Microsoft випустив плановий пакет оновлень, що виправляє вразливість у продуктах Microsoft
Microsoft випустив плановий пакет оновлень, що виправляє вразливість у продуктах Microsoft
Microsoft випустила плановий пакет оновлень, що виправляють загалом 88 вразливостей у різних версіях ОС Windows та інших продуктах виробника, у тому числі ряд багів, експлоїти для яких були опубліковані у відкритому доступі.
З 88 виправлених 21 проблема набула статусу «критичних», 66 - «важливих» і 1 вразливість розцінена як «середнього ступеня небезпеки».
Критичні вразливості зачіпають JavaScript двигун для браузера Microsoft Edge Chakra Scripting Engine (9 вразливостей), Microsoft Scripting Engine (4), гіпер Hyper-V (3), Microsoft Speech API, а також Edge та Internet Explorer.
У числі інших виробник виправив уразливості CVE-2019-1040 та CVE-2019-1019 у протоколі автентифікації NTLM, що дозволяють обійти механізми захисту NTLM та провести атаку типу NTLM Relay. Суть атак подібного типу полягає в тому, щоб втрутитися в процес аутентифікації протоколу NTLM і отримати доступ до стороннього ресурсу з привілеями користувача, що атакується. Атака може бути реалізована щодо будь-якого протоколу, який підтримує NTLM-авторизацію (SMB, HTTP, LDAP тощо).
Microsoft CVE Summary
Ці повідомлення містять детальні відомості про те, що пов'язують vulnerabilities:
| Tag | CVE ID | CVE Title |
|---|---|---|
| Adobe Flash Player | ADV190015 | June 2019 Adobe Flash Security Update |
| Kerberos | CVE-2019-0972 | Local Security Authority Subsystem Service Denial of Service Vulnerability |
| Microsoft Browsers | CVE-2019-1081 | Microsoft Browser Information Disclosure Vulnerability |
| Microsoft Browsers | CVE-2019-1038 | Microsoft Browser Memory Corruption Vulnerability |
| Microsoft Devices | ADV190017 | Microsoft HoloLens Remote Code Execution Vulnerabilities |
| Microsoft Devices | ADV190016 | Bluetooth Low Energy Advisory |
| Microsoft Edge | CVE-2019-1054 | Microsoft Edge Security Feature Bypass Vulnerability |
| Microsoft Exchange Server | ADV190018 | Microsoft Exchange Server Defense in Depth Update |
| Microsoft Graphics Component | CVE-2019-1018 | DirectX Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2019-1047 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1046 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1013 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1015 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1016 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1048 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-0977 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-0960 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2019-0968 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1049 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1050 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-0985 | Microsoft Speech API Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2019-1010 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1009 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1011 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1012 | Windows GDI Information Disclosure Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0905 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0974 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0904 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0906 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0908 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0909 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0907 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-1035 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-1034 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2019-1032 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2019-1036 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2019-1031 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2019-1033 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Scripting Engine | CVE-2019-1002 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0991 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-1080 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-1023 | Scripting Engine Information Disclosure Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0993 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0992 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-1024 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0990 | Scripting Engine Information Disclosure Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0988 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0989 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-1055 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-1052 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-1051 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0920 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-1003 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2019-1069 | Task Scheduler Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-1064 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0888 | ActiveX Data Objects (ADO) Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2019-1025 | Windows Denial of Service Vulnerability |
| Microsoft Windows | CVE-2019-1045 | Windows Network File System Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-1043 | Comctl32 Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2019-0710 | Windows Hyper-V Denial of Service Vulnerability |
| Microsoft Windows | CVE-2019-0709 | Windows Hyper-V Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2019-0722 | Windows Hyper-V Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2019-0943 | Windows ALPC Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0713 | Windows Hyper-V Denial of Service Vulnerability |
| Microsoft Windows | CVE-2019-0983 | Windows Storage Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0984 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0711 | Windows Hyper-V Denial of Service Vulnerability |
| Microsoft Windows | CVE-2019-0948 | Windows Event Viewer Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2019-0959 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0998 | Windows Storage Service Elevation of Privilege Vulnerability |
| Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates |
| Skype for Business та Microsoft Lync | CVE-2019-1029 | Skype for Business та Lync Server Denial of Service Vulnerability |
| Team Foundation Server | CVE-2019-0996 | Azure DevOps Server Spoofing Vulnerability |
| VBScript | CVE-2019-1005 | Scripting Engine Memory Corruption Vulnerability |
| Windows Authentication Methods | CVE-2019-1040 | Windows NTLM Tampering Vulnerability |
| Windows Hyper-V | CVE-2019-0620 | Windows Hyper-V Remote Code Execution Vulnerability |
| Windows IIS | CVE-2019-0941 | Microsoft IIS Server Denial of Service Vulnerability |
| Windows Installer | CVE-2019-0973 | Windows Installer Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2019-1044 | Windows Secure Kernel Mode Security Feature Bypass Vulnerability |
| Windows Kernel | CVE-2019-1014 | Win32k Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2019-1017 | Win32k Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2019-1065 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2019-1041 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2019-1039 | Windows Kernel Information Disclosure Vulnerability |
| Windows Media | CVE-2019-1026 | Windows Audio Service Elevation of Privilege Vulnerability |
| Windows Media | CVE-2019-1007 | Windows Audio Service Elevation of Privilege Vulnerability |
| Windows Media | CVE-2019-1027 | Windows Audio Service Elevation of Privilege Vulnerability |
| Windows Media | CVE-2019-1022 | Windows Audio Service Elevation of Privilege Vulnerability |
| Windows Media | CVE-2019-1021 | Windows Audio Service Elevation of Privilege Vulnerability |
| Windows Media | CVE-2019-1028 | Windows Audio Service Elevation of Privilege Vulnerability |
| Windows NTLM | CVE-2019-1019 | Microsoft Windows Security Feature Bypass Vulnerability |
| Windows Shell | CVE-2019-0986 | Windows User Profile Service Elevation of Privilege Vulnerability |
| Windows Shell | CVE-2019-1053 | Windows Shell Elevation of Privilege Vulnerability |
