天天操人人干,夜夜操夜夜爽,一级片中国,国产成视频

真情服務(wù)  厚德載物
今天是:
聯(lián)系我們

市場(chǎng)部:0564-3227239
技術(shù)部:0564-3227237
財(cái)務(wù)部: 0564-3227034
公司郵箱:lachs@126.com
技術(shù)郵箱:cc1982@163.com
地址:六安市淠望路103號(hào)

技術(shù)分類(lèi)
推薦資訊
當(dāng)前位置:首 頁(yè) > 技術(shù)中心 > 安全產(chǎn)品 > 查看信息
多個(gè)產(chǎn)品高危漏洞!微軟發(fā)布6月安全更新
作者:永辰科技  來(lái)源:綠盟科技  發(fā)表時(shí)間:2020-6-29 16:42:57  點(diǎn)擊:2432

北京時(shí)間6月10日,微軟發(fā)布6月安全更新補(bǔ)丁,修復(fù)了130個(gè)安全問(wèn)題,涉及Microsoft Windows、Internet Explorer、Microsoft Edge、Windows Defender、Microsoft Office、Visual Studio、Adobe Flash Player等廣泛使用的產(chǎn)品,其中包括內(nèi)存泄露和遠(yuǎn)程代碼執(zhí)行等高危漏洞類(lèi)型。

本月微軟月度更新修復(fù)的漏洞中,嚴(yán)重程度為關(guān)鍵(Critical)的漏洞共有12個(gè),重要(Important)漏洞有118個(gè)。

這是微軟有史以來(lái)在一個(gè)月內(nèi)發(fā)布CVE數(shù)量最多的一次,其中Windows SMB 遠(yuǎn)程代碼執(zhí)行漏洞(CVE-2020-1301)與Windows SMBv3 客戶(hù)端/服務(wù)器信息泄漏漏洞(CVE-2020-1206)的PoC已公開(kāi),請(qǐng)相關(guān)用戶(hù)及時(shí)更新補(bǔ)丁進(jìn)行防護(hù),詳細(xì)漏洞列表請(qǐng)參考附錄。

參考鏈接:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jun

重點(diǎn)漏洞簡(jiǎn)述

根據(jù)產(chǎn)品流行度和漏洞重要性篩選出此次更新中包含影響較大的漏洞,請(qǐng)相關(guān)用戶(hù)重點(diǎn)進(jìn)行關(guān)注:

  • CVE-2020-1206(PoC已公開(kāi)):Windows SMBv3 客戶(hù)端/服務(wù)器信息泄漏漏洞

Microsoft Server Message Block 3.1.1 (SMBv3)協(xié)議在處理某些請(qǐng)求時(shí)存在信息泄露漏洞,未經(jīng)身份驗(yàn)證的攻擊者可通過(guò)向目標(biāo)SMB服務(wù)器發(fā)送特殊設(shè)計(jì)的數(shù)據(jù)包,或配置一個(gè)惡意的 SMBv3 服務(wù)器并誘導(dǎo)用戶(hù)連接。攻擊者利用此漏洞可獲取到敏感信息。

與SMBv3Ghost有關(guān)的內(nèi)容可參考:https://mp.weixin.qq.com/s/q3dL6YI0K-cFLbNzySabHQ

官方通告鏈接:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1206

  • CVE-2020-1301(PoC已公開(kāi)):Windows SMB 遠(yuǎn)程代碼執(zhí)行漏洞

Microsoft Server Message Block 1.0 (SMBv1) 服務(wù)器在處理某些請(qǐng)求時(shí)存在遠(yuǎn)程代碼執(zhí)行漏洞,經(jīng)過(guò)身份驗(yàn)證的攻擊者向目標(biāo) SMBv1 服務(wù)器發(fā)送特殊設(shè)計(jì)的數(shù)據(jù)包,成功利用此漏洞的攻擊者可在目標(biāo)系統(tǒng)上執(zhí)行代碼。

微軟已在 2014 年棄用了 SMBv1 協(xié)議,在 Windows 10 中 默認(rèn)禁用SMBv1 。檢測(cè)與禁用 SMB協(xié)議請(qǐng)參考官方文檔:https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3

官方通告鏈接:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1301

  • CVE-2020-1281:Windows OLE 遠(yuǎn)程代碼執(zhí)行漏洞

由于Microsoft Windows OLE 無(wú)法正確驗(yàn)證用戶(hù)輸入,攻擊者可以誘使用戶(hù)在網(wǎng)頁(yè)或電子郵件中打開(kāi)特殊設(shè)計(jì)的文件或程序,從而利用此漏洞來(lái)執(zhí)行惡意代碼。

官方通告鏈接:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1281

  • CVE-2020-1300:Windows 遠(yuǎn)程執(zhí)行代碼漏洞

由于Microsoft Windows 無(wú)法正確處理 cabinet 文件,攻擊者可誘使用戶(hù)打開(kāi)特殊設(shè)計(jì)的 cabinet 文件或誘騙用戶(hù)安裝偽裝成打印機(jī)驅(qū)動(dòng)程序的惡意 cabinet 文件,從而利用此漏洞執(zhí)行任意代碼。

官方通告鏈接:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1300

  • CVE-2020-1181:Microsoft SharePoint Server 遠(yuǎn)程代碼執(zhí)行漏洞

由于SharePoint Server無(wú)法正確識(shí)別和篩選不安全的 ASP.NET Web 控件,經(jīng)過(guò)身份驗(yàn)證的攻擊者通過(guò)上傳一個(gè)特別制作的頁(yè)面到SharePoint服務(wù)器,可成功利用此漏洞在服務(wù)器上執(zhí)行任意代碼。

官方通告鏈接:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1181

  • CVE-2020-1225/1226:Microsoft Excel 遠(yuǎn)程代碼執(zhí)行漏洞

由于Microsoft Excel無(wú)法正確處理內(nèi)存中的對(duì)象,導(dǎo)致存在遠(yuǎn)程代碼執(zhí)行漏洞。攻擊者通過(guò)誘使用戶(hù)使用受影響版本的Microsoft Excel打開(kāi)經(jīng)過(guò)特殊設(shè)計(jì)的文件進(jìn)行利用。成功利用此漏洞的攻擊者可以獲得與當(dāng)前用戶(hù)相同的系統(tǒng)控制權(quán)限。

官方通告鏈接:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1225

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1226

  • CVE-2020-1248:GDI 遠(yuǎn)程代碼執(zhí)行漏洞

Windows 圖形設(shè)備接口 (GDI) 在處理內(nèi)存中對(duì)象的方式中存在遠(yuǎn)程代碼執(zhí)行漏洞。攻擊者可以利用該漏洞精心制作一個(gè)惡意網(wǎng)站或惡意文件,并通過(guò)釣魚(yú)郵件等方式誘導(dǎo)用戶(hù)點(diǎn)擊鏈接或打開(kāi)附件。成功利用此漏洞的攻擊者可能會(huì)控制受影響的系統(tǒng)。

官方通告鏈接:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1248

  • CVE-2020-1299:LNK 遠(yuǎn)程代碼執(zhí)行漏洞

Windows 在處理 .LNK 文件時(shí)存在一個(gè)遠(yuǎn)程代碼執(zhí)行漏洞,攻擊者可能會(huì)向用戶(hù)顯示包含惡意 .LNK 文件和關(guān)聯(lián)的惡意二進(jìn)制文件的可移除驅(qū)動(dòng)器或遠(yuǎn)程共享,成功利用此漏洞的攻擊者可獲得與本地用戶(hù)相同的系統(tǒng)權(quán)限。

官方通告鏈接:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1299

  • ADV200010| CVE-2020-9633: Adobe Flash Player 任意代碼執(zhí)行漏洞

此安全更新修復(fù)了 Adobe 安全公告 APSB20-30 中描述的漏洞(CVE-2020-9633),此漏洞影響Windows、MacOS、Linux和ChromeOS,成功利用該漏洞可在當(dāng)前用戶(hù)的環(huán)境中執(zhí)行任意代碼。

官方通告鏈接:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200010

https://helpx.adobe.com/cn/security/products/flash-player/apsb20-30.html

影響范圍

以下為重點(diǎn)關(guān)注漏洞的受影響產(chǎn)品版本,其他漏洞影響產(chǎn)品范圍請(qǐng)參閱官方通告鏈接。

漏洞編號(hào) 受影響產(chǎn)品版本
CVE-2020-1206 Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
CVE-2020-1301CVE-2020-1281CVE-2020-1300 Windows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for Itanium-Based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016  (Server Core installation)Windows Server 2019Windows Server 2019  (Server Core installation)Windows Server, version 1803  (Server Core Installation)Windows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
CVE-2020-1181 Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2010 Service Pack 2Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Server 2019
CVE-2020-1225CVE-2020-1226 Microsoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft 365 Apps for Enterprise for 64-bit SystemsMicrosoft Excel 2010 Service Pack 2 (32-bit editions)Microsoft Excel 2010 Service Pack 2 (64-bit editions)Microsoft Excel 2013 RT Service Pack 1Microsoft Excel 2013 Service Pack 1 (32-bit editions)Microsoft Excel 2013 Service Pack 1 (64-bit editions)Microsoft Excel 2016 (32-bit edition)Microsoft Excel 2016 (64-bit edition)Microsoft Office 2016 for MacMicrosoft Office 2019 for 32-bit editionsMicrosoft Office 2019 for 64-bit editionsMicrosoft Office 2019 for Mac
CVE-2020-1248 Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
CVE-2020-1299 Windows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016  (Server Core installation)Windows Server 2019Windows Server 2019  (Server Core installation)Windows Server, version 1803  (Server Core Installation)Windows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
ADV200010 |CVE-2020-9633 Windows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows Server 2019Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows Server 2016Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2012Windows Server 2012 R2Windows 10 Version 2004 for x64-based SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit Systems

漏洞防護(hù)

補(bǔ)丁更新

目前微軟官方已針對(duì)受支持的產(chǎn)品版本發(fā)布了修復(fù)以上漏洞的安全補(bǔ)丁,強(qiáng)烈建議受影響用戶(hù)盡快安裝補(bǔ)丁進(jìn)行防護(hù),官方下載鏈接:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jun

注:由于網(wǎng)絡(luò)問(wèn)題、計(jì)算機(jī)環(huán)境問(wèn)題等原因,Windows Update的補(bǔ)丁更新可能出現(xiàn)失敗。用戶(hù)在安裝補(bǔ)丁后,應(yīng)及時(shí)檢查補(bǔ)丁是否成功更新。

右鍵點(diǎn)擊Windows圖標(biāo),選擇“設(shè)置(N)”,選擇“更新和安全”-“Windows更新”,查看該頁(yè)面上的提示信息,也可點(diǎn)擊“查看更新歷史記錄”查看歷史更新情況。

針對(duì)未成功安裝的更新,可點(diǎn)擊更新名稱(chēng)跳轉(zhuǎn)到微軟官方下載頁(yè)面,建議用戶(hù)點(diǎn)擊該頁(yè)面上的鏈接,轉(zhuǎn)到“Microsoft更新目錄”網(wǎng)站下載獨(dú)立程序包并安裝。

 
 
 
合作伙伴
微軟中國(guó) | 聯(lián)想集團(tuán) | IBM | 蘋(píng)果電腦 | 浪潮集團(tuán) | 惠普中國(guó) | 深信服 | 愛(ài)數(shù)軟件 | 華為
六安市永辰科技有限公司 版權(quán)所有 © Copyright 2010-2021 All Rights 六安市淠望路103號(hào) 最佳瀏覽效果 IE8或以上瀏覽器
訪問(wèn)量:2987194    皖I(lǐng)CP備11014188號(hào)-1