久久久综合色_多個(gè)產(chǎn)品高危漏洞！微軟發(fā)布6月安全更新

北京時(shí)間6月10日，微軟發(fā)布6月安全更新補丁，修復了130個(gè)安全問(wèn)題，涉及Microsoft Windows、Internet Explorer、Microsoft Edge、Windows Defender、Microsoft Office、Visual Studio、Adobe Flash Player等廣泛使用的產(chǎn)品，其中包括內存泄露和遠程代碼執行等高危漏洞類(lèi)型。

本月微軟月度更新修復的漏洞中，嚴重程度為關(guān)鍵（Critical）的漏洞共有12個(gè)，重要（Important）漏洞有118個(gè)。

這是微軟有史以來(lái)在一個(gè)月內發(fā)布CVE數量最多的一次，其中Windows SMB 遠程代碼執行漏洞（CVE-2020-1301）與Windows SMBv3 客戶(hù)端/服務(wù)器信息泄漏漏洞（CVE-2020-1206）的PoC已公開(kāi)，請相關(guān)用戶(hù)及時(shí)更新補丁進(jìn)行防護，詳細漏洞列表請參考附錄。

參考鏈接：

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jun

重點(diǎn)漏洞簡(jiǎn)述

根據產(chǎn)品流行度和漏洞重要性篩選出此次更新中包含影響較大的漏洞，請相關(guān)用戶(hù)重點(diǎn)進(jìn)行關(guān)注：

CVE-2020-1206（PoC已公開(kāi)）：Windows SMBv3 客戶(hù)端/服務(wù)器信息泄漏漏洞

Microsoft Server Message Block 3.1.1 (SMBv3)協(xié)議在處理某些請求時(shí)存在信息泄露漏洞，未經(jīng)身份驗證的攻擊者可通過(guò)向目標SMB服務(wù)器發(fā)送特殊設計的數據包，或配置一個(gè)惡意的 SMBv3 服務(wù)器并誘導用戶(hù)連接。攻擊者利用此漏洞可獲取到敏感信息。

與SMBv3Ghost有關(guān)的內容可參考：https://mp.weixin.qq.com/s/q3dL6YI0K-cFLbNzySabHQ

官方通告鏈接：

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1206

CVE-2020-1301（PoC已公開(kāi)）：Windows SMB 遠程代碼執行漏洞

Microsoft Server Message Block 1.0 (SMBv1) 服務(wù)器在處理某些請求時(shí)存在遠程代碼執行漏洞，經(jīng)過(guò)身份驗證的攻擊者向目標 SMBv1 服務(wù)器發(fā)送特殊設計的數據包，成功利用此漏洞的攻擊者可在目標系統上執行代碼。

微軟已在 2014 年棄用了 SMBv1 協(xié)議，在 Windows 10 中默認禁用SMBv1 。檢測與禁用 SMB協(xié)議請參考官方文檔：https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3

官方通告鏈接：

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1301

CVE-2020-1281：Windows OLE 遠程代碼執行漏洞

由于Microsoft Windows OLE 無(wú)法正確驗證用戶(hù)輸入，攻擊者可以誘使用戶(hù)在網(wǎng)頁(yè)或電子郵件中打開(kāi)特殊設計的文件或程序，從而利用此漏洞來(lái)執行惡意代碼。

官方通告鏈接：

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1281

CVE-2020-1300：Windows 遠程執行代碼漏洞

由于Microsoft Windows 無(wú)法正確處理 cabinet 文件，攻擊者可誘使用戶(hù)打開(kāi)特殊設計的 cabinet 文件或誘騙用戶(hù)安裝偽裝成打印機驅動(dòng)程序的惡意 cabinet 文件，從而利用此漏洞執行任意代碼。

官方通告鏈接：

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1300

CVE-2020-1181：Microsoft SharePoint Server 遠程代碼執行漏洞

由于SharePoint Server無(wú)法正確識別和篩選不安全的 ASP.NET Web 控件，經(jīng)過(guò)身份驗證的攻擊者通過(guò)上傳一個(gè)特別制作的頁(yè)面到SharePoint服務(wù)器，可成功利用此漏洞在服務(wù)器上執行任意代碼。

官方通告鏈接：

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1181

CVE-2020-1225/1226：Microsoft Excel 遠程代碼執行漏洞

由于Microsoft Excel無(wú)法正確處理內存中的對象，導致存在遠程代碼執行漏洞。攻擊者通過(guò)誘使用戶(hù)使用受影響版本的Microsoft Excel打開(kāi)經(jīng)過(guò)特殊設計的文件進(jìn)行利用。成功利用此漏洞的攻擊者可以獲得與當前用戶(hù)相同的系統控制權限。

官方通告鏈接：

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1225

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1226

CVE-2020-1248：GDI 遠程代碼執行漏洞

Windows 圖形設備接口 (GDI) 在處理內存中對象的方式中存在遠程代碼執行漏洞。攻擊者可以利用該漏洞精心制作一個(gè)惡意網(wǎng)站或惡意文件，并通過(guò)釣魚(yú)郵件等方式誘導用戶(hù)點(diǎn)擊鏈接或打開(kāi)附件。成功利用此漏洞的攻擊者可能會(huì )控制受影響的系統。

官方通告鏈接：

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1248

CVE-2020-1299：LNK 遠程代碼執行漏洞

Windows 在處理 .LNK 文件時(shí)存在一個(gè)遠程代碼執行漏洞，攻擊者可能會(huì )向用戶(hù)顯示包含惡意 .LNK 文件和關(guān)聯(lián)的惡意二進(jìn)制文件的可移除驅動(dòng)器或遠程共享，成功利用此漏洞的攻擊者可獲得與本地用戶(hù)相同的系統權限。

官方通告鏈接：

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1299

ADV200010| CVE-2020-9633: Adobe Flash Player 任意代碼執行漏洞

此安全更新修復了 Adobe 安全公告 APSB20-30 中描述的漏洞（CVE-2020-9633），此漏洞影響Windows、MacOS、Linux和ChromeOS，成功利用該漏洞可在當前用戶(hù)的環(huán)境中執行任意代碼。

官方通告鏈接：

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200010

https://helpx.adobe.com/cn/security/products/flash-player/apsb20-30.html

影響范圍

以下為重點(diǎn)關(guān)注漏洞的受影響產(chǎn)品版本，其他漏洞影響產(chǎn)品范圍請參閱官方通告鏈接。

漏洞編號	受影響產(chǎn)品版本
CVE-2020-1206	Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
CVE-2020-1301CVE-2020-1281CVE-2020-1300	Windows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for Itanium-Based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
CVE-2020-1181	Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2010 Service Pack 2Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Server 2019
CVE-2020-1225CVE-2020-1226	Microsoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft 365 Apps for Enterprise for 64-bit SystemsMicrosoft Excel 2010 Service Pack 2 (32-bit editions)Microsoft Excel 2010 Service Pack 2 (64-bit editions)Microsoft Excel 2013 RT Service Pack 1Microsoft Excel 2013 Service Pack 1 (32-bit editions)Microsoft Excel 2013 Service Pack 1 (64-bit editions)Microsoft Excel 2016 (32-bit edition)Microsoft Excel 2016 (64-bit edition)Microsoft Office 2016 for MacMicrosoft Office 2019 for 32-bit editionsMicrosoft Office 2019 for 64-bit editionsMicrosoft Office 2019 for Mac
CVE-2020-1248	Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
CVE-2020-1299	Windows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
ADV200010 \|CVE-2020-9633	Windows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows Server 2019Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows Server 2016Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2012Windows Server 2012 R2Windows 10 Version 2004 for x64-based SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit Systems

漏洞防護

補丁更新

目前微軟官方已針對受支持的產(chǎn)品版本發(fā)布了修復以上漏洞的安全補丁，強烈建議受影響用戶(hù)盡快安裝補丁進(jìn)行防護，官方下載鏈接：

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jun

注：由于網(wǎng)絡(luò )問(wèn)題、計算機環(huán)境問(wèn)題等原因，Windows Update的補丁更新可能出現失敗。用戶(hù)在安裝補丁后，應及時(shí)檢查補丁是否成功更新。

右鍵點(diǎn)擊Windows圖標，選擇“設置(N)”，選擇“更新和安全”-“Windows更新”，查看該頁(yè)面上的提示信息，也可點(diǎn)擊“查看更新歷史記錄”查看歷史更新情況。

針對未成功安裝的更新，可點(diǎn)擊更新名稱(chēng)跳轉到微軟官方下載頁(yè)面，建議用戶(hù)點(diǎn)擊該頁(yè)面上的鏈接，轉到“Microsoft更新目錄”網(wǎng)站下載獨立程序包并安裝。

特级一级毛片视频免费观看,成人影片亚区免费无码,免费国产污网站在线观看不要卡,国产69精品久久久久妇女,色综合久久中文字幕综合网

重點(diǎn)漏洞簡(jiǎn)述

影響范圍

漏洞防護