Microsoft випустила оновлення безпеки за квітень 2019
Microsoft випустила оновлення безпеки за квітень 2019
Microsoft випустила оновлення безпеки для таких продуктів: Windows, Windows Server, Microsoft Edge, Internet Explorer, Office, SharePoint Server, Exchange Server, Team Foundation Server, Azure DevOps Server, Open Enclave SDK, ASP.NET Core, Chakra Core, Windows Admin Center та Adobe Flash Player.
Інформація про рівень критичності, потенційні збитки та відповідні оновлення, що закривають дані вразливості, представлена в таблиці нижче:
| Product Family | Maximum Severity | Maximum Impact | Associated KB Articles and/or Support Webpages |
| Windows 10 v1809, v1803, v1709, v1703, v1607, Windows 10 for 32-bit Systems, and Windows 10 for x64-based Systems (не включає Edge) | Critical | Remote Code Execution | Windows 10 v1809 Security Update: 4493509
Windows 10 v1803 Security Update: 4493464 Windows 10 v1709 Security Update: 4493441 Windows 10 v1703 Security Update: 4493474 Windows 10 v1607 Security Update: 4493470 Windows 10 Security Update: 4493475 |
| Windows Server 2019, Windows Server 2016, and Server Core installations (2019, 2016, v1803, and v1709) | Critical | Remote Code Execution | Windows Server 2019 Security Update: 4493509
Windows Server 2016 Security Update: 4493470 Windows Server, version 1803 Security Update: 4493464 Windows Server, version 1709 Security Update: 4493441 |
| Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 7, Windows Server 2008 R2 та Windows Server 2008 | Critical | Remote Code Execution | Windows 8.1, Windows Server 2012 R2 та Windows RT 8.1 Monthly Rollup: 4493446
Windows 8.1 та Windows Server 2012 R2 Security Only: 4493467 Windows Server 2012 Monthly Rollup: 4493451 Windows Server 2012 Security Only: 4493450 Windows 7 та Windows Server 2008 R2 Monthly Rollup: 4493472 Windows 7 та Windows Server 2008 R2 Security Only: 4493448 Windows Server 2008 Monthly Rollup: 4493471 Windows Server 2008 Security Only: 4493458 |
| Microsoft Edge | Critical | Remote Code Execution | Microsoft Edge на Windows 10 v1809 та Microsoft Edge на Windows Server 2019 Security Update: 4493509
Microsoft Edge on Windows 10 v1803 Security Update: 4493464 Microsoft Edge on Windows 10 v1709 Security Update: 4493441 Microsoft Edge on Windows 10 v1703 Security Update: 4493474 Microsoft Edge на Windows Server 2016 та Microsoft Edge на Windows 10 v1607 Security Update: 4493470 Microsoft Edge on Windows 10 Security Update: 4493475 |
| Internet Explorer | Critical | Remote Code Execution | Internet Explorer 11 on Windows 10 v1809 and Internet Explorer 11 на Windows Server 2019 Security Update: 4493509
Internet Explorer 11 on Windows 10 v1803 Security Update: 4493464 Internet Explorer 11 on Windows 10 v1709 Security Update: 4493441 Internet Explorer 11 on Windows 10 v1703 Security Update: 4493474 Internet Explorer 11 на Windows Server 2016 та Internet Explorer 11 на Windows 10 v1607 Security Update: 4493470 Internet Explorer 11 на Windows 10 Security Update: 4493475 Internet Explorer 9 on Windows Server 2008, Internet Explorer 11 on Windows 7, Internet Explorer 11 on Windows Server 2008 R2 Internet Explorer 11 on Windows 8.1 Internet Explorer 11 on Windows Server 2012 R2 and Internet Explorer 10 on Windows Server 2012 IE Cumulative: 4493435 Internet Explorer 11 on Windows Server 2012 R2 Monthly Rollup: 4493446 Internet Explorer 11 на Windows 7 та Internet Explorer 11 на Windows Server 2008 R2 Monthly Rollup: 4493472 Internet Explorer 10 on Windows Server 2012 Monthly Rollup: 4493451 Internet Explorer 9 на Windows Server 2008 Monthly Rollup: 4493471 |
| Microsoft Office-related software (including SharePoint) | Important | Remote Code Execution | Microsoft Office 2016: 4462242, 4462213
Microsoft Office 2013: 4464504, 4462204 Microsoft Office 2013 RT: 4462204 Microsoft Office 2010: 4464520, 4462223 Microsoft Excel 2016: 4462236 Microsoft Excel 2013 та Excel 2013 RT: 4462209 Microsoft Excel 2010: 4462230 Microsoft SharePoint Server 2019: 4464518 Microsoft SharePoint Server 2010: 4464525 Microsoft SharePoint Enterprise Server 2016: 4464510 Microsoft SharePoint Enterprise Server 2013: 4464511 Microsoft SharePoint Foundation 2013: 4464515 Microsoft SharePoint Foundation 2010: 4464528 |
| Microsoft Exchange Server | Important | Spoofing | Microsoft Exchange Server 2019, Exchange Server 2016, Exchange Server 2013:4487563.
Microsoft Exchange Server 2010: 4491413. |
| ASP.NET Core | Important | Denial of Service | Microsoft .NET, .NET Core, and ASP.NET Core downloads: https://dotnet.microsoft.com/download |
| Windows Admin Center | Important | Elevation of Privilege | Windows Admin Center інформаційно-downloads: https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/overview |
| Team Foundation Server, Azure DevOps Server | Important | Elevation of Privilege | Team Foundation Server є тепер названим Azure DevOps Server. Більше інформації про Azure DevOps Server here: https://docs.microsoft.com/en-us/azure/devops/server/?view=azure-devops |
| Open Enclave SDK | Important | Information Disclosure | Open Enclave SDK is an open-source project for building enclave applications в C і C++. More information is available at https://github.com/Microsoft/openenclave |
| ChakraCore | Critical | Remote Code Execution | ChakraCore is core part of Chakra, high-performance JavaScript engine that powers Microsoft Edge and Windows applications written in HTML/CSS/JS. More information is available at https://github.com/Microsoft/ChakraCore/wiki and https://github.com/Microsoft/ChakraCore/releases/ |
| Adobe Flash Player | Critical | Remote Code Execution | Adobe Flash Player Security Update: 4493478 Adobe Flash Player Advisory: ADV190011 |
Зверніть увага
На наступні вразливості та оновлення безпеки слід звернути особливу увагу:
Windows/Windows Server
CVE-2019-0786 – SMB Server Elevation of Privilege Vulnerability
CVE-2019-0803 – Win32k Elevation of Privilege Vulnerability (Exploitation Detected!)
CVE-2019-0859 – Win32k Elevation of Privilege Vulnerability (Exploitation Detected!)
Microsoft Edge
CVE-2019-0739 – Scripting Engine Memory Corruption Vulnerability
Microsoft Office
CVE-2019-0822 – Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft SharePoint
CVE-2019-0831 – Microsoft Office SharePoint XSS Vulnerability
ASP.NET Core
CVE-2019-0815 – ASP.NET Core Denial of Service Vulnerability
Team Foundation Server/Azure DevOps Server
CVE-2019-0857 – Azure DevOps Server Spoofing Vulnerability
CVE-2019-0866 – Azure DevOps Server Spoofing Vulnerability
CVE-2019-0867 – Azure DevOps Server Spoofing Vulnerability
CVE-2019-0868 – Azure DevOps Server Spoofing Vulnerability
CVE-2019-0870 – Azure DevOps Server Spoofing Vulnerability
CVE-2019-0871 – Azure DevOps Server Spoofing Vulnerability
CVE-2019-0874 – Azure DevOps Server Spoofing Vulnerability
CVE-2019-0869 – Azure DevOps Server HTML Injection Vulnerability
CVE-2019-0875 – Azure DevOps Server Elevation of Privilege Vulnerability
Exchange Server
CVE-2019-0817 – Microsoft Exchange Spoofing Vulnerability
CVE-2019-0858 – Microsoft Exchange Spoofing Vulnerability
Windows Admin Center
CVE-2019-0813 – Microsoft Exchange Spoofing Vulnerability
Рекомендації з безпеки
У січні було випущено такі рекомендаційні документи:
ADV190011 – April 2019 Adobe Flash Security Update
Були доповнені та оновлені такі рекомендаційні документи:
ADV180002 – Guidance to mitigate speculative execution side-channel vulnerabilities
ADV990001 – Latest Servicing Stack Updates
