【漏洞通告】微软更新多个产品高危漏洞通告

【漏洞通告】微软更新多个产品高危漏洞通告

原创 威胁对抗能力部 [绿盟科技安全情报](javascript:void(0)😉 今天

通告编号:NS-2020-0027

2020-04-15

TA****G:微软、安全更新、CVE-2020-0938、CVE-2020-1020、CVE-2020-1027、CVE-2020-0968
漏洞危害:攻击者利用本次安全更新中的漏洞,可造成信息泄露、特权提升、远程代码执行等
版本:1.0

1

漏洞概述

4月15日,微软发布4月安全补丁更新,修复了113个从简单的欺骗攻击到远程执行代码的安全问题,涉及Windows、Office、Internet Explorer、Edge、Windows Defender、Visual Studio等多个产品,其中包括3个已被在野利用的0-day漏洞。这三个漏洞分布在 Windows Adobe Type Manager Library 和Windows 内核中。

3月24日,微软发布编号为的ADV200006安全通告指出Adobe Type Manager Library在处理multi-master字体(Adobe Type 1 PostScript格式)时存在缺陷,攻击者可以精心构造恶意文档并诱使用户使用Windows Preview pane预览,从而利用该漏洞来远程执行代码。微软在三月的通告提供了相应的缓解措施,在本次月度更新中提供了修复补丁。

请相关用户及时更新补丁进行防护,详细漏洞列表请参考附录。

参考链接:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Apr

SEE MORE →

2重点漏洞简述

本月微软月度更新修复的漏洞中,严重程度为关键(Critical)的漏洞共有 17个,重要(Important)漏洞有 96个。以下为此次更新中影响较大的漏洞,请相关用户着重进行关注:

  • CVE-2020-1020、CVE-2020-0938:Adobe Font Manager库远程执行代码漏洞

这是两个影响Windows Adobe Type Manager Library 的远程代码执行漏洞,微软曾在三月下旬发布通告提供了相应的缓解措施,本次月度更新中提供了补丁。

漏洞缘于Windows Adobe Type Manager Library在处理multi-master字体(Adobe Type 1 PostScript格式)时存在缺陷。

对于除Windows 10以外的所有系统,成功利用该漏洞的攻击者可以远程执行代码。对于运行Windows 10的系统,成功利用该漏洞的攻击者可以在AppContainer沙盒上下文中以有限的权限执行代码。

Type 1字体分析远程执行代码漏洞通告及缓解措施请参阅文章:

https://mp.weixin.qq.com/s/7n-4VHSMyulfVAc5MNa7Jg

官方通告链接:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0938

  • CVE-2020-1027:Windows内核特权提升漏洞

此漏洞存在于Windows内核处理内存中对象的过程中。成功利用此漏洞的攻击者能够以提升后的权限执行代码。

官方通告链接:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1027

  • CVE-2020-0968:脚本引擎内存损坏漏洞

在 Internet Explorer 中,脚本引擎在处理内存中对象的过程中存在一个远程代码执行漏洞。该漏洞可破坏内存,使攻击者在当前用户的上下文中执行任意代码。成功利用此漏洞的攻击者可获得与当前用户相同的权限。如果当前用户以管理用户权限登录,成功利用该漏洞的攻击者可以完全控制受影响的系统。

官方通告链接:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0968

3影响范围

漏洞编号受影响产品版本
CVE-2020-1020、CVE-2020-0938Windows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for Itanium-Based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)
CVE-2020-1027Windows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for Itanium-Based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)
CVE-2020-0968Internet Explorer 11:Windows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows Server 2019 4549949 Security UpdateWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows Server 2016Windows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2012 4550917 Monthly RollupWindows Server 2012 R2 4550961 Monthly Rollup
Internet Explorer 9:Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2

4漏洞防护

4.1 补丁更新

目前微软官方已针对受支持的系统版本发布修复了以上漏洞的安全补丁,强烈建议受影响用户尽快安装补丁进行防护,官方下载链接:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Apr

注:由于网络问题、计算机环境问题等原因,Windows Update的补丁更新可能出现失败。用户在安装补丁后,应及时检查补丁是否成功更新。

右键点击Windows徽标,选择“设置(N)”,选择“更新和安全”-“Windows更新”,查看该页面上的提示信息,也可点击“查看更新历史记录”查看历史更新情况。

针对未成功安装的更新,可点击更新名称跳转到微软官方下载页面,建议用户点击该页面上的链接,转到“Microsoft更新目录”网站下载独立程序包并安装。

附录产品漏洞列表

影响产品CVE 编号漏洞标题严重程度
Microsoft DynamicsCVE-2020-1022Dynamics Business Central 远程代码执行漏洞Critical
Microsoft Graphics ComponentCVE-2020-0907Microsoft Graphics Components 远程代码执行漏洞Critical
Microsoft Graphics ComponentCVE-2020-0687Microsoft Graphics 远程代码执行漏洞Critical
Microsoft Graphics ComponentCVE-2020-0938Adobe Font Manager Library 远程代码执行漏洞Critical
Microsoft Graphics ComponentCVE-2020-1020Adobe Font Manager Library 远程代码执行漏洞Critical
Microsoft OfficeCVE-2020-0931Microsoft SharePoint 远程代码执行漏洞Critical
Microsoft Office SharePointCVE-2020-0929Microsoft SharePoint 远程代码执行漏洞Critical
Microsoft Office SharePointCVE-2020-0932Microsoft SharePoint 远程代码执行漏洞Critical
Microsoft Office SharePointCVE-2020-0974Microsoft SharePoint 远程代码执行漏洞Critical
Microsoft Scripting EngineCVE-2020-0968Scripting Engine 内存破坏漏洞Critical
Microsoft Scripting EngineCVE-2020-0969Chakra Scripting Engine 内存破坏漏洞Critical
Microsoft Scripting EngineCVE-2020-0970Scripting Engine 内存破坏漏洞Critical
Microsoft WindowsCVE-2020-0965Microsoft Windows Codecs Library 远程代码执行漏洞Critical
Windows Hyper-VCVE-2020-0910Windows Hyper-V 远程代码执行漏洞Critical
Windows MediaCVE-2020-0948Media Foundation 内存破坏漏洞Critical
Windows MediaCVE-2020-0949Media Foundation 内存破坏漏洞Critical
Windows MediaCVE-2020-0950Media Foundation 内存破坏漏洞Critical
Android AppCVE-2020-0943Microsoft YourPhone Application for Android Authentication Bypass VulnerabilityImportant
AppsCVE-2020-1019Microsoft RMS Sharing App for Mac 特权提升漏洞Important
Microsoft DynamicsCVE-2020-1018Microsoft Dynamics Business Central/NAV Information DisclosureImportant
Microsoft DynamicsCVE-2020-1049Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2020-1050Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0784DirectX 特权提升漏洞Important
Microsoft Graphics ComponentCVE-2020-0987Microsoft Graphics Component 信息泄露漏洞Important
Microsoft Graphics ComponentCVE-2020-1004Windows Graphics Component 特权提升漏洞Important
Microsoft Graphics ComponentCVE-2020-1005Microsoft Graphics Component 信息泄露漏洞Important
Microsoft Graphics ComponentCVE-2020-0952Windows GDI 信息泄露漏洞Important
Microsoft Graphics ComponentCVE-2020-0958Win32k 特权提升漏洞Important
Microsoft Graphics ComponentCVE-2020-0964GDI+ 远程代码执行漏洞Important
Microsoft Graphics ComponentCVE-2020-0982Microsoft Graphics Component 信息泄露漏洞Important
Microsoft JET Database EngineCVE-2020-0988Jet Database Engine 远程代码执行漏洞Important
Microsoft JET Database EngineCVE-2020-0992Jet Database Engine 远程代码执行漏洞Important
Microsoft JET Database EngineCVE-2020-0994Jet Database Engine 远程代码执行漏洞Important
Microsoft JET Database EngineCVE-2020-0995Jet Database Engine 远程代码执行漏洞Important
Microsoft JET Database EngineCVE-2020-0999Jet Database Engine 远程代码执行漏洞Important
Microsoft JET Database EngineCVE-2020-1008Jet Database Engine 远程代码执行漏洞Important
Microsoft JET Database EngineCVE-2020-0889Jet Database Engine 远程代码执行漏洞Important
Microsoft JET Database EngineCVE-2020-0953Jet Database Engine 远程代码执行漏洞Important
Microsoft JET Database EngineCVE-2020-0959Jet Database Engine 远程代码执行漏洞Important
Microsoft JET Database EngineCVE-2020-0960Jet Database Engine 远程代码执行漏洞Important
Microsoft OfficeCVE-2020-0760Microsoft Office 远程代码执行漏洞Important
Microsoft OfficeCVE-2020-0906Microsoft Excel 远程代码执行漏洞Important
Microsoft OfficeCVE-2020-0935OneDrive for Windows 特权提升漏洞Important
Microsoft OfficeCVE-2020-0979Microsoft Excel 远程代码执行漏洞Important
Microsoft OfficeCVE-2020-0980Microsoft Word 远程代码执行漏洞Important
Microsoft OfficeCVE-2020-0991Microsoft Office 远程代码执行漏洞Important
Microsoft OfficeCVE-2020-0961Microsoft Office Access Connectivity Engine 远程代码执行漏洞Important
Microsoft OfficeCVE-2020-0984Microsoft (MAU) Office 特权提升漏洞Important
Microsoft Office SharePointCVE-2020-0920Microsoft SharePoint 远程代码执行漏洞Important
Microsoft Office SharePointCVE-2020-0923Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-0924Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-0925Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-0926Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-0927Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-0930Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-0933Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-0954Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-0971Microsoft SharePoint 远程代码执行漏洞Important
Microsoft Office SharePointCVE-2020-0972Microsoft SharePoint 欺骗漏洞Important
Microsoft Office SharePointCVE-2020-0973Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-0975Microsoft SharePoint 欺骗漏洞Important
Microsoft Office SharePointCVE-2020-0976Microsoft SharePoint 欺骗漏洞Important
Microsoft Office SharePointCVE-2020-0977Microsoft SharePoint 欺骗漏洞Important
Microsoft Office SharePointCVE-2020-0978Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft WindowsCVE-2020-0794Windows 拒绝服务漏洞Important
Microsoft WindowsCVE-2020-0944Connected User Experiences and Telemetry Service 特权提升漏洞Important
Microsoft WindowsCVE-2020-1001Windows Push Notification Service 特权提升漏洞Important
Microsoft WindowsCVE-2020-1006Windows Push Notification Service 特权提升漏洞Important
Microsoft WindowsCVE-2020-1029Connected User Experiences and Telemetry Service 特权提升漏洞Important
Microsoft WindowsCVE-2020-0934Windows 特权提升漏洞Important
Microsoft WindowsCVE-2020-0940Windows Push Notification Service 特权提升漏洞Important
Microsoft WindowsCVE-2020-0942Connected User Experiences and Telemetry Service 特权提升漏洞Important
Microsoft WindowsCVE-2020-0981Windows Token 安全功能绕过漏洞Important
Microsoft WindowsCVE-2020-1009Windows 特权提升漏洞Important
Microsoft WindowsCVE-2020-1011Windows 特权提升漏洞Important
Microsoft WindowsCVE-2020-1016Windows Push Notification Service 信息泄露漏洞Important
Microsoft WindowsCVE-2020-1017Windows Push Notification Service 特权提升漏洞Important
Microsoft WindowsCVE-2020-1094Windows Work Folder Service 特权提升漏洞Important
Microsoft Windows DNSCVE-2020-0993Windows DNS 拒绝服务漏洞Important
Open Source SoftwareCVE-2020-1026MSR JavaScript Cryptography Library 安全功能绕过漏洞Important
Remote Desktop ClientCVE-2020-0919Microsoft Remote Desktop App for Mac 特权提升漏洞Important
Visual StudioCVE-2020-0899Microsoft Visual Studio 特权提升漏洞Important
Visual StudioCVE-2020-0900Visual Studio Extension Installer Service 特权提升漏洞Important
Windows DefenderCVE-2020-0835Windows Defender Antimalware Platform Hard Link 特权提升漏洞Important
Windows DefenderCVE-2020-1002Microsoft Defender 特权提升漏洞Important
Windows Hyper-VCVE-2020-0917Windows Hyper-V 特权提升漏洞Important
Windows Hyper-VCVE-2020-0918Windows Hyper-V 特权提升漏洞Important
Windows KernelCVE-2020-0913Windows Kernel 特权提升漏洞Important
Windows KernelCVE-2020-0955Windows Kernel Information Disclosure in CPU Memory AccessImportant
Windows KernelCVE-2020-1000Windows Kernel 特权提升漏洞Important
Windows KernelCVE-2020-1003Windows Kernel 特权提升漏洞Important
Windows KernelCVE-2020-1007Windows Kernel 信息泄露漏洞Important
Windows KernelCVE-2020-1027Windows Kernel 特权提升漏洞Important
Windows KernelCVE-2020-0699Win32k 信息泄露漏洞Important
Windows KernelCVE-2020-0821Windows Kernel 信息泄露漏洞Important
Windows KernelCVE-2020-0888DirectX 特权提升漏洞Important
Windows KernelCVE-2020-0936Windows Scheduled Task 特权提升漏洞Important
Windows KernelCVE-2020-0956Win32k 特权提升漏洞Important
Windows KernelCVE-2020-0957Win32k 特权提升漏洞Important
Windows KernelCVE-2020-0962Win32k 信息泄露漏洞Important
Windows KernelCVE-2020-1015Windows 特权提升漏洞Important
Windows MediaCVE-2020-0945Media Foundation 信息泄露漏洞Important
Windows MediaCVE-2020-0946Media Foundation 信息泄露漏洞Important
Windows MediaCVE-2020-0947Media Foundation 信息泄露漏洞Important
Windows MediaCVE-2020-0937Media Foundation 信息泄露漏洞Important
Windows MediaCVE-2020-0939Media Foundation 信息泄露漏洞Important
Windows Update StackCVE-2020-0985Windows Update Stack 特权提升漏洞Important
Windows Update StackCVE-2020-0996Windows Update Stack 特权提升漏洞Important
Windows Update StackCVE-2020-0983Windows 特权提升漏洞Important
Windows Update StackCVE-2020-1014Microsoft Windows Update Client 特权提升漏洞Important
Microsoft Scripting EngineCVE-2020-0895Windows VBScript Engine 远程代码执行漏洞Low
Microsoft Scripting EngineCVE-2020-0966VBScript 远程代码执行漏洞Low
Microsoft Scripting EngineCVE-2020-0967VBScript 远程代码执行漏洞Moderate

转载自https://mp.weixin.qq.com/s/igHraZnoLWBYOGXqqE2ing

admin-root 系统安全 web安全 安全架构
每个人都可以成为黑客,也许他就在你身边,也许...那就是未来的你
┃  ┏┃┃┃┏┛
┃  ━┛━┛┏┛  
━┛ ❤️  ━┛
本人小菜鸟一枚,公众号里有粉丝群和我的联系方式,有问题我会尽力解答的