Выпущены обновления безопасности Microsoft за февраль 2020 года
Выпущены обновления безопасности Microsoft за февраль 2020 года
Обратите внимание
На следующие уязвимости и обновления безопасности следует обратить особое внимание:
Windows
CVE-2020-0689 – Microsoft Secure Boot Security Feature Bypass Vulnerability (Publicly disclosed)
Affected software: All supported versions of Windows
CVE-2020-0681 – Remote Desktop Client Remote Code Execution Vulnerability (Critical, CVSS Score 7.5)
Affected Software: All supported versions of Windows
CVE-2020-0683 – Windows Installer Elevation of Privilege Vulnerability (Publicly disclosed)
Affected Software: All supported versions of Windows
CVE-2020-0686 – Windows Installer Elevation of Privilege Vulnerability (Publicly disclosed)
Affected Software: All supported versions of Windows
CVE-2020-0738 – Media Foundation Memory Corruption Vulnerability (CVSS Score 8.8)
Affected Software: All supported versions of Windows
CVE-2020-0662 – Windows Remote Code Execution Vulnerability (Critical, CVSS Score 8.6)
Affected software: All supported versions of Windows
Microsoft Browsers
CVE-2020-0674 – Scripting Engine Memory Corruption Vulnerability (Publicly disclosed, Exploitation detected!)
Affected Software: Internet Explorer 9, 10, 11 on supported versions of Windows.
CVE-2020-0706 – Microsoft Browser Information Disclosure Vulnerability (Publicly disclosed)
Affected Software: Microsoft Edge (HTML), Internet Explorer 9, 10, 11 on supported versions of Windows.
ADV200002 – Chromium Security Updates for Microsoft Edge based on Chromium
Microsoft Office
CVE-2020-0759 – Microsoft Excel Remote Code Execution Vulnerability
Affected Software: Office 2019, Office 365 ProPlus, Excel 2010/2013/2016, Office 2016/2019 for Mac
Microsoft SharePoint
CVE-2020-0693 – Microsoft Office SharePoint XSS Vulnerability
Affected Software: SharePoint Server 2013/2016/2019
Microsoft Exchange
CVE-2020-0688 – Microsoft Exchange Validation Key Remote Code Execution Vulnerability
CVE-2020-0692 – Microsoft Exchange Server Elevation of Privilege Vulnerability
Affected Software: Exchange Server 2010/2013/2016/2019
Microsoft .SQL
CVE-2020-0618 – Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
Внимание:
14 января 2020 г. закончилась поддержка Windows 7, Windows Server 2008, Windows Server 2008 R2!!!
Обновления безопасности доступны только заказчикам с контрактом Extended Security Updates (ESU).
Рекомендации по безопасности
Были дополнены и обновлены следующие рекомендательные документы:
ADV200003 – February 2020 Adobe Flash Security Update
ADV990001 – Latest Servicing Stack Updates (SSU)
A new SSU has been released for: Windows 10 v1903, Windows 10 v1909.
February 2020 Security Updates
Release Date: February 11, 2020
The February security release consists of security updates for the following software:
- Microsoft Windows
- Microsoft Edge (EdgeHTML-based)
- Microsoft Edge (Chromium-based)
- ChakraCore
- Internet Explorer
- Microsoft Exchange Server
- Microsoft SQL Server
- Microsoft Office and Microsoft Office Services and Web Apps
- Windows Malicious Software Removal Tool
- Windows Surface Hub
Please note the following information regarding the security updates:
- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
- Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
- Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
- For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
- In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
- Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.
- ADV200003
- CVE-2020-0618 *
- CVE-2020-0658
- CVE-2020-0675
- CVE-2020-0676
- CVE-2020-0677
- CVE-2020-0689 *
- CVE-2020-0693
- CVE-2020-0694
- CVE-2020-0695
- CVE-2020-0696
- CVE-2020-0697
- CVE-2020-0698
- CVE-2020-0705
- CVE-2020-0706
- CVE-2020-0714
- CVE-2020-0716
- CVE-2020-0717
- CVE-2020-0728
- CVE-2020-0736
- CVE-2020-0744
- CVE-2020-0746
- CVE-2020-0748
- CVE-2020-0755
- CVE-2020-0756
- CVE-2020-0759
- CVE-2020-0766
Known Issues
| KB Article | Applies To |
|---|---|
| 4532691 | Windows 10 Version 1809, Windows Server 2019 |
| 4536987 | Microsoft Exchange Server 2016 & 2019 |
| 4536988 | Microsoft Exchange Server 2013 |
| 4536989 | Microsoft Exchange Server 2010 |
| 4537762 | Windows 10, version 1803, Windows Server version 1803 |
| 4537764 | Windows 10, version 1607, Windows Server 2016 |
| 4537776 | Windows 10 |
| 4537789 | Windows 10, version 1709 |
| 4537794 | Windows Server 2012 (Security-only update) |
| 4537803 | Windows 8.1, Windows Server 2012 R2 (Security-only update) |
| 4537813 | Windows 7, Windows Server 2008 R2 (Security-only update) |
| 4537814 | Windows Server 2012 (Monthly Rollup) |
| 4537821 | Windows 8.1, Windows Server 2012 R2 (Monthly Rollup) |
