打印 上一主题 下一主题

【安全预警】关于微软2019年1月安全补丁更新说明

跳转到指定楼层
楼主
SetYun 发表于 2019-1-21 10:00:49 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
尊敬的腾讯云客户,您好:   近日,腾讯云安全中心监测到微软发布了 2019 年 1 月安全补丁更新,共披露了 49 个安全漏洞,其中包含 7 个严重漏洞,攻击者可利用漏洞实施远程代码执行等攻击。
       为避免您的业务受影响,腾讯云安全中心建议您及时开展安全自查,如在受影响范围,请您及时进行更新修复,避免被外部攻击者入侵。


【漏洞详情】
严重漏洞(7个):
CVE-2019-0550 - Windows Hyper-V remote code execution vulnerability
CVE-2019-0551 - Windows Hyper-V remote code execution vulnerability
CVE-2019-0539 - Chakra Scripting Engine memory corruption vulnerability
CVE-2019-0567 - Chakra Scripting Engine memory corruption vulnerability
CVE-2019-0568 - Chakra Scripting Engine memory corruption vulnerability
CVE-2019-0547 - Windows DHCP client memory corruption vulnerability
CVE-2019-0565 - Microsoft Edge memory corruption vulnerability

重要漏洞(41个):
CVE-2019-0555 - Microsoft XmlDocument escalation of privilege vulnerability
CVE-2019-0572 - Windows Data Sharing elevation of privilege vulnerability
CVE-2019-0573 - Windows Data Sharing elevation of privilege vulnerability
CVE-2019-0574 - Windows Data Sharing elevation of privilege vulnerability
CVE-2019-0536 - Windows kernel information disclosure vulnerability
CVE-2019-0537 - Visual Studio information disclosure vulnerability
CVE-2019-0538 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0541 - MSHTML engine remote code execution vulnerability
CVE-2019-0543 - Windows elevation of privilege vulnerability
CVE-2019-0545 - .NET Framework and .NET Core information disclosure vulnerability
CVE-2019-0548 - ASP.NET Core denial of service vulnerability
CVE-2019-0549 - Windows kernel information disclosure vulnerability
CVE-2019-0552 - Windows COM Desktop Broker elevation of privilege vulnerability
CVE-2019-0553 - Windows Subsystem for Linux information disclosure vulnerability
CVE-2019-0554 - Windows kernel information disclosure vulnerability
CVE-2019-0556 - Microsoft SharePoint Server cross-site-scripting (XSS) vulnerability
CVE-2019-0557 - Microsoft SharePoint Server cross-site-scripting (XSS) vulnerability
CVE-2019-0558 - Microsoft SharePoint Server cross-site-scripting (XSS) vulnerability
CVE-2019-0559 - Microsoft Outlook information disclosure vulnerability
CVE-2019-0560 - Microsoft Office information disclosure vulnerability
CVE-2019-0561 - Microsoft Word information disclosure vulnerability
CVE-2019-0562 - Microsoft SharePoint Server elevation of privilege vulnerability
CVE-2019-0564 - ASP.NET Core  denial of service vulnerability
CVE-2019-0566 - Microsoft Edge Browser Broker COM object elevation of privilege vulnerability
CVE-2019-0569 - Windows kernel information disclosure vulnerability
CVE-2019-0570 - Windows Runtime elevation of privilege vulnerability
CVE-2019-0571 - Windows Data Sharing Service elevation of privilege vulnerability
CVE-2019-0575 - Windows Data Sharing Service remote code execution vulnerability
CVE-2019-0576 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0577 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0578 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0579 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0580 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0581 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0582 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0583 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0584 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0585 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0586 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0588 - Microsoft Exchange PowerShell API information disclosure vulnerability
CVE-2019-0542 - 暂未披露详细信息


【风险等级】
   高风险

【漏洞风险】
代码执行、权限提升、安全绕过以及信息泄露


【影响版本】
目前已知受影响产品如下:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office
ChakraCore
.NET Framework
ASP.NET
Microsoft Exchange Server
Microsoft Visual Studio



【修复建议】
目前微软官方均已发布漏洞修复更新,腾讯云安全团队建议您:
1)不要打开来历不明的文件或者链接,避免被被攻击者利用在机器上执行恶意代码;
2)打开Windows Update更新功能,点击“检查更新”,根据业务情况开展评估,下载安装相应的安全补丁;
3)补丁更新完毕后,重启系统生效,并观察系统及业务运行状态;
您也可以直接通过微软官方链接进行下载安装,补丁下载地址:https://portal.msrc.microsoft.com/en-us/security-guidance
【备注】建议您在安装补丁前做好数据备份工作,避免出现意外。


【漏洞参考】
1)官方通告:https://portal.msrc.microsoft.com/en-us/security-guidance
2)外部分析:https://blog.talosintelligence.com/2019/01/microsoft-patch-tuesday-january-2019.html




回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver|手机版|小黑屋|SetYun ( 辽ICP备16005250号

GMT+8, 2024-12-23 00:52 , Processed in 0.036760 second(s), 4 queries , File On.

Powered by Discuz! X3.3

© 2001-2017 Comsenz Inc.

快速回复 返回顶部 返回列表