安全播报

防御吧作为15年知名老牌域名服务商,CNNIC和CANN双认证域名注册商,已经
持续为500多万个域名提供服务,包括智能DNS/自由转移/隐私保护等服务!
微软2019年7月的补丁星期二修复了2个Zero-Day漏洞
2019-07-10 10:19:13 【

今天是微软2019年7月的补丁星期二,这意味着今天每个人都应该对你的Windows管理员特别好,因为他们开始测试并可能部署更新。 本月的更新中包含针对五个公开披露的漏洞的修复程序,但未被利用,以及两个零日漏洞,这些漏洞在野外被积极利用。


随着2019年7月安全更新的发布,微软发布了1个建议,1个服务堆栈更新,以及77个漏洞的更新。 在这些漏洞中,有15个被列为严重漏洞。


有关非安全Windows更新的信息,您可以阅读今天的Windows 2010年7月10日累积更新和Windows 7 7月2019累积更新。



所有用户都应尽快安装这些安全更新,以保护Windows免受安全风险。


修补了两个零日漏洞

随着今天的安全更新发布,微软已经修复了两个被利用的漏洞,这些漏洞可能允许程序以更高的权限级别运行。


第一个零日标题为“CVE-2019-1132  -  Win32k特权提升漏洞”,由ESET高级恶意软件研究员Anton Cherepanov发现。 如果被利用,此漏洞可能允许攻击者“以内核模式运行任意代码。然后攻击者可以安装程序;查看,更改或删除数据;或创建具有完全用户权限的新帐户。”


由于Cherepanov是ESET的恶意软件研究员,很可能发现这个漏洞被某种类型的计算机感染所利用。 在一条推文中,为了回应BleepingComputer提出的问题,Cherepanov表示即将提供更多信息。



第二个漏洞标题为“CVE-2019-0880  -  Microsoft splwow64特权提升漏洞”,由ReSecurity的Gene Yoo发现。这是发现3月份披露的Citrix hack的同一家安全公司。 BleepingComputer试图联系他们,但此时没有收到回复。


五个公开披露的漏洞

随着7月补丁周二的更新,微软已经发布了五个公开披露的漏洞的安全更新。不过,微软已经表示,这些漏洞都没有被发现在野外被利用。


此列表中包含由Google Project Zero研究员Tavis Ormandy公开披露的SymCrypt DoS漏洞补丁,因为Microsoft未达到其补丁截止日期。


CVE-2019-0865  -  SymCrypt拒绝服务漏洞

CVE-2018-15664  -  Docker特权提升漏洞

CVE-2019-0962  -  Azure自动化特权提升漏洞

CVE-2019-1068  -  Microsoft SQL Server远程执行代码漏洞

CVE-2019-1129  -  Windows特权提升漏洞


SandboxEscaper披露的漏洞已修复


本月修复了一个名为“CVE-2019-1130 | Windows特权提升漏洞”的权限提升漏洞,该漏洞由SandboxEscaper披露并归因于她的一个“Polar Bear”别名。


在过去,SandboxEscaper会公开披露她的漏洞为零天,但这一漏洞似乎是私下提交给微软的。


2019年7月补丁星期二安全更新

以下是2019年7月补丁星期二更新中已解决的漏洞,建议和SSU的完整列表。 要访问每个漏洞及其影响的系统的完整描述,您可以在此处查看完整报告。


TagCVE IDCVE TitleSeverity
.NET FrameworkCVE-2019-1083.NET Denial of Service VulnerabilityImportant
.NET FrameworkCVE-2019-1113.NET Framework Remote Code Execution VulnerabilityCritical
.NET FrameworkCVE-2019-1006WCF/WIF SAML Token Authentication Bypass VulnerabilityImportant
ASP.NETCVE-2019-1075ASP.NET Core Spoofing VulnerabilityModerate
AzureCVE-2019-0962Azure Automation Elevation of Privilege VulnerabilityImportant
Azure DevOpsCVE-2019-1076Team Foundation Server Cross-site Scripting VulnerabilityImportant
Azure DevOpsCVE-2019-1072Azure DevOps Server and Team Foundation Server Remote Code Execution VulnerabilityCritical
Internet ExplorerCVE-2019-1063Internet Explorer Memory Corruption VulnerabilityCritical
Microsoft BrowsersCVE-2019-1104Microsoft Browser Memory Corruption VulnerabilityCritical
Microsoft Exchange ServerADV190021Outlook on the web Cross-Site Scripting VulnerabilityImportant
Microsoft Exchange ServerCVE-2019-1136Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant
Microsoft Exchange ServerCVE-2019-1137Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1118DirectWrite Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1119DirectWrite Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1117DirectWrite Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1127DirectWrite Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1116Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1120DirectWrite Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1124DirectWrite Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-0999DirectX Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1128DirectWrite Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1121DirectWrite Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1122DirectWrite Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1123DirectWrite Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1097DirectWrite Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1096Win32k Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1101Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1098Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1095Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1102GDI+ Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2019-1100Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1094Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1093DirectWrite Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2019-1084Microsoft Exchange Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2019-1111Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2019-1110Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2019-1109Microsoft Office Spoofing VulnerabilityImportant
Microsoft OfficeCVE-2019-1112Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2019-1134Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Scripting EngineCVE-2019-1062Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-1004Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-1001Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-1059Scripting Engine Memory Corruption VulnerabilityModerate
Microsoft Scripting EngineCVE-2019-1056Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-1106Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-1092Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-1103Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-1107Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft WindowsCVE-2019-1067Windows Kernel Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1074Microsoft Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1091Microsoft unistore.dll Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2019-1082Microsoft Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-0975ADFS Security Feature Bypass VulnerabilityImportant
Microsoft WindowsCVE-2019-1130Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1129Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1037Windows Error Reporting Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-0880Microsoft splwow64 Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-0865SymCrypt Denial of Service VulnerabilityImportant
Microsoft WindowsCVE-2019-0785Windows DHCP Server Remote Code Execution VulnerabilityCritical
Microsoft WindowsCVE-2019-0887Remote Desktop Services Remote Code Execution VulnerabilityImportant
Microsoft WindowsCVE-2019-0966Windows Hyper-V Denial of Service VulnerabilityImportant
Microsoft WindowsCVE-2019-1126ADFS Security Feature Bypass VulnerabilityImportant
Microsoft Windows DNSCVE-2019-1090Windows dnsrlvr.dll Elevation of Privilege VulnerabilityImportant
Microsoft Windows DNSCVE-2019-0811Windows DNS Server Denial of Service VulnerabilityImportant
Open Source SoftwareCVE-2018-15664Docker Elevation of Privilege VulnerabilityImportant
Servicing Stack UpdatesADV990001Latest Servicing Stack UpdatesCritical
SQL ServerCVE-2019-1068Microsoft SQL Server Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2019-1077Visual Studio Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2019-1079Visual Studio Information Disclosure VulnerabilityImportant
Windows KernelCVE-2019-1073Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2019-1132Win32k Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2019-1071Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2019-1089Windows RPCSS Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2019-1086Windows Audio Service Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2019-1088Windows Audio Service Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2019-1087Windows Audio Service Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2019-1085Windows WLAN Service Elevation of Privilege VulnerabilityImportant
Windows RDPCVE-2019-1108Remote Desktop Protocol Client Information Disclosure VulnerabilityImportant
Windows ShellCVE-2019-1099Windows GDI Information Disclosure VulnerabilityImportant




】【打印关闭】 【返回顶部
分享到QQ空间
分享到: 
上一篇英特尔修复了企业级SSD中的Priv E.. 下一篇Web安全漏洞之Electron框架漏洞

立足首都,辐射全球,防御吧专注云防御及云计算服务15年!

联系我们

联系地址:北京市朝阳区望京湖光中街一号鹏景阁大厦10层
服务热线:010-56157787 ,010-56159998
企业QQ:4000043998
技术支持:010-56159998
E-Mail:800@fangyuba.com
Copyright ? 2003-2016 fangyuba. 防御吧(完美解决防御与加速) 版权所有 增值许可:京B2-20140042号
售前咨询
公司总机:4000043998 01056155355
24小时电话:010-56159998
投诉电话:18910191973
值班售后/技术支持
售后服务/财务
备案专员
紧急电话:18610088800