Microsoft випустив плановий пакет оновлень, що виправляє вразливість у продуктах Microsoft
Microsoft випустив плановий пакет оновлень, що виправляє вразливість у продуктах Microsoft
Microsoft випустила плановий пакет оновлень, що виправляють загалом 88 вразливостей у різних версіях ОС Windows та інших продуктах виробника, у тому числі ряд багів, експлоїти для яких були опубліковані у відкритому доступі.
З 88 виправлених 21 проблема набула статусу «критичних», 66 - «важливих» і 1 вразливість розцінена як «середнього ступеня небезпеки».
Критичні вразливості зачіпають JavaScript двигун для браузера Microsoft Edge Chakra Scripting Engine (9 вразливостей), Microsoft Scripting Engine (4), гіпер Hyper-V (3), Microsoft Speech API, а також Edge та Internet Explorer.
У числі інших виробник виправив уразливості CVE-2019-1040 та CVE-2019-1019 у протоколі автентифікації NTLM, що дозволяють обійти механізми захисту NTLM та провести атаку типу NTLM Relay. Суть атак подібного типу полягає в тому, щоб втрутитися в процес аутентифікації протоколу NTLM і отримати доступ до стороннього ресурсу з привілеями користувача, що атакується. Атака може бути реалізована щодо будь-якого протоколу, який підтримує NTLM-авторизацію (SMB, HTTP, LDAP тощо).
Microsoft CVE Summary
Ці повідомлення містять детальні відомості про те, що пов'язують vulnerabilities:
Tag | CVE ID | CVE Title |
---|---|---|
Adobe Flash Player | ADV190015 | June 2019 Adobe Flash Security Update |
Kerberos | CVE-2019-0972 | Local Security Authority Subsystem Service Denial of Service Vulnerability |
Microsoft Browsers | CVE-2019-1081 | Microsoft Browser Information Disclosure Vulnerability |
Microsoft Browsers | CVE-2019-1038 | Microsoft Browser Memory Corruption Vulnerability |
Microsoft Devices | ADV190017 | Microsoft HoloLens Remote Code Execution Vulnerabilities |
Microsoft Devices | ADV190016 | Bluetooth Low Energy Advisory |
Microsoft Edge | CVE-2019-1054 | Microsoft Edge Security Feature Bypass Vulnerability |
Microsoft Exchange Server | ADV190018 | Microsoft Exchange Server Defense in Depth Update |
Microsoft Graphics Component | CVE-2019-1018 | DirectX Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2019-1047 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1046 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1013 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1015 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1016 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1048 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-0977 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-0960 | Win32k Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2019-0968 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1049 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1050 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-0985 | Microsoft Speech API Remote Code Execution Vulnerability |
Microsoft Graphics Component | CVE-2019-1010 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1009 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1011 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-1012 | Windows GDI Information Disclosure Vulnerability |
Microsoft JET Database Engine | CVE-2019-0905 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-0974 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-0904 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-0906 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-0908 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-0909 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-0907 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft Office | CVE-2019-1035 | Microsoft Word Remote Code Execution Vulnerability |
Microsoft Office | CVE-2019-1034 | Microsoft Word Remote Code Execution Vulnerability |
Microsoft Office SharePoint | CVE-2019-1032 | Microsoft Office SharePoint XSS Vulnerability |
Microsoft Office SharePoint | CVE-2019-1036 | Microsoft Office SharePoint XSS Vulnerability |
Microsoft Office SharePoint | CVE-2019-1031 | Microsoft Office SharePoint XSS Vulnerability |
Microsoft Office SharePoint | CVE-2019-1033 | Microsoft Office SharePoint XSS Vulnerability |
Microsoft Scripting Engine | CVE-2019-1002 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-0991 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-1080 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-1023 | Scripting Engine Information Disclosure Vulnerability |
Microsoft Scripting Engine | CVE-2019-0993 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-0992 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-1024 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-0990 | Scripting Engine Information Disclosure Vulnerability |
Microsoft Scripting Engine | CVE-2019-0988 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-0989 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-1055 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-1052 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-1051 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-0920 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-1003 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Windows | CVE-2019-1069 | Task Scheduler Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1064 | Windows Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-0888 | ActiveX Data Objects (ADO) Remote Code Execution Vulnerability |
Microsoft Windows | CVE-2019-1025 | Windows Denial of Service Vulnerability |
Microsoft Windows | CVE-2019-1045 | Windows Network File System Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-1043 | Comctl32 Remote Code Execution Vulnerability |
Microsoft Windows | CVE-2019-0710 | Windows Hyper-V Denial of Service Vulnerability |
Microsoft Windows | CVE-2019-0709 | Windows Hyper-V Remote Code Execution Vulnerability |
Microsoft Windows | CVE-2019-0722 | Windows Hyper-V Remote Code Execution Vulnerability |
Microsoft Windows | CVE-2019-0943 | Windows ALPC Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-0713 | Windows Hyper-V Denial of Service Vulnerability |
Microsoft Windows | CVE-2019-0983 | Windows Storage Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-0984 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-0711 | Windows Hyper-V Denial of Service Vulnerability |
Microsoft Windows | CVE-2019-0948 | Windows Event Viewer Information Disclosure Vulnerability |
Microsoft Windows | CVE-2019-0959 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-0998 | Windows Storage Service Elevation of Privilege Vulnerability |
Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates |
Skype for Business та Microsoft Lync | CVE-2019-1029 | Skype for Business та Lync Server Denial of Service Vulnerability |
Team Foundation Server | CVE-2019-0996 | Azure DevOps Server Spoofing Vulnerability |
VBScript | CVE-2019-1005 | Scripting Engine Memory Corruption Vulnerability |
Windows Authentication Methods | CVE-2019-1040 | Windows NTLM Tampering Vulnerability |
Windows Hyper-V | CVE-2019-0620 | Windows Hyper-V Remote Code Execution Vulnerability |
Windows IIS | CVE-2019-0941 | Microsoft IIS Server Denial of Service Vulnerability |
Windows Installer | CVE-2019-0973 | Windows Installer Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2019-1044 | Windows Secure Kernel Mode Security Feature Bypass Vulnerability |
Windows Kernel | CVE-2019-1014 | Win32k Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2019-1017 | Win32k Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2019-1065 | Windows Kernel Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2019-1041 | Windows Kernel Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2019-1039 | Windows Kernel Information Disclosure Vulnerability |
Windows Media | CVE-2019-1026 | Windows Audio Service Elevation of Privilege Vulnerability |
Windows Media | CVE-2019-1007 | Windows Audio Service Elevation of Privilege Vulnerability |
Windows Media | CVE-2019-1027 | Windows Audio Service Elevation of Privilege Vulnerability |
Windows Media | CVE-2019-1022 | Windows Audio Service Elevation of Privilege Vulnerability |
Windows Media | CVE-2019-1021 | Windows Audio Service Elevation of Privilege Vulnerability |
Windows Media | CVE-2019-1028 | Windows Audio Service Elevation of Privilege Vulnerability |
Windows NTLM | CVE-2019-1019 | Microsoft Windows Security Feature Bypass Vulnerability |
Windows Shell | CVE-2019-0986 | Windows User Profile Service Elevation of Privilege Vulnerability |
Windows Shell | CVE-2019-1053 | Windows Shell Elevation of Privilege Vulnerability |