+38/050/370-3627
+38/093/220-0872
+38/044/257-2444
Новини

Microsoft випустив плановий пакет оновлень, що виправляє вразливість у продуктах Microsoft

Microsoft випустив плановий пакет оновлень, що виправляє вразливість у продуктах Microsoft

Microsoft випустила плановий пакет оновлень, що виправляють загалом 88 вразливостей у різних версіях ОС Windows та інших продуктах виробника, у тому числі ряд багів, експлоїти для яких були опубліковані у відкритому доступі.

З 88 виправлених 21 проблема набула статусу «критичних», 66 - «важливих» і 1 вразливість розцінена як «середнього ступеня небезпеки».

Критичні вразливості зачіпають JavaScript двигун для браузера Microsoft Edge Chakra Scripting Engine (9 вразливостей), Microsoft Scripting Engine (4), гіпер Hyper-V (3), Microsoft Speech API, а також Edge та Internet Explorer.

У числі інших виробник виправив уразливості CVE-2019-1040 та CVE-2019-1019 у протоколі автентифікації NTLM, що дозволяють обійти механізми захисту NTLM та провести атаку типу NTLM Relay. Суть атак подібного типу полягає в тому, щоб втрутитися в процес аутентифікації протоколу NTLM і отримати доступ до стороннього ресурсу з привілеями користувача, що атакується. Атака може бути реалізована щодо будь-якого протоколу, який підтримує NTLM-авторизацію (SMB, HTTP, LDAP тощо).

Microsoft CVE Summary

Ці повідомлення містять детальні відомості про те, що пов'язують vulnerabilities:

TagCVE IDCVE Title
Adobe Flash Player ADV190015 June 2019 Adobe Flash Security Update
Kerberos CVE-2019-0972 Local Security Authority Subsystem Service Denial of Service Vulnerability
Microsoft Browsers CVE-2019-1081 Microsoft Browser Information Disclosure Vulnerability
Microsoft Browsers CVE-2019-1038 Microsoft Browser Memory Corruption Vulnerability
Microsoft Devices ADV190017 Microsoft HoloLens Remote Code Execution Vulnerabilities
Microsoft Devices ADV190016 Bluetooth Low Energy Advisory
Microsoft Edge CVE-2019-1054 Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Exchange Server ADV190018 Microsoft Exchange Server Defense in Depth Update
Microsoft Graphics Component CVE-2019-1018 DirectX Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2019-1047 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1046 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1013 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1015 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1016 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1048 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-0977 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-0960 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2019-0968 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1049 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1050 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-0985 Microsoft Speech API Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2019-1010 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1009 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1011 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1012 Windows GDI Information Disclosure Vulnerability
Microsoft JET Database Engine CVE-2019-0905 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0974 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0904 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0906 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0908 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0909 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0907 Jet Database Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2019-1035 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2019-1034 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2019-1032 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2019-1036 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2019-1031 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2019-1033 Microsoft Office SharePoint XSS Vulnerability
Microsoft Scripting Engine CVE-2019-1002 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0991 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1080 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1023 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2019-0993 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0992 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1024 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0990 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2019-0988 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0989 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1055 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1052 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1051 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0920 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1003 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2019-1069 Task Scheduler Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1064 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0888 ActiveX Data Objects (ADO) Remote Code Execution Vulnerability
Microsoft Windows CVE-2019-1025 Windows Denial of Service Vulnerability
Microsoft Windows CVE-2019-1045 Windows Network File System Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1043 Comctl32 Remote Code Execution Vulnerability
Microsoft Windows CVE-2019-0710 Windows Hyper-V Denial of Service Vulnerability
Microsoft Windows CVE-2019-0709 Windows Hyper-V Remote Code Execution Vulnerability
Microsoft Windows CVE-2019-0722 Windows Hyper-V Remote Code Execution Vulnerability
Microsoft Windows CVE-2019-0943 Windows ALPC Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0713 Windows Hyper-V Denial of Service Vulnerability
Microsoft Windows CVE-2019-0983 Windows Storage Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0984 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0711 Windows Hyper-V Denial of Service Vulnerability
Microsoft Windows CVE-2019-0948 Windows Event Viewer Information Disclosure Vulnerability
Microsoft Windows CVE-2019-0959 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0998 Windows Storage Service Elevation of Privilege Vulnerability
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates
Skype for Business та Microsoft Lync CVE-2019-1029 Skype for Business та Lync Server Denial of Service Vulnerability
Team Foundation Server CVE-2019-0996 Azure DevOps Server Spoofing Vulnerability
VBScript CVE-2019-1005 Scripting Engine Memory Corruption Vulnerability
Windows Authentication Methods CVE-2019-1040 Windows NTLM Tampering Vulnerability
Windows Hyper-V CVE-2019-0620 Windows Hyper-V Remote Code Execution Vulnerability
Windows IIS CVE-2019-0941 Microsoft IIS Server Denial of Service Vulnerability
Windows Installer CVE-2019-0973 Windows Installer Elevation of Privilege Vulnerability
Windows Kernel CVE-2019-1044 Windows Secure Kernel Mode Security Feature Bypass Vulnerability
Windows Kernel CVE-2019-1014 Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2019-1017 Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2019-1065 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2019-1041 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2019-1039 Windows Kernel Information Disclosure Vulnerability
Windows Media CVE-2019-1026 Windows Audio Service Elevation of Privilege Vulnerability
Windows Media CVE-2019-1007 Windows Audio Service Elevation of Privilege Vulnerability
Windows Media CVE-2019-1027 Windows Audio Service Elevation of Privilege Vulnerability
Windows Media CVE-2019-1022 Windows Audio Service Elevation of Privilege Vulnerability
Windows Media CVE-2019-1021 Windows Audio Service Elevation of Privilege Vulnerability
Windows Media CVE-2019-1028 Windows Audio Service Elevation of Privilege Vulnerability
Windows NTLM CVE-2019-1019 Microsoft Windows Security Feature Bypass Vulnerability
Windows Shell CVE-2019-0986 Windows User Profile Service Elevation of Privilege Vulnerability
Windows Shell CVE-2019-1053 Windows Shell Elevation of Privilege Vulnerability

Інші новини