2020-05 补丁日: 微软多个产品高危漏洞安全风险通告
2020.5.14
摘要
2020年05月13日, 微软官方 发布了 5月份 的风险通告,风险等级:高危。
此次安全更新发布了 111 个漏洞的补丁,主要涵盖了 Windows操作系统、IE/Edge浏览器、ChakraCore、Dynamics、Visual Studio、Android 应用程序,.Net 框架、Office及Office服务和Web应用、微软恶意软件防护引擎。
0x01 漏洞背景
2020年05月13日, 微软官方 发布了 5月份 的风险通告,风险等级:高危。
此次安全更新发布了 111 个漏洞的补丁,主要涵盖了 Windows操作系统、IE/Edge浏览器、ChakraCore、Dynamics、Visual Studio、Android 应用程序,.Net 框架、Office及Office服务和Web应用、微软恶意软件防护引擎。
其中包括 16 个严重漏洞,95 个高危漏洞。其中Win32k 特权提升(CVE-2020-1054)漏洞的PoC已公开,请相关用户及时更新补丁进行防护,详细漏洞列表请参考附录。
对此,建议广大用户及时安装最新补丁,做好资产自查以及预防工作,以免遭受黑客攻击。
0x02 风险等级
该事件的评定结果如下
评定方式 | 等级 |
威胁等级 | 高危 |
影响面 | 广泛 |
0x03 漏洞详情
根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:
CVE-2020-1054(PoC已公开)/CVE-2020-1143:Win32k 特权提升漏洞
由于Windows kernel-mode driver未能正确处理内存中的对象,导致存在两个特权提升漏洞。攻击者可通过登录目标系统并运行特制的应用程序来进行利用,成功利用此漏洞的攻击者可以在系统内核模式中执行任意代码。
官方通告链接:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1054
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1143
CVE-2020-1062:Internet Explorer 内存损坏漏洞
当 Internet Explorer 不正确地访问内存中的对象时,存在远程执行代码漏洞。该漏洞可能以一种攻击者可以在当前用户的上下文中执行任意代码的方式损坏内存。成功利用该漏洞的攻击者可以获得与当前用户相同的用户权限。当用户访问一个特别设计的、由攻击者控制的web页面时,可能会触发此漏洞。
官方通告链接:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1062
CVE-2020-1023、CVE-2020-1024、CVE-2020–1102和CVE-2020-1069:Microsoft SharePoint 远程执行代码漏洞
以上4个为微软SharePoint中的远程代码执行漏洞。攻击者可以利用此类漏洞获得在受影响终端或服务器上执行任意代码的能力。由于SharePoint无法检查应用程序包的源标记,前3个漏洞可以诱导用户打开一个特别制作的SharePoint应用程序文件从而进行利用。由于SharePoint Server无法正确识别和筛选不安全的 ASP.NET Web 控件,经过身份验证的攻击者通过上传一个特别制作的页面到SharePoint服务器,可成功利用CVE-2020-1069漏洞。
官方通告链接:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1024
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1102
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1069
CVE-2020-1071: Windows 远程访问会话权限提示漏洞
Windows处理“远程访问通用对话框”相关的错误时,存在一枚权限提升漏洞。
该漏洞需要攻击者物理接触到相关设备。成功利用此漏洞的攻击者可以以高权限运行任意代码。并取得该设备的完全控制权限。
CVE-2020-1135: Windows 图形化组件权限提示漏洞
Windows 图形化组件中存在一个 UAF 漏洞。
该漏洞需要攻击者取得基础的系统登录权限。成功利用此漏洞的攻击者从普通用户权限提升为 SYSTEM (最高权限)。
CVE-2020-1067: Windows 远程代码执行漏洞
Windows 操作系统处理内存对象的过程中存在一枚远程代码执行漏洞。
该漏洞需要攻击者取得一个域用户账户。成功利用此漏洞的攻击者可以在受影响的操作系统上以更高的权限执行任意代码。并取得该设备的完全控制权限。
CVE-2020-1153:Microsoft 图形组件远程代码执行漏洞
Microsoft Graphics Components在处理内存对象的过程中存在远程代码执行漏洞。攻击者可通过诱导用户打开特制文件来利用此漏洞,成功利用此漏洞的攻击者可在目标系统上执行任意代码。
官方通告链接:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1153
CVE-2020-1118: Windows传输层安全拒绝服务漏洞
Windows 的 Diffie-Hellman 协议实现中存在一枚 空指针解引用漏洞。
该漏洞需要攻击者与受影响的系统进行TLS通信。攻击者可以通过在TLS握手期间发送恶意的客户端密钥交换消息来触发此漏洞。成功利用此漏洞可造成对应设备停机以及 lsass.exe 进程终止。从而导致拒绝服务。
该漏洞同时影响TLS客户端和TLS服务端。
CVE-2020-0901: Excel 远程代码执行漏洞
Excel 在处理内存对象的过程中存在一枚远程代码执行漏洞。
该漏洞需要攻击者诱导用户打开特制的 Excel 文档。成功利用此漏洞的攻击者可以获得与被攻击用户相同等级的系统控制权限。
0x04 影响版本
仅针对高危漏洞以及详细信息已经公开的漏洞进行说明,本次更新的全部漏洞情况请自行参考参考链接中的内容进行核对。
编号 | 描述 | 公开状态 | 在野利用 | 导致结果 |
Chakra 脚本引擎内存破坏 | 未公开 | 不存在 | 远程代码执行 | |
Internet Explorer 内存破坏 | 未公开 | 不存在 | 远程代码执行 | |
Media Foundation 内存破坏 | 未公开 | 不存在 | 远程代码执行 | |
Media Foundation 内存破坏 | 未公开 | 不存在 | 远程代码执行 | |
Media Foundation 内存破坏 | 未公开 | 不存在 | 远程代码执行 | |
Microsoft Color Management 远程代码执行 | 未公开 | 不存在 | 远程代码执行 | |
Microsoft Edge 特权提升 | 未公开 | 不存在 | 权限提升 | |
Microsoft Graphics Components 远程代码执行 | 未公开 | 不存在 | 远程代码执行 | |
Microsoft SharePoint 远程代码执行 | 未公开 | 不存在 | 远程代码执行 | |
Microsoft SharePoint 远程代码执行 | 未公开 | 不存在 | 远程代码执行 | |
Microsoft SharePoint 远程代码执行 | 未公开 | 不存在 | 远程代码执行 | |
Microsoft SharePoint Server 远程代码执行 | 未公开 | 不存在 | 远程代码执行 | |
MSHTML Engine 远程代码执行 | 未公开 | 不存在 | 远程代码执行 | |
Scripting Engine 内存破坏 | 未公开 | 不存在 | 远程代码执行 | |
VBScript 远程代码执行 | 未公开 | 不存在 | 远程代码执行 | |
Visual Studio Code Python 插件远程代码执行 | 未公开 | 不存在 | 远程代码执行 |
以下为重点关注漏洞的受影响产品版本,其他漏洞影响产品范围请参阅官方通告链接。
漏洞编号 | 受影响产品版本 |
CVE-2020-1054 CVE-2020-1143 CVE-2020-1067 CVE-2020-1153 | Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server, version 1803 (Server Core Installation) Windows Server, version 1903 (Server Core installation) Windows Server, version 1909 (Server Core installation) |
CVE-2020-1062 | Internet Explorer 11: Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2012 Windows Server 2012 R2 |
Internet Explorer 9: Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 | |
CVE-2020-1023 CVE-2020-1024 CVE-2020-1069 | Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019 |
CVE-2020–1102 | Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 |
CVE-2020-0901 | Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Office 2016 for Mac Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac |
0x05 修复建议
通用修补建议
应及时进行Microsoft Windows版本更新并且保持Windows自动更新开启。
Windows server / Windows 检测并开启Windows自动更新流程如下
· 点击开始菜单,在弹出的菜单中选择“控制面板”进行下一步。
· 点击控制面板页面中的“系统和安全”,进入设置。
· 在弹出的新的界面中选择“windows update”中的“启用或禁用自动更新”。
· 然后进入设置窗口,展开下拉菜单项,选择其中的自动安装更新(推荐)。
手动升级方案:
通过如下链接自行寻找符合操作系统版本的漏洞补丁,并进行补丁下载安装。目前微软官方已针对受支持的产品版本发布了修复以上漏洞的安全补丁,强烈建议受影响用户尽快安装补丁进行防护,官方下载链接:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-May
注:由于网络问题、计算机环境问题等原因,Windows Update的补丁更新可能出现失败。用户在安装补丁后,应及时检查补丁是否成功更新。
右键点击Windows图标,选择“设置(N)”,选择“更新和安全”-“Windows更新”,查看该页面上的提示信息,也可点击“查看更新历史记录”查看历史更新情况。
针对未成功安装的更新,可点击更新名称跳转到微软官方下载页面,建议用户点击该页面上的链接,转到“Microsoft更新目录”网站下载独立程序包并安装。
0x06 参考链接
Zero Day Initiative — The May 2020 Security Update Review
0x07 漏洞列表
影响产品 | CVE 编号 | 漏洞标题 | 严重程度 |
Microsoft Graphics Component | CVE-2020-1117 | Microsoft Color Management 远程代码执行漏洞 | Critical |
Microsoft Graphics Component | CVE-2020-1153 | Microsoft Graphics Components 远程代码执行漏洞 | Critical |
Microsoft Office SharePoint | CVE-2020-1023 | Microsoft SharePoint 远程代码执行漏洞 | Critical |
Microsoft Office SharePoint | CVE-2020-1024 | Microsoft SharePoint 远程代码执行漏洞 | Critical |
Microsoft Scripting Engine | CVE-2020-1037 | Chakra Scripting Engine 内存破坏漏洞 | Critical |
Microsoft Office SharePoint | CVE-2020-1069 | Microsoft SharePoint Server 远程代码执行漏洞 | Critical |
Microsoft Office SharePoint | CVE-2020-1102 | Microsoft SharePoint 远程代码执行漏洞 | Critical |
Microsoft Scripting Engine | CVE-2020-1065 | Scripting Engine 内存破坏漏洞 | Critical |
Microsoft Windows | CVE-2020-1028 | Media Foundation 内存破坏漏洞 | Critical |
Microsoft Windows | CVE-2020-1126 | Media Foundation 内存破坏漏洞 | Critical |
Microsoft Windows | CVE-2020-1136 | Media Foundation 内存破坏漏洞 | Critical |
Visual Studio | CVE-2020-1192 | Visual Studio Code Python Extension 远程代码执行漏洞 | Critical |
Internet Explorer | CVE-2020-1064 | MSHTML Engine 远程代码执行漏洞 | Critical |
Internet Explorer | CVE-2020-1093 | VBScript 远程代码执行漏洞 | Critical |
Microsoft Edge | CVE-2020-1056 | Microsoft Edge 特权提升漏洞 | Critical |
Internet Explorer | CVE-2020-1062 | Internet Explorer 内存破坏漏洞 | Critical |
.NET Core | CVE-2020-1108 | .NET Core & .NET Framework 拒绝服务漏洞 | Important |
.NET Core | CVE-2020-1161 | ASP.NET Core 拒绝服务漏洞 | Important |
.NET Framework | CVE-2020-1066 | .NET Framework 特权提升漏洞 | Important |
Active Directory | CVE-2020-1055 | Microsoft Active Directory Federation Services 跨站脚本漏洞 | Important |
Common Log File System Driver | CVE-2020-1154 | Windows Common Log File System Driver 特权提升漏洞 | Important |
Microsoft Dynamics | CVE-2020-1063 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important |
Microsoft Edge | CVE-2020-1059 | Microsoft Edge 欺骗漏洞 | Important |
Microsoft Edge | CVE-2020-1096 | Microsoft Edge PDF 远程代码执行漏洞 | Important |
Microsoft Graphics Component | CVE-2020-0963 | Windows GDI 信息泄露漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1054 | Win32k 特权提升漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1135 | Windows Graphics Component 特权提升漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1140 | DirectX 特权提升漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1179 | Windows GDI 信息泄露漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1141 | Windows GDI 信息泄露漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1142 | Windows GDI 特权提升漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1145 | Windows GDI 信息泄露漏洞 | Important |
Microsoft JET Database Engine | CVE-2020-1175 | Jet Database Engine 远程代码执行漏洞 | Important |
Microsoft JET Database Engine | CVE-2020-1051 | Jet Database Engine 远程代码执行漏洞 | Important |
Microsoft JET Database Engine | CVE-2020-1174 | Jet Database Engine 远程代码执行漏洞 | Important |
Microsoft JET Database Engine | CVE-2020-1176 | Jet Database Engine 远程代码执行漏洞 | Important |
Microsoft Office | CVE-2020-0901 | Microsoft Excel 远程代码执行漏洞 | Important |
Microsoft Office SharePoint | CVE-2020-1099 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-1101 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-1107 | Microsoft SharePoint 欺骗漏洞 | Important |
Microsoft Office SharePoint | CVE-2020-1100 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-1103 | Microsoft SharePoint 信息泄露漏洞 | Important |
Microsoft Office SharePoint | CVE-2020-1104 | Microsoft SharePoint 欺骗漏洞 | Important |
Microsoft Office SharePoint | CVE-2020-1105 | Microsoft SharePoint 欺骗漏洞 | Important |
Microsoft Office SharePoint | CVE-2020-1106 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Windows | CVE-2020-1021 | Windows Error Reporting 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1010 | Microsoft Windows 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1048 | Windows Print Spooler 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1071 | Windows Remote Access Common Dialog 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1076 | Windows 拒绝服务漏洞 | Important |
Microsoft Windows | CVE-2020-1078 | Windows Installer 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1084 | Connected User Experiences and Telemetry Service 拒绝服务漏洞 | Important |
Microsoft Windows | CVE-2020-1116 | Windows CSRSS 信息泄露漏洞 | Important |
Microsoft Windows | CVE-2020-1118 | Microsoft Windows Transport Layer Security 拒绝服务漏洞 | Important |
Microsoft Windows | CVE-2020-1124 | Windows State Repository Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1134 | Windows State Repository Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1137 | Windows Push Notification Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1138 | Windows Storage Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1143 | Win32k 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1144 | Windows State Repository Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1149 | Windows Runtime 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1150 | Media Foundation 内存破坏漏洞 | Important |
Microsoft Windows | CVE-2020-1151 | Windows Runtime 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1155 | Windows Runtime 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1156 | Windows Runtime 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1157 | Windows Runtime 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1158 | Windows Runtime 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1186 | Windows State Repository Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1189 | Windows State Repository Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1190 | Windows State Repository Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1067 | Windows 远程代码执行漏洞 | Important |
Microsoft Windows | CVE-2020-1068 | Microsoft Windows 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1070 | Windows Print Spooler 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1072 | Windows Kernel 信息泄露漏洞 | Important |
Microsoft Windows | CVE-2020-1077 | Windows Runtime 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1079 | Microsoft Windows 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1081 | Windows Printer Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1082 | Windows Error Reporting 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1086 | Windows Runtime 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1088 | Windows Error Reporting 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1090 | Windows Runtime 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1111 | Windows Clipboard Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1112 | Windows Background Intelligent Transfer Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1121 | Windows Clipboard Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1123 | Connected User Experiences and Telemetry Service 拒绝服务漏洞 | Important |
Microsoft Windows | CVE-2020-1125 | Windows Runtime 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1131 | Windows State Repository Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1132 | Windows Error Reporting Manager 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1139 | Windows Runtime 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1164 | Windows Runtime 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1165 | Windows Clipboard Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1166 | Windows Clipboard Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1184 | Windows State Repository Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1185 | Windows State Repository Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1187 | Windows State Repository Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1188 | Windows State Repository Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1191 | Windows State Repository Service 特权提升漏洞 | Important |
Power BI | CVE-2020-1173 | Microsoft Power BI Report Server 欺骗漏洞 | Important |
Visual Studio | CVE-2020-1171 | Visual Studio Code Python Extension 远程代码执行漏洞 | Important |
Windows Hyper-V | CVE-2020-0909 | Windows Hyper-V 拒绝服务漏洞 | Important |
Windows Kernel | CVE-2020-1114 | Windows Kernel 特权提升漏洞 | Important |
Windows Kernel | CVE-2020-1087 | Windows Kernel 特权提升漏洞 | Important |
Windows Scripting | CVE-2020-1061 | Microsoft Script Runtime 远程代码执行漏洞 | Important |
Windows Subsystem for Linux | CVE-2020-1075 | Windows Subsystem for Linux 信息泄露漏洞 | Important |
Windows Task Scheduler | CVE-2020-1113 | Windows Task Scheduler 安全功能绕过漏洞 | Important |
Windows Update Stack | CVE-2020-1110 | Windows Update Stack 特权提升漏洞 | Important |
Windows Update Stack | CVE-2020-1109 | Windows Update Stack 特权提升漏洞 | Important |
Internet Explorer | CVE-2020-1092 | Internet Explorer 内存破坏漏洞 | Important |
Microsoft Scripting Engine | CVE-2020-1035 | VBScript 远程代码执行漏洞 | Important |
Microsoft Scripting Engine | CVE-2020-1058 | VBScript 远程代码执行漏洞 | Important |
Microsoft Scripting Engine | CVE-2020-1060 | VBScript 远程代码执行漏洞 | Important |
沪公网安备31011502401057号