+38/044/257-2444
+38/067/502-3306
+38/050/370-3627
Новости

Выпущены обновления безопасности Microsoft за февраль 2020 года

Выпущены обновления безопасности Microsoft за февраль 2020 года

Обратите внимание

На следующие уязвимости и обновления безопасности следует обратить особое внимание:

Windows

CVE-2020-0689 – Microsoft Secure Boot Security Feature Bypass Vulnerability (Publicly disclosed)

Affected software: All supported versions of Windows

CVE-2020-0681 – Remote Desktop Client Remote Code Execution Vulnerability (Critical, CVSS Score 7.5)

Affected Software: All supported versions of Windows

CVE-2020-0683 – Windows Installer Elevation of Privilege Vulnerability (Publicly disclosed)

Affected Software: All supported versions of Windows

CVE-2020-0686 – Windows Installer Elevation of Privilege Vulnerability (Publicly disclosed)

Affected Software: All supported versions of Windows

CVE-2020-0738 – Media Foundation Memory Corruption Vulnerability (CVSS Score 8.8)

Affected Software: All supported versions of Windows

CVE-2020-0662 – Windows Remote Code Execution Vulnerability (Critical, CVSS Score 8.6)

Affected software: All supported versions of Windows

Microsoft Browsers

CVE-2020-0674 – Scripting Engine Memory Corruption Vulnerability (Publicly disclosed, Exploitation detected!)

Affected Software: Internet Explorer 9, 10, 11 on supported versions of Windows.

CVE-2020-0706 – Microsoft Browser Information Disclosure Vulnerability (Publicly disclosed)

Affected Software: Microsoft Edge (HTML), Internet Explorer 9, 10, 11 on supported versions of Windows.

ADV200002 – Chromium Security Updates for Microsoft Edge based on Chromium

Microsoft Office

CVE-2020-0759 – Microsoft Excel Remote Code Execution Vulnerability

Affected Software: Office 2019, Office 365 ProPlus, Excel 2010/2013/2016, Office 2016/2019 for Mac 

Microsoft SharePoint

CVE-2020-0693 – Microsoft Office SharePoint XSS Vulnerability

Affected Software: SharePoint Server 2013/2016/2019

Microsoft Exchange

CVE-2020-0688 – Microsoft Exchange Validation Key Remote Code Execution Vulnerability

CVE-2020-0692 – Microsoft Exchange Server Elevation of Privilege Vulnerability

Affected Software: Exchange Server 2010/2013/2016/2019

Microsoft .SQL

CVE-2020-0618 – Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability

Внимание:

14 января 2020 г. закончилась поддержка Windows 7, Windows Server 2008, Windows Server 2008 R2!!!

Обновления безопасности доступны только заказчикам с контрактом Extended Security Updates (ESU).

Рекомендации по безопасности

Были дополнены и обновлены следующие рекомендательные документы:

ADV200003 – February 2020 Adobe Flash Security Update

ADV990001 – Latest Servicing Stack Updates (SSU)

A new SSU has been released for: Windows 10 v1903, Windows 10 v1909.

February 2020 Security Updates

Release Date: February 11, 2020

The February security release consists of security updates for the following software:

  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Edge (Chromium-based)
  • ChakraCore
  • Internet Explorer
  • Microsoft Exchange Server
  • Microsoft SQL Server
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Windows Malicious Software Removal Tool
  • Windows Surface Hub

Please note the following information regarding the security updates:

  • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  • Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

  • ADV200003
  • CVE-2020-0618 *
  • CVE-2020-0658
  • CVE-2020-0675
  • CVE-2020-0676
  • CVE-2020-0677
  • CVE-2020-0689 *
  • CVE-2020-0693
  • CVE-2020-0694
  • CVE-2020-0695
  • CVE-2020-0696
  • CVE-2020-0697
  • CVE-2020-0698
  • CVE-2020-0705
  • CVE-2020-0706
  • CVE-2020-0714
  • CVE-2020-0716
  • CVE-2020-0717
  • CVE-2020-0728
  • CVE-2020-0736
  • CVE-2020-0744
  • CVE-2020-0746
  • CVE-2020-0748
  • CVE-2020-0755
  • CVE-2020-0756
  • CVE-2020-0759
  • CVE-2020-0766

Known Issues

KB ArticleApplies To
4532691 Windows 10 Version 1809, Windows Server 2019
4536987 Microsoft Exchange Server 2016 & 2019
4536988 Microsoft Exchange Server 2013
4536989 Microsoft Exchange Server 2010
4537762 Windows 10, version 1803, Windows Server version 1803
4537764 Windows 10, version 1607, Windows Server 2016
4537776 Windows 10
4537789 Windows 10, version 1709
4537794 Windows Server 2012 (Security-only update)
4537803 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4537813 Windows 7, Windows Server 2008 R2 (Security-only update)
4537814 Windows Server 2012 (Monthly Rollup)
4537821 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)

Другие новости