唯嘉利亚云安全 提供服务器维护、网站开发,网站安全运维,安全托管等服务!

微软2019年2月安全补丁更新说明


文章来源:唯嘉利亚云安全   发布时间: 2019-04-24  已有 325 人 阅读

【漏洞详情】
严重漏洞(20个):
CVE-2019-0590 – Microsoft scripting engine memory corruption vulnerability
CVE-2019-0591 – Microsoft scripting engine memory corruption vulnerability
CVE-2019-0593 – Microsoft scripting engine memory corruption vulnerability
CVE-2019-0640 – Microsoft scripting engine memory corruption vulnerability
CVE-2019-0642 – Microsoft scripting engine memory corruption vulnerability
CVE-2019-0644 – Microsoft scripting engine memory corruption vulnerability
CVE-2019-0651 – Microsoft scripting engine memory corruption vulnerability
CVE-2019-0652 – Microsoft scripting engine memory corruption vulnerability
CVE-2019-0655 – Microsoft scripting engine memory corruption vulnerability
CVE-2019-0606 – Microsoft scripting engine memory corruption vulnerability
CVE-2019-0645 – Microsoft Edge memory corruption vulnerability
CVE-2019-0650 – Microsoft Edge memory corruption vulnerability
CVE-2019-0594 – Microsoft SharePoint remote code execution vulnerability
CVE-2019-0604 – Microsoft SharePoint remote code execution vulnerability
CVE-2019-0605 – Microsoft Edge remote code execution vulnerability
CVE-2019-0607 – Microsoft Edge remote code execution vulnerability
CVE-2019-0618 – Windows Graphics Device Interface (GDI) remote code execution vulnerability
CVE-2019-0626 – Windows Server DHCP service memory corruption vulnerability
CVE-2019-0634 – Microsoft Edge remote code execution vulnerability
CVE-2019-0662 – Windows Graphics Device Interface (GDI) remote code execution vulnerability
重要漏洞(44个):
CVE-2019-0540 – Microsoft Office security feature bypass vulnerability
CVE-2019-0595 – Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0596 – Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0597 – Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0598 – Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0599 – Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0600 – Human Interface Devices (HID) information disclosure vulnerability
CVE-2019-0601 – Human Interface Devices (HID) information disclosure vulnerability
CVE-2019-0602 – Windows GDI information disclosure vulnerability
CVE-2019-0610 – Microsoft Edge remote code execution vulnerability
CVE-2019-0613 – .NET Framework and Visual Studio remote code execution vulnerability
CVE-2019-0615 – Windows GDI information disclosure vulnerability
CVE-2019-0616 – Windows GDI information disclosure vulnerability
CVE-2019-0619 – Windows GDI information disclosure vulnerability
CVE-2019-0623 – Win32k elevation of privilege vulnerability
CVE-2019-0625 – Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0627 – Windows security feature bypass vulnerability
CVE-2019-0628 – win32k information disclosure vulnerability
CVE-2019-0630 – Microsoft Server Message Block 2.0 (SMBv2) server remote code execution vulnerability
CVE-2019-0631 – Windows security feature bypass vulnerability
CVE-2019-0632 – Windows security feature bypass vulnerability
CVE-2019-0633 – Microsoft Server Message Block 2.0 (SMBv2) server remote code execution vulnerability
CVE-2019-0635 – Windows Hyper-V information disclosure vulnerability
CVE-2019-0636 – Windows information vulnerability
CVE-2019-0637 – Windows Defender Firewall security feature bypass vulnerability
CVE-2019-0648 – An information disclosure vulnerability
CVE-2019-0649 – Microsoft Chakra JIT server vulnerability
CVE-2019-0654 – Microsoft browsers spoofing vulnerability
CVE-2019-0656 – Windows kernel elevation of privilege vulnerability
CVE-2019-0657 – .Net Framework API’s and Visual Studio vulnerability
CVE-2019-0658 – Microsoft Edge information disclosure vulnerability
CVE-2019-0659 – Storage Service elevation of privilege vulnerability
CVE-2019-0660 – Windows GDI information disclosure vulnerability
CVE-2019-0661 – Windows kernel information disclosure vulnerability
CVE-2019-0664 – Windows GDI information disclosure vulnerability
CVE-2019-0668 – Microsoft SharePoint Server elevation of privilege vulnerability
CVE-2019-0671 – Microsoft Office Access Connectivity Engine remote code execution vulnerability
CVE-2019-0672 – Microsoft Office Access Connectivity Engine remote code execution vulnerability
CVE-2019-0673 – Microsoft Office Access Connectivity Engine remote code execution vulnerability
CVE-2019-0674 – Microsoft Office Access Connectivity Engine remote code execution vulnerability
CVE-2019-0675 – Microsoft Office Access Connectivity Engine remote code execution vulnerability
CVE-2019-0676 – Internet Explorer information disclosure vulnerability
CVE-2019-0686 – Microsoft Exchange Server elevation of privilege vulnerability
CVE-2019-0728 – Visual Studio Code remote code execution vulnerability
【风险等级】
   高风险
【漏洞风险】
  代码执行、权限提升、安全绕过以及信息泄露
【影响版本】
目前已知受影响产品如下:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office
ChakraCore
.NET Framework
Microsoft Exchange Server
Microsoft Visual Studio
【修复建议】
目前微软官方均已发布漏洞修复更新,腾讯云安全团队建议您:
1)不要打开来历不明的文件或者链接,避免被被攻击者利用在机器上执行恶意代码;
2)打开Windows Update更新功能,点击“检查更新”,根据业务情况开展评估,下载安装相应的安全补丁;
3)补丁更新完毕后,重启系统生效,并观察系统及业务运行状态;
您也可以直接通过微软官方链接进行下载安装,补丁下载地址:https://portal.msrc.microsoft.com/en-us/security-guidance
【备注】建议您在安装补丁前做好数据备份工作,避免出现意外。
【漏洞参考】

【版权声明】:除非注明,唯嘉利亚云安全文章均为原创,转载请以链接形式标明本文标题和地址
原文标题:微软2019年2月安全补丁更新说明
原文地址:https://www.vgaliya.com/safety-1489.html


文章标签: