Posted on Leave a comment

Microsoft 產品或元件的多個漏洞 (2019年1月)

Microsoft 發布了安全性更新,以應對多個影響個別 Microsoft 產品或元件的多個漏洞。有關安全性更新的列表,請參考以下網址:
https://support.microsoft.com/en-us/help/20190108/security-update-deployment-information

 

受影響的系統:

  • Adobe Flash Player
  • Microsoft Internet Explorer 9, 10, 11
  • Microsoft Edge
  • Microsoft Windows 7, 8.1, RT 8.1, 10
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
  • Microsoft Windows Server, version 1709, version 1803
  • Microsoft Office 2010, 2013, 2013 RT, 2016, 2016 for Mac, 2019, 2019 for Mac
  • Microsoft Office Online Server
  • Microsoft Office Web Apps Server 2010
  • Microsoft Office Word Viewer
  • Office 365 ProPlus
  • Microsoft Word 2010, 2013, 2013 RT, 2016
  • Word Automation Services
  • Microsoft Excel Viewer 2007
  • Microsoft SharePoint Enterprise Server 2013, 2016
  • Microsoft SharePoint Server 2019
  • Microsoft Exchange Server 2010, 2013, 2016, 2019
  • Microsoft Outlook 2010, 2013, 2013 RT, 2016
  • Microsoft .NET Framework 2.0, 3.0, 3.5, 3.5.1, 3.5.2, 4.6. 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2,
  • Microsoft Business Productivity Servers 2010
  • Microsoft Visual Studio 2010, 2012, 2017
  • .NET Core 2.1, 2.2
  • ASP.NET Core 2.1, 2.2
  • ChakraCore
  • Skype 8.35 when installed on Android Devices

有關受影響產品的完整列表,請參考以下網址:
https://portal.msrc.microsoft.com/en-us/security-guidance

 

影響:

成功利用這些漏洞可以導致遠端執行程式碼、權限提升、泄漏資訊、阻斷服務或仿冒詐騙,視乎攻擊者利用哪個漏洞而定。

 

建議:

受影響產品的修補程式可在 Windows Update 或 Microsoft Update Catalog 獲取。受影響系統的用戶應遵從產品供應商的建議,立即採取行動以降低風險。

 

進一步資訊:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b4384b95-e6d2-e811-a983-000d3a33c573
https://support.microsoft.com/en-us/help/20190108/security-update-deployment-information
https://www.hkcert.org/my_url/zh/alert/19010901
https://www.us-cert.gov/ncas/current-activity/2019/01/08/Microsoft-Releases-January-2019-Security-Updates
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0536 (to CVE-2019-0539)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0545 (to CVE-2019-0562)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0564 (to CVE-2019-0586)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0588
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0622

發表回覆