Microsoft випустила оновлення безпеки за травень 2019
Microsoft випустила оновлення безпеки за травень 2019
Microsoft випустила оновлення безпеки для таких продуктів: Windows, Windows Server, Microsoft Edge, Internet Explorer, Office, SharePoint Server, SQL Server, Visual Studio, Team Foundation Server, Azure DevOps Server, Dynamics CRM/365, .NET Framework/ .NET Core, ASP.NET Core, Chakra Core та Adobe Flash Player.
На наступні вразливості та оновлення безпеки слід звернути особливу увагу:
Windows/Windows Server
CVE-2019-0863 – Windows Error Reporting Elevation of Privilege Vulnerability (Exploitation Detected!)
CVE-2019-0893 – Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-0903 – GDI+ Remote Code Execution Vulnerability
CVE-2019-0725 – Windows DHCP Server Remote Code Execution Vulnerability (No authentication required!)
CVE-2019-0708 – Remote Desktop Services Remote Code Execution Vulnerability (Wormable! >
Windows 7, Windows Server 2008 R2, Windows Server 2008 є виконані. Modern operation systems були NOT affected.
Windows XP, Windows Server 2003 updates – KB4500705
Mitigating Factors: Disable Remote Desktop Services, якщо вони не потрібні.
Workarounds: Enable Network Level Authentication (NLS) до блоку невтішних нападів від розгрому цієї vulnerability.
Microsoft Browsers
CVE-2019-0911 – Scripting Engine Memory Corruption Vulnerability
Microsoft Office
CVE-2019-0953 – Microsoft Word Remote Code Execution Vulnerability
Microsoft SharePoint
CVE-2019-0925 – Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SQL
CVE-2019-0819 – Microsoft SQL Server Analysis Services Information Disclosure Vulnerability
Microsoft Dynamics
CVE-2019-1008 – Microsoft Dynamics On-Premise Security Feature Bypass
.NET Framework/Core
CVE-2019-0820 – .NET Framework and .NET Core Denial of Service Vulnerability
CVE-2019-0980 – .NET Framework and .NET Core Denial of Service Vulnerability
CVE-2019-0981 – .NET Framework and .NET Core Denial of Service Vulnerability
CVE-2019-0964 – .NET Framework Denial of Service Vulnerability
ASP.NET Core
CVE-2019-0982 – ASP.NET Core Denial of Service Vulnerability
Team Foundation Server/Azure DevOps Server
CVE-2019-0872 – Azure DevOps Server та Team Foundation Server Cross-site Scripting Vulnerability
CVE-2019-0971 – Azure DevOps Server та Team Foundation Server Information Disclosure Vulnerability
CVE-2019-0979 – Azure DevOps Server та Team Foundation Server Cross-site Scripting Vulnerability
Visual Studio
CVE-2019-0727 – Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability
Azure Active Directory Connect
CVE-2019-1000 – Microsoft Azure AD Connect Elevation of Privilege Vulnerability
NuGet Package Manager for Linux and Mac
CVE-2019-0976 – NuGet Package Manager Tampering Vulnerability
Рекомендації з безпеки
Були випущено такі рекомендаційні документи (security advisory):
ADV190012 – May 2019 Adobe Flash Security Update
ADV190013 – Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilities
On May 14, 2019, Intel публікує інформацію про нову subclass of speculative execution side channel vulnerabilities known as Microarchitectural Data Sampling
CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling (MSBDS)
CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling (MFBDS)
CVE-2018-12127 – Microarchitectural Load Port Data Sampling (MLPDS)
CVE-2018-11091 – Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
Були доповнені та оновлені такі рекомендаційні документи:
ADV990001 – Latest Servicing Stack Updates
New Service Stack Update for Windows 10, Windows 10 (і Server equivalent) version 1607, v1703, v1709, v1803, v1809, v1903, Server 2016 and 2019
