+38/044/257-2444
+38/067/502-3306
+38/050/370-3627
Новости

Microsoft выпустила обновления безопасности за апрель 2019

Microsoft выпустила обновления безопасности за апрель 2019

Microsoft выпустила обновления безопасности для следующих продуктов: Windows, Windows Server, Microsoft Edge, Internet Explorer, Office, SharePoint Server, Exchange Server, Team Foundation Server, Azure DevOps Server, Open Enclave SDK, ASP.NET Core, Chakra Core, Windows Admin Center и Adobe Flash Player.

Информация об уровне критичности, потенциальном ущербе и соответствующих обновлениях, закрывающих данные уязвимости, представлена в таблице ниже:

Product Family Maximum Severity Maximum Impact Associated KB Articles and/or Support Webpages
Windows 10 v1809, v1803, v1709, v1703, v1607, Windows 10 for 32-bit Systems, and Windows 10 for x64-based Systems (not including Edge) Critical Remote Code Execution Windows 10 v1809 Security Update: 4493509

 

Windows 10 v1803 Security Update: 4493464

Windows 10 v1709 Security Update: 4493441

Windows 10 v1703 Security Update: 4493474

Windows 10 v1607 Security Update: 4493470

Windows 10 Security Update: 4493475

Windows Server 2019, Windows Server 2016, and Server Core installations (2019, 2016, v1803, and v1709) Critical Remote Code Execution Windows Server 2019 Security Update: 4493509

 

Windows Server 2016 Security Update: 4493470

Windows Server, version 1803 Security Update: 4493464

Windows Server, version 1709 Security Update: 4493441

Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 7, Windows Server 2008 R2, and Windows Server 2008 Critical Remote Code Execution Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 Monthly Rollup: 4493446

 

Windows 8.1 and Windows Server 2012 R2 Security Only: 4493467

Windows Server 2012 Monthly Rollup: 4493451

Windows Server 2012 Security Only: 4493450

Windows 7 and Windows Server 2008 R2 Monthly Rollup: 4493472

Windows 7 and Windows Server 2008 R2 Security Only: 4493448

Windows Server 2008 Monthly Rollup: 4493471

Windows Server 2008 Security Only: 4493458

Microsoft Edge Critical Remote Code Execution Microsoft Edge on Windows 10 v1809 and Microsoft Edge on Windows Server 2019 Security Update: 4493509

 

Microsoft Edge on Windows 10 v1803 Security Update: 4493464

Microsoft Edge on Windows 10 v1709 Security Update: 4493441

Microsoft Edge on Windows 10 v1703 Security Update: 4493474

Microsoft Edge on Windows Server 2016 and Microsoft Edge on Windows 10 v1607 Security Update: 4493470

Microsoft Edge on Windows 10 Security Update: 4493475

Internet Explorer Critical Remote Code Execution Internet Explorer 11 on Windows 10 v1809 and Internet Explorer 11 on Windows Server 2019 Security Update: 4493509

 

Internet Explorer 11 on Windows 10 v1803 Security Update: 4493464

Internet Explorer 11 on Windows 10 v1709 Security Update: 4493441

Internet Explorer 11 on Windows 10 v1703 Security Update: 4493474

Internet Explorer 11 on Windows Server 2016 and Internet Explorer 11 on Windows 10 v1607 Security Update: 4493470

Internet Explorer 11 on Windows 10 Security Update: 4493475

Internet Explorer 9 on Windows Server 2008, Internet Explorer 11 on Windows 7, Internet Explorer 11 on Windows Server 2008 R2, Internet Explorer 11 on Windows 8.1, Internet Explorer 11 on Windows Server 2012 R2, and Internet Explorer 10 on Windows Server 2012 IE Cumulative: 4493435

Internet Explorer 11 on Windows Server 2012 R2 Monthly Rollup: 4493446

Internet Explorer 11 on Windows 7 and Internet Explorer 11 on Windows Server 2008 R2 Monthly Rollup: 4493472

Internet Explorer 10 on Windows Server 2012 Monthly Rollup: 4493451

Internet Explorer 9 on Windows Server 2008 Monthly Rollup: 4493471

Microsoft Office-related software (including SharePoint) Important Remote Code Execution Microsoft Office 2016: 4462242, 4462213

 

Microsoft Office 2013: 4464504, 4462204

Microsoft Office 2013 RT: 4462204

Microsoft Office 2010: 4464520, 4462223

Microsoft Excel 2016: 4462236

Microsoft Excel 2013 and Excel 2013 RT: 4462209

Microsoft Excel 2010: 4462230

Microsoft SharePoint Server 2019: 4464518

Microsoft SharePoint Server 2010: 4464525

Microsoft SharePoint Enterprise Server 2016: 4464510

Microsoft SharePoint Enterprise Server 2013: 4464511

Microsoft SharePoint Foundation 2013: 4464515

Microsoft SharePoint Foundation 2010: 4464528

Microsoft Exchange Server Important Spoofing Microsoft Exchange Server 2019, Exchange Server 2016, Exchange Server 2013:4487563.

 

Microsoft Exchange Server 2010: 4491413.

ASP.NET Core Important Denial of Service Microsoft .NET, .NET Core, and ASP.NET Core downloads: https://dotnet.microsoft.com/download
Windows Admin Center Important Elevation of Privilege Windows Admin Center information and downloads: https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/overview
Team Foundation Server, Azure DevOps Server Important Elevation of Privilege Team Foundation Server is now called Azure DevOps Server. Find more information on Azure DevOps Server here: https://docs.microsoft.com/en-us/azure/devops/server/?view=azure-devops
Open Enclave SDK Important Information Disclosure Open Enclave SDK is an open-source project for building enclave applications in C and C++. More information is available at https://github.com/Microsoft/openenclave
ChakraCore Critical Remote Code Execution ChakraCore is the core part of Chakra, the high-performance JavaScript engine that powers Microsoft Edge and Windows applications written in HTML/CSS/JS. More information is available at https://github.com/Microsoft/ChakraCore/wiki and https://github.com/Microsoft/ChakraCore/releases/
Adobe Flash Player Critical Remote Code Execution Adobe Flash Player Security Update: 4493478
Adobe Flash Player Advisory: ADV190011

Обратите внимание

На следующие уязвимости и обновления безопасности следует обратить особое внимание:

Windows/Windows Server

CVE-2019-0786 – SMB Server Elevation of Privilege Vulnerability

CVE-2019-0803 – Win32k Elevation of Privilege Vulnerability (Exploitation Detected!)

CVE-2019-0859 – Win32k Elevation of Privilege Vulnerability (Exploitation Detected!)

Microsoft Edge

CVE-2019-0739 – Scripting Engine Memory Corruption Vulnerability

Microsoft Office

CVE-2019-0822 – Microsoft Graphics Components Remote Code Execution Vulnerability

Microsoft SharePoint

CVE-2019-0831 – Microsoft Office SharePoint XSS Vulnerability

ASP.NET Core

CVE-2019-0815 – ASP.NET Core Denial of Service Vulnerability

Team Foundation Server/Azure DevOps Server

CVE-2019-0857 – Azure DevOps Server Spoofing Vulnerability

CVE-2019-0866 – Azure DevOps Server Spoofing Vulnerability

CVE-2019-0867 – Azure DevOps Server Spoofing Vulnerability

CVE-2019-0868 – Azure DevOps Server Spoofing Vulnerability

CVE-2019-0870 – Azure DevOps Server Spoofing Vulnerability

CVE-2019-0871 – Azure DevOps Server Spoofing Vulnerability

CVE-2019-0874 – Azure DevOps Server Spoofing Vulnerability

CVE-2019-0869 – Azure DevOps Server HTML Injection Vulnerability

CVE-2019-0875 – Azure DevOps Server Elevation of Privilege Vulnerability

Exchange Server

CVE-2019-0817 – Microsoft Exchange Spoofing Vulnerability

CVE-2019-0858 – Microsoft Exchange Spoofing Vulnerability

Windows Admin Center

CVE-2019-0813 – Microsoft Exchange Spoofing Vulnerability

Рекомендации по безопасности

В январе были выпущены следующие рекомендательные документы:

ADV190011 – April 2019 Adobe Flash Security Update

Были дополнены и обновлены следующие рекомендательные документы:

ADV180002 – Guidance to mitigate speculative execution side-channel vulnerabilities

ADV990001 – Latest Servicing Stack Updates

Другие новости