有孚云官网

关于微软2020年9月多个产品爆出安全漏洞的通告

2020.9.14

摘要

北京时间9月9日，微软发布9月安全更新补丁，修复了129个安全问题，涉及Microsoft Windows、Internet Explorer、Microsoft Office、Microsoft Exchange Server、Visual Studio、ASP.NET等广泛使用的产品，其中包括远程代码执行和权限提升等高危漏洞类型。

1 漏洞概述

本月微软月度更新修复的漏洞中，严重程度为关键（Critical）的漏洞共有23个，重要（Important）漏洞有105个。请相关用户及时更新补丁进行防护，详细漏洞列表请参考附录。

参考链接：
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Sep

2 重点漏洞简述

根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞，请相关用户重点进行关注：

CVE-2020-16875: Exchange Server 远程代码执行漏洞

Microsoft Exchange在Internet Explorer中处理内存中的对象时，存在远程代码执行漏洞。利用此漏洞需要拥有以某个Exchange角色进行身份验证的用户权限，攻击者可通过向受影响的Exchange服务器发送包含特殊的cmdlet参数的邮件来触发此漏洞，成功利用此漏洞的攻击者可在受影响的系统上以system权限执行任意代码。

官方通告链接：
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16875

CVE-2020-1129/CVE-2020-1319：Microsoft Windows Codecs Library远程代码执行漏洞

Microsoft Windows Codecs Library在处理内存中的对象时存在远程代码执行漏洞（CVE-2020-1129）。攻击者可通过诱导用户打开特制图像文件来利用此漏洞，成功利用此漏洞的攻击者可获取信息从而进一步入侵受影响的系统。

Microsoft Windows Codecs Library在处理内存中的对象时存在远程代码执行漏洞（CVE-2020-1319）。攻击者通过构造特制的文件并诱使用户打开来利用此漏洞，成功利用此漏洞的攻击者可控制受影响的系统。

官方通告链接：
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1129
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1319

CVE-2020-0922: Microsoft COM 远程代码执行漏洞

Microsoft COM for Windows在处理内存中的对象时，存在远程代码执行漏洞。攻击者可通过诱导用户打开特制文件或诱导用户访问具有恶意JavaScript的网站来利用此漏洞，成功利用此漏洞的攻击者可在受影响的系统上执行任意代码。

官方通告链接：
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0922

CVE-2020-1252：Windows远程代码执行漏洞

Windows在处理内存中的对象时，存在远程代码执行漏洞。攻击者通过在目标系统运行特制的应用程序来利用此漏洞，成功利用此漏洞的攻击者可执行任意代码控制受影响的系统。

官方通告链接：
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1252

CVE-2020-1285：GDI+ 远程代码执行漏洞

Windows Graphics Device Interface (GDI) 在处理内存中的对象时存在远程代码执行漏洞。攻击者可通过诱导用户打开特殊设计的恶意网站，如点击电子邮件或即时消息中的链接来利用此漏洞，攻击者还可通过向用户发送特制文档文件并诱导用户打开来利用此漏洞，成功利用此漏洞的攻击者可在目标系统上以当前用户权限执行任意代码。

官方通告链接：
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1285

SharePoint 多个远程执行代码漏洞

（CVE-2020-1200、CVE-2020-1210、CVE-2020-1452、CVE-2020-1453、CVE-2020-1460、CVE-2020-1576、CVE-2020-1595）

Microsoft SharePoint在检查应用程序包的源标记时，存在5个远程代码执行漏洞（CVE-2020-1200、CVE-2020-1210、CVE-2020-1452、CVE-2020-1453、CVE-2020-1576）。攻击者可通过向受影响的SharePoint上传特制SharePoint应用程序包来利用此漏洞，成功利用此漏洞的攻击者可在 SharePoint应用程序池和SharePoint服务器账户的上下文中执行任意代码。

Microsoft SharePoint Server 无法正确识别和筛选不安全的 ASP.NET Web 控件时，存在远程代码执行漏洞（CVE-2020-1460）。经过身份验证的攻击者可通过在受影响的Microsoft SharePoint 服务器上创建并调用特制页面来利用此漏洞，成功利用此漏洞的攻击者可使用特制页面在SharePoint应用程序池进程的上下文中执行任意代码。

Microsoft SharePoint某些API在处理不安全的数据输入时，存在远程代码执行漏洞（CVE-2020-1595）。攻击者可通过使用特定格式的输入访问受影响版本SharePoint 上易受攻击的 API来利用此漏洞，成功利用此漏洞的攻击者可在目标 SharePoint应用程序池和SharePoint服务器账户的上下文中执行任意代码。

官方通告链接：
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1200
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1210
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1452
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1453
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1460
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1576
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1595

3 影响范围

以下为重点关注漏洞的受影响产品版本，其他漏洞影响产品范围请参阅官方通告链接。

漏洞编号	受影响产品版本
CVE-2020-16875	Microsoft Exchange Server 2016 Cumulative Update 16 Microsoft Exchange Server 2016 Cumulative Update 17 Microsoft Exchange Server 2019 Cumulative Update 5 Microsoft Exchange Server 2019 Cumulative Update 6
CVE-2020-1129	Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server, version 1903 (Server Core installation) Windows Server, version 1909 (Server Core installation) Windows Server, version 2004 (Server Core installation)
CVE-2020-1319	Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server, version 1903 (Server Core installation) Windows Server, version 1909 (Server Core installation) Windows Server, version 2004 (Server Core installation)
CVE-2020-0922 CVE-2020-1252 CVE-2020-1285	Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server, version 1903 (Server Core installation) Windows Server, version 1909 (Server Core installation) Windows Server, version 2004 (Server Core installation)
CVE-2020-1200	Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2010 Service Pack 2 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019
CVE-2020-1210	Microsoft Business Productivity Servers 2010 Service Pack 2 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2010 Service Pack 2 Microsoft SharePoint Server 2019
CVE-2020-1452 CVE-2020-1453 CVE-2020-1460	Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2010 Service Pack 2 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019
CVE-2020-1595	Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019
CVE-2020-1576	Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2010 Service Pack 2 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2010 Service Pack 2 Microsoft SharePoint Server 2019

4 漏洞防护

补丁更新

目前微软官方已针对受支持的产品版本发布了修复以上漏洞的安全补丁，强烈建议受影响用户尽快安装补丁进行防护，官方下载链接：
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Sep

注：由于网络问题、计算机环境问题等原因，Windows Update的补丁更新可能出现失败。用户在安装补丁后，应及时检查补丁是否成功更新。

右键点击Windows图标，选择“设置(N)”，选择“更新和安全”-“Windows更新”，查看该页面上的提示信息，也可点击“查看更新历史记录”查看历史更新情况。

针对未成功安装的更新，可点击更新名称跳转到微软官方下载页面，建议用户点击该页面上的链接，转到“Microsoft更新目录”网站下载独立程序包并安装。

附录：漏洞列表

影响产品	CVE 编号	漏洞标题	严重程度
Microsoft Office	CVE-2020-1460	Microsoft SharePoint Server 远程代码执行漏洞	Critical
Microsoft Dynamics	CVE-2020-16857	Microsoft Dynamics 365 for Finance and Operations (on-premises) 远程代码执行漏洞	Critical
Microsoft Dynamics	CVE-2020-16862	Microsoft Dynamics 365 (on-premises) 远程代码执行漏洞	Critical
Microsoft Office	CVE-2020-1452	Microsoft SharePoint 远程代码执行漏洞	Critical
Microsoft Office	CVE-2020-1453	Microsoft SharePoint 远程代码执行漏洞	Critical
Windows	CVE-2020-1508	Windows Media Audio Decoder 远程代码执行漏洞	Critical
Microsoft Office	CVE-2020-1576	Microsoft SharePoint 远程代码执行漏洞	Critical
Windows	CVE-2020-1593	Windows Media Audio Decoder 远程代码执行漏洞	Critical
Microsoft Edge,Internet Explorer,ChakraCore	CVE-2020-0878	Microsoft Browser 内存泄露漏洞	Critical
Windows	CVE-2020-0908	Windows Text Service Module 远程代码执行漏洞	Critical
Windows	CVE-2020-0922	Microsoft COM for Windows 远程代码执行漏洞	Critical
Windows	CVE-2020-0997	Windows Camera Codec Pack 远程代码执行漏洞	Critical
Microsoft Edge,ChakraCore	CVE-2020-1057	Scripting Engine 内存泄露漏洞	Critical
Windows	CVE-2020-1129	Microsoft Windows Codecs Library 远程代码执行漏洞	Critical
Microsoft Edge,ChakraCore	CVE-2020-1172	Scripting Engine 内存泄露漏洞	Critical
Microsoft Office	CVE-2020-1200	Microsoft SharePoint 远程代码执行漏洞	Critical
Microsoft Office	CVE-2020-1210	Microsoft SharePoint 远程代码执行漏洞	Critical
Windows	CVE-2020-1252	Windows 远程代码执行漏洞	Critical
Windows	CVE-2020-1285	GDI+ 远程代码执行漏洞	Critical
Windows	CVE-2020-1319	Microsoft Windows Codecs Library 远程代码执行漏洞	Critical
Microsoft Office	CVE-2020-1595	Microsoft SharePoint 远程代码执行漏洞	Critical
Microsoft Visual Studio	CVE-2020-16874	Visual Studio 远程代码执行漏洞	Critical
Exchange Server	CVE-2020-16875	Microsoft Exchange 内存泄露漏洞	Critical
Microsoft Office	CVE-2020-1345	Microsoft Office SharePoint XSS漏洞	Important
Windows	CVE-2020-1532	Windows InstallService 权限提升漏洞	Important
Microsoft Visual Studio	CVE-2020-16856	Visual Studio 远程代码执行漏洞	Important
Microsoft Dynamics	CVE-2020-16858	Microsoft Dynamics 365 (On-Premise) 跨站脚本漏洞	Important
Microsoft Dynamics	CVE-2020-16859	Microsoft Dynamics 365 (On-Premise) 跨站脚本漏洞	Important
Microsoft Dynamics	CVE-2020-16860	Microsoft Dynamics 365 (on-premises) 远程代码执行漏洞	Important
Microsoft Dynamics	CVE-2020-16861	Microsoft Dynamics 365 (On-Premise) 跨站脚本漏洞	Important
Microsoft Dynamics	CVE-2020-16864	Microsoft Dynamics 365 (On-Premise) 跨站脚本漏洞	Important
Microsoft Dynamics	CVE-2020-16872	Microsoft Dynamics 365 (On-Premise) 跨站脚本漏洞	Important
Microsoft Dynamics	CVE-2020-16878	Microsoft Dynamics 365 (On-Premise) 跨站脚本漏洞	Important
Windows	CVE-2020-16879	Projected Filesystem 信息披露漏洞	Important
Visual Studio Code	CVE-2020-16881	Visual Studio JSON 远程代码执行漏洞	Important
Windows	CVE-2020-1376	Windows 权限提升漏洞	Important
Windows	CVE-2020-1471	Windows CloudExperienceHost 权限提升漏洞	Important
Windows	CVE-2020-1491	Windows Function Discovery Service 权限提升漏洞	Important
Internet Explorer	CVE-2020-1506	Windows Start-Up Application 权限提升漏洞	Important
Windows	CVE-2020-1507	Microsoft COM for Windows 权限提升漏洞	Important
Windows	CVE-2020-1559	Windows Storage Services 权限提升漏洞	Important
Microsoft Office	CVE-2020-1575	Microsoft Office SharePoint XSS漏洞	Important
Windows	CVE-2020-1589	Windows Kernel 信息披露漏洞	Important
Windows	CVE-2020-1590	Connected User Experiences and Telemetry Service 权限提升漏洞	Important
Windows	CVE-2020-1592	Windows Kernel 信息披露漏洞	Important
Windows	CVE-2020-1596	TLS 信息披露漏洞	Important
Windows	CVE-2020-1598	Windows UPnP Service 权限提升漏洞	Important
Windows	CVE-2020-0648	Windows RSoP Service Application 权限提升漏洞	Important
Windows	CVE-2020-0664	Active Directory 信息披露漏洞	Important
Windows	CVE-2020-0718	Active Directory 远程代码执行漏洞	Important
Windows	CVE-2020-0761	Active Directory 远程代码执行漏洞	Important
Windows	CVE-2020-0766	Microsoft Store Runtime 权限提升漏洞	Important
Windows	CVE-2020-0782	Windows Cryptographic Catalog Services 权限提升漏洞	Important
Windows	CVE-2020-0790	Microsoft splwow64 权限提升漏洞	Important
Windows	CVE-2020-0805	Projected Filesystem Security 功能绕过	Important
Windows	CVE-2020-0836	Windows DNS 拒绝服务漏洞	Important
Windows	CVE-2020-0837	ADFS 欺骗漏洞	Important
Windows	CVE-2020-0838	NTFS 权限提升漏洞	Important
Windows	CVE-2020-0839	Windows dnsrslvr.dll 权限提升漏洞	Important
Windows	CVE-2020-0856	Active Directory 信息披露漏洞	Important
Windows	CVE-2020-0870	Shell infrastructure component 权限提升漏洞	Important
Windows	CVE-2020-0875	Microsoft splwow64 信息披露漏洞	Important
Windows	CVE-2020-0886	Windows Storage Services 权限提升漏洞	Important
Windows	CVE-2020-0890	Windows Hyper-V 拒绝服务漏洞	Important
Windows	CVE-2020-0904	Windows Hyper-V 拒绝服务漏洞	Important
Windows	CVE-2020-0911	Windows Modules Installer 权限提升漏洞	Important
Windows	CVE-2020-0912	Windows Function Discovery SSDP Provider 权限提升漏洞	Important
Windows	CVE-2020-0914	Windows State Repository Service 信息披露漏洞	Important
Windows	CVE-2020-0921	Microsoft Graphics Component 信息披露漏洞	Important
Windows	CVE-2020-0928	Windows Kernel 信息披露漏洞	Important
Windows	CVE-2020-0941	Win32k 信息披露漏洞	Important
Windows	CVE-2020-0951	Windows Defender Application Control Security 功能绕过	Important
Windows	CVE-2020-0989	Windows Mobile Device Management Diagnostics 信息披露漏洞	Important
Windows	CVE-2020-0998	Windows Graphics Component 权限提升漏洞	Important
Internet Explorer	CVE-2020-1012	WinINet API 权限提升漏洞	Important
Windows	CVE-2020-1013	Group Policy 权限提升漏洞	Important
Windows	CVE-2020-1030	Windows Print Spooler 权限提升漏洞	Important
Windows	CVE-2020-1031	Windows DHCP Server 信息披露漏洞	Important
Windows	CVE-2020-1033	Windows Kernel 信息披露漏洞	Important
Windows	CVE-2020-1034	Windows Kernel 权限提升漏洞	Important
Windows	CVE-2020-1038	Windows Routing Utilities Denial of Service	Important
Windows	CVE-2020-1039	Jet Database Engine 远程代码执行漏洞	Important
ASP.NET Core	CVE-2020-1045	Microsoft ASP.NET Core Security 功能绕过	Important
Windows	CVE-2020-1052	Windows 权限提升漏洞	Important
Windows	CVE-2020-1053	DirectX 权限提升漏洞	Important
Windows	CVE-2020-1074	Jet Database Engine 远程代码执行漏洞	Important
Windows	CVE-2020-1083	Microsoft Graphics Component 信息披露漏洞	Important
Windows	CVE-2020-1091	Windows Graphics Component 信息披露漏洞	Important
Windows	CVE-2020-1097	Windows Graphics Component 信息披露漏洞	Important
Windows	CVE-2020-1098	Windows Shell Infrastructure Component 权限提升漏洞	Important
Windows	CVE-2020-1115	Windows Common Log File System Driver 权限提升漏洞	Important
Windows	CVE-2020-1119	Windows 信息披露漏洞	Important
Windows	CVE-2020-1122	Windows Language Pack Installer 权限提升漏洞	Important
Windows,Microsoft Visual Studio	CVE-2020-1130	Diagnostics Hub Standard Collector 权限提升漏洞	Important
Windows,Microsoft Visual Studio	CVE-2020-1133	Diagnostics Hub Standard Collector 权限提升漏洞	Important
Windows	CVE-2020-1146	Microsoft Store Runtime 权限提升漏洞	Important
Windows	CVE-2020-1152	Windows Win32k 权限提升漏洞	Important
Windows	CVE-2020-1159	Windows 权限提升漏洞	Important
Windows	CVE-2020-1169	Windows Runtime 权限提升漏洞	Important
Microsoft Edge,ChakraCore	CVE-2020-1180	Scripting Engine 内存泄露漏洞	Important
Microsoft Office	CVE-2020-1193	Microsoft Excel 远程代码执行漏洞	Important
Microsoft Office	CVE-2020-1198	Microsoft Office SharePoint XSS漏洞	Important
Microsoft Office	CVE-2020-1205	Microsoft SharePoint 欺骗漏洞	Important
Microsoft Office	CVE-2020-1218	Microsoft Word 远程代码执行漏洞	Important
Microsoft Office	CVE-2020-1224	Microsoft Excel 信息披露漏洞	Important
Microsoft Office	CVE-2020-1227	Microsoft Office SharePoint XSS漏洞	Important
Windows	CVE-2020-1228	Windows DNS 拒绝服务漏洞	Important
Windows	CVE-2020-1245	Win32k 权限提升漏洞	Important
Windows	CVE-2020-1250	Win32k 信息披露漏洞	Important
Windows	CVE-2020-1256	Windows GDI 信息披露漏洞	Important
Windows	CVE-2020-1303	Windows Runtime 权限提升漏洞	Important
Windows	CVE-2020-1308	DirectX 权限提升漏洞	Important
Microsoft Office	CVE-2020-1332	Microsoft Excel 远程代码执行漏洞	Important
Microsoft Office	CVE-2020-1335	Microsoft Excel 远程代码执行漏洞	Important
Microsoft Office	CVE-2020-1338	Microsoft Word 远程代码执行漏洞	Important
Microsoft Office	CVE-2020-1440	Microsoft SharePoint Server Tampering Vulnerability	Important
Microsoft Office	CVE-2020-1482	Microsoft Office SharePoint XSS漏洞	Important
Microsoft Office	CVE-2020-1514	Microsoft Office SharePoint XSS漏洞	Important
Microsoft Office	CVE-2020-1523	Microsoft SharePoint Server Tampering Vulnerability	Important
Microsoft Office	CVE-2020-1594	Microsoft Excel 远程代码执行漏洞	Important
Microsoft Office	CVE-2020-16851	OneDrive for Windows 权限提升漏洞	Important
Microsoft Office	CVE-2020-16852	OneDrive for Windows 权限提升漏洞	Important
Microsoft Office	CVE-2020-16853	OneDrive for Windows 权限提升漏洞	Important
Windows	CVE-2020-16854	Windows Kernel 信息披露漏洞	Important
Microsoft Office	CVE-2020-16855	Microsoft Office 信息披露漏洞	Important
Microsoft Dynamics	CVE-2020-16871	Microsoft Dynamics 365 (On-Premise) 跨站脚本漏洞	Important
Open Source Software	CVE-2020-16873	Xamarin.Forms 欺骗漏洞	Important
Microsoft Edge (Chromium-based)	CVE-2020-16884	Internet Explorer Browser Helper Object (BHO) 内存泄露漏洞	Important
SQL Server	CVE-2020-1044	SQL Server Reporting Services Security 功能绕过	Moderate

本文转载来源于绿盟科技安全情报。

上一篇: 【漏洞通告】 qemu-kvm 虚拟机逃逸漏洞（CVE-2020-14364）下一篇: Microsoft NetLogon远程特权提升漏洞（CVE-2020-1472）通告

关于我们

有孚云是上海有孚网络股份有限公司基于22年+数据中心服务经验，承载企业 IT 的核心基础设施，打造致力于为企业提供高可用、高品质的云计算产品和服务平台。

发展历程

关于微软2020年9月多个产品爆出安全漏洞的通告

摘要