多個(gè)產(chǎn)品高危漏洞！微軟發(fā)布6月安全更新

北京時(shí)間6月10日，微軟發(fā)布6月安全更新補(bǔ)丁，修復(fù)了130個(gè)安全問題，涉及Microsoft Windows、Internet Explorer、Microsoft Edge、Windows Defender、Microsoft Office、Visual Studio、Adobe Flash Player等廣泛使用的產(chǎn)品，其中包括內(nèi)存泄露和遠(yuǎn)程代碼執(zhí)行等高危漏洞類型。

本月微軟月度更新修復(fù)的漏洞中，嚴(yán)重程度為關(guān)鍵（Critical）的漏洞共有12個(gè)，重要（Important）漏洞有118個(gè)。

這是微軟有史以來在一個(gè)月內(nèi)發(fā)布CVE數(shù)量最多的一次，其中Windows SMB 遠(yuǎn)程代碼執(zhí)行漏洞（CVE-2020-1301）與Windows SMBv3 客戶端/服務(wù)器信息泄漏漏洞（CVE-2020-1206）的PoC已公開，請(qǐng)相關(guān)用戶及時(shí)更新補(bǔ)丁進(jìn)行防護(hù)，詳細(xì)漏洞列表請(qǐng)參考附錄。

參考鏈接：

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jun

重點(diǎn)漏洞簡(jiǎn)述

根據(jù)產(chǎn)品流行度和漏洞重要性篩選出此次更新中包含影響較大的漏洞，請(qǐng)相關(guān)用戶重點(diǎn)進(jìn)行關(guān)注：

CVE-2020-1206（PoC已公開）：Windows SMBv3 客戶端/服務(wù)器信息泄漏漏洞

Microsoft Server Message Block 3.1.1 (SMBv3)協(xié)議在處理某些請(qǐng)求時(shí)存在信息泄露漏洞，未經(jīng)身份驗(yàn)證的攻擊者可通過向目標(biāo)SMB服務(wù)器發(fā)送特殊設(shè)計(jì)的數(shù)據(jù)包，或配置一個(gè)惡意的 SMBv3 服務(wù)器并誘導(dǎo)用戶連接。攻擊者利用此漏洞可獲取到敏感信息。

與SMBv3Ghost有關(guān)的內(nèi)容可參考：https://mp.weixin.qq.com/s/q3dL6YI0K-cFLbNzySabHQ

官方通告鏈接：

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1206

CVE-2020-1301（PoC已公開）：Windows SMB 遠(yuǎn)程代碼執(zhí)行漏洞

Microsoft Server Message Block 1.0 (SMBv1) 服務(wù)器在處理某些請(qǐng)求時(shí)存在遠(yuǎn)程代碼執(zhí)行漏洞，經(jīng)過身份驗(yàn)證的攻擊者向目標(biāo) SMBv1 服務(wù)器發(fā)送特殊設(shè)計(jì)的數(shù)據(jù)包，成功利用此漏洞的攻擊者可在目標(biāo)系統(tǒng)上執(zhí)行代碼。

微軟已在 2014 年棄用了 SMBv1 協(xié)議，在 Windows 10 中默認(rèn)禁用SMBv1 。檢測(cè)與禁用 SMB協(xié)議請(qǐng)參考官方文檔：https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3

官方通告鏈接：

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1301

CVE-2020-1281：Windows OLE 遠(yuǎn)程代碼執(zhí)行漏洞

由于Microsoft Windows OLE 無法正確驗(yàn)證用戶輸入，攻擊者可以誘使用戶在網(wǎng)頁(yè)或電子郵件中打開特殊設(shè)計(jì)的文件或程序，從而利用此漏洞來執(zhí)行惡意代碼。

官方通告鏈接：

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1281

CVE-2020-1300：Windows 遠(yuǎn)程執(zhí)行代碼漏洞

由于Microsoft Windows 無法正確處理 cabinet 文件，攻擊者可誘使用戶打開特殊設(shè)計(jì)的 cabinet 文件或誘騙用戶安裝偽裝成打印機(jī)驅(qū)動(dòng)程序的惡意 cabinet 文件，從而利用此漏洞執(zhí)行任意代碼。

官方通告鏈接：

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1300

CVE-2020-1181：Microsoft SharePoint Server 遠(yuǎn)程代碼執(zhí)行漏洞

由于SharePoint Server無法正確識(shí)別和篩選不安全的 ASP.NET Web 控件，經(jīng)過身份驗(yàn)證的攻擊者通過上傳一個(gè)特別制作的頁(yè)面到SharePoint服務(wù)器，可成功利用此漏洞在服務(wù)器上執(zhí)行任意代碼。

官方通告鏈接：

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1181

CVE-2020-1225/1226：Microsoft Excel 遠(yuǎn)程代碼執(zhí)行漏洞

由于Microsoft Excel無法正確處理內(nèi)存中的對(duì)象，導(dǎo)致存在遠(yuǎn)程代碼執(zhí)行漏洞。攻擊者通過誘使用戶使用受影響版本的Microsoft Excel打開經(jīng)過特殊設(shè)計(jì)的文件進(jìn)行利用。成功利用此漏洞的攻擊者可以獲得與當(dāng)前用戶相同的系統(tǒng)控制權(quán)限。

官方通告鏈接：

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1225

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1226

CVE-2020-1248：GDI 遠(yuǎn)程代碼執(zhí)行漏洞

Windows 圖形設(shè)備接口 (GDI) 在處理內(nèi)存中對(duì)象的方式中存在遠(yuǎn)程代碼執(zhí)行漏洞。攻擊者可以利用該漏洞精心制作一個(gè)惡意網(wǎng)站或惡意文件，并通過釣魚郵件等方式誘導(dǎo)用戶點(diǎn)擊鏈接或打開附件。成功利用此漏洞的攻擊者可能會(huì)控制受影響的系統(tǒng)。

官方通告鏈接：

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1248

CVE-2020-1299：LNK 遠(yuǎn)程代碼執(zhí)行漏洞

Windows 在處理 .LNK 文件時(shí)存在一個(gè)遠(yuǎn)程代碼執(zhí)行漏洞，攻擊者可能會(huì)向用戶顯示包含惡意 .LNK 文件和關(guān)聯(lián)的惡意二進(jìn)制文件的可移除驅(qū)動(dòng)器或遠(yuǎn)程共享，成功利用此漏洞的攻擊者可獲得與本地用戶相同的系統(tǒng)權(quán)限。

官方通告鏈接：

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1299

ADV200010| CVE-2020-9633: Adobe Flash Player 任意代碼執(zhí)行漏洞

此安全更新修復(fù)了 Adobe 安全公告 APSB20-30 中描述的漏洞（CVE-2020-9633），此漏洞影響Windows、MacOS、Linux和ChromeOS，成功利用該漏洞可在當(dāng)前用戶的環(huán)境中執(zhí)行任意代碼。

官方通告鏈接：

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200010

https://helpx.adobe.com/cn/security/products/flash-player/apsb20-30.html

影響范圍

以下為重點(diǎn)關(guān)注漏洞的受影響產(chǎn)品版本，其他漏洞影響產(chǎn)品范圍請(qǐng)參閱官方通告鏈接。

漏洞編號(hào)	受影響產(chǎn)品版本
CVE-2020-1206	Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
CVE-2020-1301CVE-2020-1281CVE-2020-1300	Windows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for Itanium-Based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
CVE-2020-1181	Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2010 Service Pack 2Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Server 2019
CVE-2020-1225CVE-2020-1226	Microsoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft 365 Apps for Enterprise for 64-bit SystemsMicrosoft Excel 2010 Service Pack 2 (32-bit editions)Microsoft Excel 2010 Service Pack 2 (64-bit editions)Microsoft Excel 2013 RT Service Pack 1Microsoft Excel 2013 Service Pack 1 (32-bit editions)Microsoft Excel 2013 Service Pack 1 (64-bit editions)Microsoft Excel 2016 (32-bit edition)Microsoft Excel 2016 (64-bit edition)Microsoft Office 2016 for MacMicrosoft Office 2019 for 32-bit editionsMicrosoft Office 2019 for 64-bit editionsMicrosoft Office 2019 for Mac
CVE-2020-1248	Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
CVE-2020-1299	Windows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
ADV200010 \|CVE-2020-9633	Windows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows Server 2019Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows Server 2016Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2012Windows Server 2012 R2Windows 10 Version 2004 for x64-based SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit Systems

漏洞防護(hù)

補(bǔ)丁更新

目前微軟官方已針對(duì)受支持的產(chǎn)品版本發(fā)布了修復(fù)以上漏洞的安全補(bǔ)丁，強(qiáng)烈建議受影響用戶盡快安裝補(bǔ)丁進(jìn)行防護(hù)，官方下載鏈接：

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jun

注：由于網(wǎng)絡(luò)問題、計(jì)算機(jī)環(huán)境問題等原因，Windows Update的補(bǔ)丁更新可能出現(xiàn)失敗。用戶在安裝補(bǔ)丁后，應(yīng)及時(shí)檢查補(bǔ)丁是否成功更新。

右鍵點(diǎn)擊Windows圖標(biāo)，選擇“設(shè)置(N)”，選擇“更新和安全”-“Windows更新”，查看該頁(yè)面上的提示信息，也可點(diǎn)擊“查看更新歷史記錄”查看歷史更新情況。

針對(duì)未成功安裝的更新，可點(diǎn)擊更新名稱跳轉(zhuǎn)到微軟官方下載頁(yè)面，建議用戶點(diǎn)擊該頁(yè)面上的鏈接，轉(zhuǎn)到“Microsoft更新目錄”網(wǎng)站下載獨(dú)立程序包并安裝。

亚洲xxxx视频,欧美在线观看一区二区三,一级毛片成人免费看a,免费看岛国视频在线观看,国产一区在线观看免费,欧美日韩小视频,日本精品在线

重點(diǎn)漏洞簡(jiǎn)述

影響范圍

漏洞防護(hù)