Microsoft випустила оновлення безпеки за травень 2019
Microsoft випустила оновлення безпеки за травень 2019
Microsoft випустила оновлення безпеки для таких продуктів: Windows, Windows Server, Microsoft Edge, Internet Explorer, Office, SharePoint Server, SQL Server, Visual Studio, Team Foundation Server, Azure DevOps Server, Dynamics CRM/365, .NET Framework/ .NET Core, ASP.NET Core, Chakra Core та Adobe Flash Player.
На наступні вразливості та оновлення безпеки слід звернути особливу увагу:
Windows/Windows Server
CVE-2019-0863 – Windows Error Reporting Elevation of Privilege Vulnerability (Exploitation Detected!)
CVE-2019-0893 – Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-0903 – GDI+ Remote Code Execution Vulnerability
CVE-2019-0725 – Windows DHCP Server Remote Code Execution Vulnerability (No authentication required!)
CVE-2019-0708 – Remote Desktop Services Remote Code Execution Vulnerability (Wormable! >
Windows 7, Windows Server 2008 R2, Windows Server 2008 є виконані. Modern operation systems були NOT affected. Windows XP, Windows Server 2003 updates – KB4500705 Mitigating Factors: Disable Remote Desktop Services, якщо вони не потрібні. Workarounds: Enable Network Level Authentication (NLS) до блоку невтішних нападів від розгрому цієї vulnerability. Microsoft Browsers CVE-2019-0911 – Scripting Engine Memory Corruption Vulnerability Microsoft Office CVE-2019-0953 – Microsoft Word Remote Code Execution Vulnerability Microsoft SharePoint CVE-2019-0925 – Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft SQL CVE-2019-0819 – Microsoft SQL Server Analysis Services Information Disclosure Vulnerability Microsoft Dynamics CVE-2019-1008 – Microsoft Dynamics On-Premise Security Feature Bypass .NET Framework/Core CVE-2019-0820 – .NET Framework and .NET Core Denial of Service Vulnerability CVE-2019-0980 – .NET Framework and .NET Core Denial of Service Vulnerability CVE-2019-0981 – .NET Framework and .NET Core Denial of Service Vulnerability CVE-2019-0964 – .NET Framework Denial of Service Vulnerability ASP.NET Core CVE-2019-0982 – ASP.NET Core Denial of Service Vulnerability Team Foundation Server/Azure DevOps Server CVE-2019-0872 – Azure DevOps Server та Team Foundation Server Cross-site Scripting Vulnerability CVE-2019-0971 – Azure DevOps Server та Team Foundation Server Information Disclosure Vulnerability CVE-2019-0979 – Azure DevOps Server та Team Foundation Server Cross-site Scripting Vulnerability Visual Studio CVE-2019-0727 – Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability Azure Active Directory Connect CVE-2019-1000 – Microsoft Azure AD Connect Elevation of Privilege Vulnerability NuGet Package Manager for Linux and Mac CVE-2019-0976 – NuGet Package Manager Tampering Vulnerability Були випущено такі рекомендаційні документи (security advisory): ADV190012 – May 2019 Adobe Flash Security Update ADV190013 – Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilities On May 14, 2019, Intel публікує інформацію про нову subclass of speculative execution side channel vulnerabilities known as Microarchitectural Data Sampling CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12127 – Microarchitectural Load Port Data Sampling (MLPDS) CVE-2018-11091 – Microarchitectural Data Sampling Uncacheable Memory (MDSUM) Були доповнені та оновлені такі рекомендаційні документи: ADV990001 – Latest Servicing Stack Updates New Service Stack Update for Windows 10, Windows 10 (і Server equivalent) version 1607, v1703, v1709, v1803, v1809, v1903, Server 2016 and 2019Рекомендації з безпеки
Інші новини