文件來利用此漏洞����,成功利用此漏洞的攻擊者可在目標系統(tǒng)上執(zhí)行任意代碼����。
危害等級:嚴重
官方通告:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1153
2. CVE-2020-1062:Internet Explorer 內存損壞漏洞
當 Internet Explorer 不正確地訪問內存中的對象時,存在遠程執(zhí)行代碼漏洞���。該漏洞可能以一種攻擊者可以在當前用戶的上下文中執(zhí)行任意代碼的方式損壞內存�。成功利用該漏洞的攻擊者可以獲得與當前用戶相同的用戶權限�。當用戶訪問一個特別設計的、由攻擊者控制的web頁面時���,可能會觸發(fā)此漏洞�����。
危害等級:嚴重
官方通告:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1062
3. CVE-2020-1023�、CVE-2020-1024、CVE-2020–1102和CVE-2020-1069:Microsoft SharePoint 遠程執(zhí)行代碼漏洞
以上4個為微軟SharePoint中的遠程代碼執(zhí)行漏洞����。攻擊者可以利用此類漏洞獲得在受影響終端或服務器上執(zhí)行任意代碼的能力。由于SharePoint無法檢查應用程序包的源標記�����,前3個漏洞可以誘導用戶打開一個特別制作的SharePoint應用程序文件從而進行利用��。由于SharePoint Server無法正確識別和篩選不安全的 ASP.NET Web 控件��,經(jīng)過身份驗證的攻擊者通過上傳一個特別制作的頁面到SharePoint服務器�����,可成功利用CVE-2020-1069漏洞��。
危害等級:嚴重
官方通告:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1024
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1102
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1069
4. CVE-2020-1054(PoC已公開)/CVE-2020-1143:Win32k特權提升漏洞
由于Windows kernel-mode driver未能正確處理內存中的對象�,導致存在兩個特權提升漏洞。攻擊者可通過登錄目標系統(tǒng)并運行特制的應用程序來進行利用�,成功利用此漏洞的攻擊者可以在系統(tǒng)內核模式中執(zhí)行任意代碼��。
危害等級:高危
官方通告:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1054
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1143
5. CVE-2020-1067:Windows 遠程執(zhí)行代碼漏洞
Windows 在處理內存對象的過程中存在遠程執(zhí)行代碼漏洞�。具有域用戶帳戶的攻擊者通過發(fā)送特殊的請求�����,從而使 Windows執(zhí)行提升權限的任意代碼�。成功利用此漏洞可以在受影響的Windows上以更高的權限執(zhí)行任意代碼。
危害等級:高危
官方通告:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1067
6. CVE-2020-0901:Microsoft Excel遠程執(zhí)行代碼漏洞
由于Microsoft Excel無法正確處理內存中的對象�����,導致存在遠程執(zhí)行代碼漏洞����。攻擊者通過誘使用戶使用受影響版本的Microsoft Excel打開經(jīng)過特殊設計的文件進行利用����。成功利用此漏洞的攻擊者可以獲得與當前用戶相同的系統(tǒng)控制權限。
危害等級:高危
官方通告:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0901
影響版本
重點關注以下漏洞��,更多請查閱官方通告鏈接:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-May
1. CVE-2020-1054�、CVE-2020-1143、CVE-2020-1067���、CVE-2020-1153
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1803 (Server Core Installation)
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
2. CVE-2020-1062
Internet Explorer 11:
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012
Windows Server 2012 R2
Internet Explorer 9:
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
3. CVE-2020-1023�、CVE-2020-1024、CVE-2020-1069
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2019
4. CVE-2020-1102
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
5. CVE-2020-0901
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2016 for Mac
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for Mac
修復方案
方法一:
在windows的安全中心進行在線下載安裝更新補?���。?/p>
方法二:
由于系統(tǒng)環(huán)境以及網(wǎng)絡環(huán)境的原因����,方法一(在線更新)可能會出現(xiàn)升級失敗的問題,可以點擊瀏覽官方公告�����,然后點擊更新名稱跳轉到微軟官方的下載頁面��,之后下載安全更新獨立程序包進行安裝�����。
官方公告:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-May
北京金山云網(wǎng)絡技術有限公司
2020/5/14