真情服務(wù)  厚德載物
      今天是:
      聯(lián)系我們

      市場(chǎng)部:0564-3227239
      技術(shù)部:0564-3227237
      財(cái)務(wù)部: 0564-3227034
      公司郵箱:lachs@126.com
      技術(shù)郵箱:cc1982@163.com
      地址:六安市淠望路103號(hào)

      技術(shù)分類
      推薦資訊
      當(dāng)前位置:首 頁 > 技術(shù)中心 > 安全產(chǎn)品 > 查看信息
      多個(gè)產(chǎn)品高危漏洞!微軟發(fā)布6月安全更新
      作者:永辰科技  來源:綠盟科技  發(fā)表時(shí)間:2020-6-29 16:42:57  點(diǎn)擊:2500

      北京時(shí)間6月10日,微軟發(fā)布6月安全更新補(bǔ)丁,修復(fù)了130個(gè)安全問題,涉及Microsoft Windows、Internet Explorer、Microsoft Edge、Windows Defender、Microsoft Office、Visual Studio、Adobe Flash Player等廣泛使用的產(chǎn)品,其中包括內(nèi)存泄露和遠(yuǎn)程代碼執(zhí)行等高危漏洞類型。

      本月微軟月度更新修復(fù)的漏洞中,嚴(yán)重程度為關(guān)鍵(Critical)的漏洞共有12個(gè),重要(Important)漏洞有118個(gè)。

      這是微軟有史以來在一個(gè)月內(nèi)發(fā)布CVE數(shù)量最多的一次,其中Windows SMB 遠(yuǎn)程代碼執(zhí)行漏洞(CVE-2020-1301)與Windows SMBv3 客戶端/服務(wù)器信息泄漏漏洞(CVE-2020-1206)的PoC已公開,請(qǐng)相關(guān)用戶及時(shí)更新補(bǔ)丁進(jìn)行防護(hù),詳細(xì)漏洞列表請(qǐng)參考附錄。

      參考鏈接:

      https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jun

      重點(diǎn)漏洞簡述

      根據(jù)產(chǎn)品流行度和漏洞重要性篩選出此次更新中包含影響較大的漏洞,請(qǐng)相關(guān)用戶重點(diǎn)進(jìn)行關(guān)注:

      • CVE-2020-1206(PoC已公開):Windows SMBv3 客戶端/服務(wù)器信息泄漏漏洞

      Microsoft Server Message Block 3.1.1 (SMBv3)協(xié)議在處理某些請(qǐng)求時(shí)存在信息泄露漏洞,未經(jīng)身份驗(yàn)證的攻擊者可通過向目標(biāo)SMB服務(wù)器發(fā)送特殊設(shè)計(jì)的數(shù)據(jù)包,或配置一個(gè)惡意的 SMBv3 服務(wù)器并誘導(dǎo)用戶連接。攻擊者利用此漏洞可獲取到敏感信息。

      與SMBv3Ghost有關(guān)的內(nèi)容可參考:https://mp.weixin.qq.com/s/q3dL6YI0K-cFLbNzySabHQ

      官方通告鏈接:

      https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1206

      • CVE-2020-1301(PoC已公開):Windows SMB 遠(yuǎn)程代碼執(zhí)行漏洞

      Microsoft Server Message Block 1.0 (SMBv1) 服務(wù)器在處理某些請(qǐng)求時(shí)存在遠(yuǎn)程代碼執(zhí)行漏洞,經(jīng)過身份驗(yàn)證的攻擊者向目標(biāo) SMBv1 服務(wù)器發(fā)送特殊設(shè)計(jì)的數(shù)據(jù)包,成功利用此漏洞的攻擊者可在目標(biāo)系統(tǒng)上執(zhí)行代碼。

      微軟已在 2014 年棄用了 SMBv1 協(xié)議,在 Windows 10 中 默認(rèn)禁用SMBv1 。檢測(cè)與禁用 SMB協(xié)議請(qǐng)參考官方文檔:https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3

      官方通告鏈接:

      https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1301

      • CVE-2020-1281:Windows OLE 遠(yuǎn)程代碼執(zhí)行漏洞

      由于Microsoft Windows OLE 無法正確驗(yàn)證用戶輸入,攻擊者可以誘使用戶在網(wǎng)頁或電子郵件中打開特殊設(shè)計(jì)的文件或程序,從而利用此漏洞來執(zhí)行惡意代碼。

      官方通告鏈接:

      https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1281

      • CVE-2020-1300:Windows 遠(yuǎn)程執(zhí)行代碼漏洞

      由于Microsoft Windows 無法正確處理 cabinet 文件,攻擊者可誘使用戶打開特殊設(shè)計(jì)的 cabinet 文件或誘騙用戶安裝偽裝成打印機(jī)驅(qū)動(dòng)程序的惡意 cabinet 文件,從而利用此漏洞執(zhí)行任意代碼。

      官方通告鏈接:

      https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1300

      • CVE-2020-1181:Microsoft SharePoint Server 遠(yuǎn)程代碼執(zhí)行漏洞

      由于SharePoint Server無法正確識(shí)別和篩選不安全的 ASP.NET Web 控件,經(jīng)過身份驗(yàn)證的攻擊者通過上傳一個(gè)特別制作的頁面到SharePoint服務(wù)器,可成功利用此漏洞在服務(wù)器上執(zhí)行任意代碼。

      官方通告鏈接:

      https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1181

      • CVE-2020-1225/1226:Microsoft Excel 遠(yuǎn)程代碼執(zhí)行漏洞

      由于Microsoft Excel無法正確處理內(nèi)存中的對(duì)象,導(dǎo)致存在遠(yuǎn)程代碼執(zhí)行漏洞。攻擊者通過誘使用戶使用受影響版本的Microsoft Excel打開經(jīng)過特殊設(shè)計(jì)的文件進(jìn)行利用。成功利用此漏洞的攻擊者可以獲得與當(dāng)前用戶相同的系統(tǒng)控制權(quán)限。

      官方通告鏈接:

      https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1225

      https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1226

      • CVE-2020-1248:GDI 遠(yuǎn)程代碼執(zhí)行漏洞

      Windows 圖形設(shè)備接口 (GDI) 在處理內(nèi)存中對(duì)象的方式中存在遠(yuǎn)程代碼執(zhí)行漏洞。攻擊者可以利用該漏洞精心制作一個(gè)惡意網(wǎng)站或惡意文件,并通過釣魚郵件等方式誘導(dǎo)用戶點(diǎn)擊鏈接或打開附件。成功利用此漏洞的攻擊者可能會(huì)控制受影響的系統(tǒng)。

      官方通告鏈接:

      https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1248

      • CVE-2020-1299:LNK 遠(yuǎn)程代碼執(zhí)行漏洞

      Windows 在處理 .LNK 文件時(shí)存在一個(gè)遠(yuǎn)程代碼執(zhí)行漏洞,攻擊者可能會(huì)向用戶顯示包含惡意 .LNK 文件和關(guān)聯(lián)的惡意二進(jìn)制文件的可移除驅(qū)動(dòng)器或遠(yuǎn)程共享,成功利用此漏洞的攻擊者可獲得與本地用戶相同的系統(tǒng)權(quán)限。

      官方通告鏈接:

      https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1299

      • ADV200010| CVE-2020-9633: Adobe Flash Player 任意代碼執(zhí)行漏洞

      此安全更新修復(fù)了 Adobe 安全公告 APSB20-30 中描述的漏洞(CVE-2020-9633),此漏洞影響Windows、MacOS、Linux和ChromeOS,成功利用該漏洞可在當(dāng)前用戶的環(huán)境中執(zhí)行任意代碼。

      官方通告鏈接:

      https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200010

      https://helpx.adobe.com/cn/security/products/flash-player/apsb20-30.html

      影響范圍

      以下為重點(diǎn)關(guān)注漏洞的受影響產(chǎn)品版本,其他漏洞影響產(chǎn)品范圍請(qǐng)參閱官方通告鏈接。

      漏洞編號(hào) 受影響產(chǎn)品版本
      CVE-2020-1206 Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
      CVE-2020-1301CVE-2020-1281CVE-2020-1300 Windows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for Itanium-Based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016  (Server Core installation)Windows Server 2019Windows Server 2019  (Server Core installation)Windows Server, version 1803  (Server Core Installation)Windows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
      CVE-2020-1181 Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2010 Service Pack 2Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Server 2019
      CVE-2020-1225CVE-2020-1226 Microsoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft 365 Apps for Enterprise for 64-bit SystemsMicrosoft Excel 2010 Service Pack 2 (32-bit editions)Microsoft Excel 2010 Service Pack 2 (64-bit editions)Microsoft Excel 2013 RT Service Pack 1Microsoft Excel 2013 Service Pack 1 (32-bit editions)Microsoft Excel 2013 Service Pack 1 (64-bit editions)Microsoft Excel 2016 (32-bit edition)Microsoft Excel 2016 (64-bit edition)Microsoft Office 2016 for MacMicrosoft Office 2019 for 32-bit editionsMicrosoft Office 2019 for 64-bit editionsMicrosoft Office 2019 for Mac
      CVE-2020-1248 Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
      CVE-2020-1299 Windows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016  (Server Core installation)Windows Server 2019Windows Server 2019  (Server Core installation)Windows Server, version 1803  (Server Core Installation)Windows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
      ADV200010 |CVE-2020-9633 Windows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows Server 2019Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows Server 2016Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2012Windows Server 2012 R2Windows 10 Version 2004 for x64-based SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit Systems

      漏洞防護(hù)

      補(bǔ)丁更新

      目前微軟官方已針對(duì)受支持的產(chǎn)品版本發(fā)布了修復(fù)以上漏洞的安全補(bǔ)丁,強(qiáng)烈建議受影響用戶盡快安裝補(bǔ)丁進(jìn)行防護(hù),官方下載鏈接:

      https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jun

      注:由于網(wǎng)絡(luò)問題、計(jì)算機(jī)環(huán)境問題等原因,Windows Update的補(bǔ)丁更新可能出現(xiàn)失敗。用戶在安裝補(bǔ)丁后,應(yīng)及時(shí)檢查補(bǔ)丁是否成功更新。

      右鍵點(diǎn)擊Windows圖標(biāo),選擇“設(shè)置(N)”,選擇“更新和安全”-“Windows更新”,查看該頁面上的提示信息,也可點(diǎn)擊“查看更新歷史記錄”查看歷史更新情況。

      針對(duì)未成功安裝的更新,可點(diǎn)擊更新名稱跳轉(zhuǎn)到微軟官方下載頁面,建議用戶點(diǎn)擊該頁面上的鏈接,轉(zhuǎn)到“Microsoft更新目錄”網(wǎng)站下載獨(dú)立程序包并安裝。

       
       
       
      合作伙伴
      微軟中國 | 聯(lián)想集團(tuán) | IBM | 蘋果電腦 | 浪潮集團(tuán) | 惠普中國 | 深信服 | 愛數(shù)軟件 | 華為
      六安市永辰科技有限公司 版權(quán)所有 © Copyright 2010-2021 All Rights 六安市淠望路103號(hào) 最佳瀏覽效果 IE8或以上瀏覽器
      訪問量:3038027    皖I(lǐng)CP備11014188號(hào)-1
      国产日韩欧美亚洲,免费AV一区二区三区播放,国产亚洲日韩欧美日本,欧美精品二三区