阅读: 8
综述
微软于周二发布了7月安全更新补丁,修复了124个从简单的欺骗攻击到远程代码执行的安全问题,产品涉及.NET Framework、Azure DevOps、Internet Explorer、Microsoft Edge、Microsoft Graphics Component、Microsoft JET Database Engine、Microsoft Malware Protection Engine、Microsoft Office、Microsoft Office SharePoint、Microsoft OneDrive、Microsoft Scripting Engine、Microsoft Windows、Open Source Software、Skype for Business、Visual Studio、Windows Hyper-V、Windows IIS、Windows Kernel、Windows Shell、Windows Subsystem for Linux、Windows Update Stack以及Windows WalletService。
Critical & Important漏洞概述
本次微软共修复了16个Critical级别漏洞,104 个 Important 级别漏洞,虽然本月公布的漏洞暂未发现公开利用的情况,仍强烈建议所有用户尽快安装更新:
- Windows DNS服务器远程代码执行漏洞SigRed(CVE-2020-1350)
本月修复的最严重漏洞是一个存在于Windows DNS 服务器中的可蠕虫化漏洞CVE-2020-1350(代号SigRed)。
微软官方给出的评分为 10 分(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C)。
未经身份验证的攻击者通过向受影响服务器发送精心构造的请求数据包来利用该漏洞,成功的利用可实现在目标系统上执行任意代码。
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
- Hyper-V RemoteFX vGPU 远程代码执行漏洞(CVE-2020-1041, CVE-2020-1040,CVE-2020-1032, CVE-2020-1036,CVE-2020-1042, CVE-2020-1043)
由于宿主机(Host)上的Hyper-V RemoteFX vGPU无法正确验证客户机(Guest)上经过身份验证用户的输入,存在一个远程代码执行漏洞。利用此漏洞时,攻击者可以在客户机上运行经特殊设计的应用程序,从而攻击在Hyper-V宿主机上运行的某些第三方视频驱动程序,最终实现在宿主机操作系统上执行任意代码。
官方未针对以上漏洞提供补丁程序,并就为什么禁用和删除RemoteFX而不修复漏洞进行了答复:
在2019年10月,微软宣布将停止Remote FX的开发并创建新功能。对于Windows 10 1809及更高版本以及Windows Server 2019,不再支持RemoteFX vGPU。由于这些漏洞本质上是体系结构的问题,并且该功能已在较新版本的Windows中弃用,因此Microsoft确定禁用和删除RemoteFX是更好的做法。
更多详细信息参考官方通告:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1041
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1040
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1032
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1042
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1043
- Microsoft Word(CVE-2020-1446,CVE-2020-1447,CVE-2020-1448)
由于Microsoft Word软件无法正确处理内存中的对象,存在一个远程代码执行漏洞。为了利用该漏洞,攻击者可能会通过各种方式诱导用户使用Microsoft Word软件打开特制文件。
成功利用此漏洞的攻击者可以在当前用户的上下文中执行操作。
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1448
- Microsoft Excel(CVE-2020-1240)
由于Microsoft Excel软件无法正确处理内存中的对象,存在一个远程代码执行漏洞。为了利用该漏洞,攻击者可能会通过各种方式诱导用户使用受影响的Microsoft Excel打开特制文件。
成功利用该漏洞的攻击者可以在当前用户的上下文中执行任意代码。
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1240
- Microsoft Outlook(CVE-2020-1349)
Microsoft Outlook软件中存在一个远程代码执行漏洞。成功利用此漏洞的攻击者可以使用特制文件在当前用户的上下文中执行操作。要利用此漏洞,攻击者会诱导用户使用受影响的Microsoft Outlook软件打开特制文件。
注意,预览窗格是该漏洞的攻击媒介。
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1349
- Windows LNK快捷方式文件(CVE-2020-1421)
Microsoft Windows中存在一个远程代码执行漏洞,攻击者可能向用户提供可移动驱动器或远程共享,其中包含恶意的.LNK文件和关联的恶意二进制文件。当用户在Windows资源管理器或任何其他解析.LNK文件的应用程序中打开此驱动器(或远程共享)时,恶意二进制文件将在目标系统上执行任意代码。
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1421
- 远程桌面客户端远程执行代码漏洞(CVE-2020-1374)
Windows远程桌面客户端中存在一个远程代码执行漏洞。成功的利用可以使攻击者在连接到恶意服务器的客户端计算机上执行任意代码。
为了利用此漏洞,攻击者会控制一台服务器,然后通过各种手段,比如社工、DNS 投毒等方式诱导用户去连接恶意服务器。
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1374
- Microsoft Office 权限提升漏洞(CVE-2020-1025)
Microsoft SharePoint Server和Skype for Business Server由于未正确处理OAuth令牌验证,存在一个权限提升漏洞。成功利用此漏洞的攻击者可以绕过身份验证并实现不正当访问。
要利用此漏洞,攻击者需要修改令牌。
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025
- .NET Framework,SharePoint Server和Visual Studio远程执行代码漏洞(CVE-2020-1147)
由于.NET Framework、Microsoft SharePoint和Visual Studio无法检查XML文件输入的源标记,存在一个远程代码执行漏洞。成功利用此漏洞的攻击者可以在处理反序列化XML内容的进程上下文中执行任意代码。
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
本次更新概括:
产品 | CVE 编号 | CVE 标题 | 严重程度 |
.NET Framework | CVE-2020-1147 | .NET Framework, SharePoint Server, and Visual Studio 远程代码执行漏洞 | Critical |
Microsoft Graphics Component | CVE-2020-1435 | GDI+ 远程代码执行漏洞 | Critical |
Microsoft Graphics Component | CVE-2020-1436 | Windows Font Library 远程代码执行漏洞 | Critical |
Microsoft Office | CVE-2020-1349 | Microsoft Outlook 远程代码执行漏洞 | Critical |
Microsoft Office | CVE-2020-1439 | PerformancePoint Services 远程代码执行漏洞 | Critical |
Microsoft Windows | CVE-2020-1350 | Windows DNS Server 远程代码执行漏洞 | Critical |
Microsoft Windows | CVE-2020-1421 | LNK 远程代码执行漏洞 | Critical |
Microsoft Windows | CVE-2020-1374 | Remote Desktop Client 远程代码执行漏洞 | Critical |
Microsoft Windows | CVE-2020-1410 | Windows Address Book 远程代码执行漏洞 | Critical |
Skype for Business | CVE-2020-1025 | Microsoft Office 特权提升漏洞 | Critical |
Windows Hyper-V | CVE-2020-1032 | Hyper-V RemoteFX vGPU 远程代码执行漏洞 | Critical |
Windows Hyper-V | CVE-2020-1036 | Hyper-V RemoteFX vGPU 远程代码执行漏洞 | Critical |
Windows Hyper-V | CVE-2020-1040 | Hyper-V RemoteFX vGPU 远程代码执行漏洞 | Critical |
Windows Hyper-V | CVE-2020-1041 | Hyper-V RemoteFX vGPU 远程代码执行漏洞 | Critical |
Windows Hyper-V | CVE-2020-1043 | Hyper-V RemoteFX vGPU 远程代码执行漏洞 | Critical |
Windows Hyper-V | CVE-2020-1042 | Hyper-V RemoteFX vGPU 远程代码执行漏洞 | Critical |
Azure DevOps | CVE-2020-1326 | Azure DevOps Server Cross-site Scripting Vulnerability | Important |
Microsoft Graphics Component | CVE-2020-1351 | Microsoft Graphics Component 信息泄露漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1355 | Windows Font Driver Host 远程代码执行漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1381 | Windows Graphics Component 特权提升漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1382 | Windows Graphics Component 特权提升漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1397 | Windows Imaging Component 信息泄露漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1408 | Microsoft Graphics 远程代码执行漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1409 | DirectWrite 远程代码执行漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1412 | Microsoft Graphics Components 远程代码执行漏洞 | Important |
Microsoft Graphics Component | CVE-2020-1468 | Windows GDI 信息泄露漏洞 | Important |
Microsoft JET Database Engine | CVE-2020-1400 | Jet Database Engine 远程代码执行漏洞 | Important |
Microsoft JET Database Engine | CVE-2020-1401 | Jet Database Engine 远程代码执行漏洞 | Important |
Microsoft JET Database Engine | CVE-2020-1407 | Jet Database Engine 远程代码执行漏洞 | Important |
Microsoft Malware Protection Engine | CVE-2020-1461 | Microsoft Defender 特权提升漏洞 | Important |
Microsoft Office | CVE-2020-1442 | Office Web Apps XSS Vulnerability | Important |
Microsoft Office | CVE-2020-1445 | Microsoft Office 信息泄露漏洞 | Important |
Microsoft Office | CVE-2020-1446 | Microsoft Word 远程代码执行漏洞 | Important |
Microsoft Office | CVE-2020-1447 | Microsoft Word 远程代码执行漏洞 | Important |
Microsoft Office | CVE-2020-1448 | Microsoft Word 远程代码执行漏洞 | Important |
Microsoft Office | CVE-2020-1449 | Microsoft Project 远程代码执行漏洞 | Important |
Microsoft Office | CVE-2020-1458 | Microsoft Office 远程代码执行漏洞 | Important |
Microsoft Office | CVE-2020-1240 | Microsoft Excel 远程代码执行漏洞 | Important |
Microsoft Office SharePoint | CVE-2020-1342 | Microsoft Office 信息泄露漏洞 | Important |
Microsoft Office SharePoint | CVE-2020-1456 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-1443 | Microsoft SharePoint 欺骗漏洞 | Important |
Microsoft Office SharePoint | CVE-2020-1444 | Microsoft SharePoint 远程代码执行漏洞 | Important |
Microsoft Office SharePoint | CVE-2020-1450 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-1451 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-1454 | Microsoft SharePoint Reflective XSS Vulnerability | Important |
Microsoft OneDrive | CVE-2020-1465 | Microsoft OneDrive 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1418 | Windows Diagnostics Hub 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1420 | Windows Error Reporting 信息泄露漏洞 | Important |
Microsoft Windows | CVE-2020-1422 | Windows Runtime 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1347 | Windows Storage Services 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1352 | Windows USO Core Worker 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1353 | Windows Runtime 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1354 | Windows UPnP Device Host 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1356 | Windows iSCSI Target Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1359 | Windows CNG Key Isolation Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1363 | Windows Picker Platform 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1365 | Windows Event Logging Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1366 | Windows Print Workflow Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1370 | Windows Runtime 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1371 | Windows Event Logging Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1372 | Windows Mobile Device Management Diagnostics 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1373 | Windows Network Connections Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1375 | Windows COM Server 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1384 | Windows CNG Key Isolation Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1385 | Windows Credential Picker 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1386 | Connected User Experiences and Telemetry Service 信息泄露漏洞 | Important |
Microsoft Windows | CVE-2020-1387 | Windows Push Notification Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1390 | Windows Network Connections Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1391 | Windows Agent Activation Runtime 信息泄露漏洞 | Important |
Microsoft Windows | CVE-2020-1393 | Windows Diagnostics Hub 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1394 | Windows 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1395 | Windows 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1398 | Windows Lockscreen 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1399 | Windows Runtime 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1402 | Windows ActiveX Installer Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1404 | Windows Runtime 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1405 | Windows Mobile Device Management Diagnostics 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1406 | Windows Network List Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1413 | Windows Runtime 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1427 | Windows Network Connections Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1428 | Windows Network Connections Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1429 | Windows Error Reporting Manager 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1430 | Windows UPnP Device Host 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1431 | Windows AppX Deployment Extensions 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1434 | Windows Sync Host Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1437 | Windows Network Location Awareness Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1438 | Windows Network Connections Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1463 | Windows SharedStream Library 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1249 | Windows Runtime 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1267 | Local Security Authority Subsystem Service 拒绝服务漏洞 | Important |
Microsoft Windows | CVE-2020-1333 | Group Policy Services Policy Processing 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1085 | Windows Function Discovery Service 特权提升漏洞 | Important |
Microsoft Windows | CVE-2020-1330 | Windows Mobile Device Management Diagnostics 信息泄露漏洞 | Important |
Open Source Software | CVE-2020-1469 | Bond 拒绝服务漏洞 | Important |
Visual Studio | CVE-2020-1416 | Visual Studio and Visual Studio Code 特权提升漏洞 | Important |
Visual Studio | CVE-2020-1481 | Visual Studio Code ESLint Extention 远程代码执行漏洞 | Important |
Windows IIS | ADV200008 | Microsoft Guidance for Enabling Request Smuggling Filter on IIS Servers | Important |
Windows Kernel | CVE-2020-1336 | Windows Kernel 特权提升漏洞 | Important |
Windows Kernel | CVE-2020-1419 | Windows Kernel 信息泄露漏洞 | Important |
Windows Kernel | CVE-2020-1357 | Windows System Events Broker 特权提升漏洞 | Important |
Windows Kernel | CVE-2020-1358 | Windows Resource Policy 信息泄露漏洞 | Important |
Windows Kernel | CVE-2020-1367 | Windows Kernel 信息泄露漏洞 | Important |
Windows Kernel | CVE-2020-1388 | Windows 特权提升漏洞 | Important |
Windows Kernel | CVE-2020-1389 | Windows Kernel 信息泄露漏洞 | Important |
Windows Kernel | CVE-2020-1396 | Windows ALPC 特权提升漏洞 | Important |
Windows Kernel | CVE-2020-1411 | Windows Kernel 特权提升漏洞 | Important |
Windows Kernel | CVE-2020-1426 | Windows Kernel 信息泄露漏洞 | Important |
Windows Shell | CVE-2020-1360 | Windows Profile Service 特权提升漏洞 | Important |
Windows Shell | CVE-2020-1368 | Windows Credential Enrollment Manager Service 特权提升漏洞 | Important |
Windows Shell | CVE-2020-1414 | Windows Runtime 特权提升漏洞 | Important |
Windows Shell | CVE-2020-1415 | Windows Runtime 特权提升漏洞 | Important |
Windows Subsystem for Linux | CVE-2020-1423 | Windows Subsystem for Linux 特权提升漏洞 | Important |
Windows Update Stack | CVE-2020-1424 | Windows Update Stack 特权提升漏洞 | Important |
Windows Update Stack | CVE-2020-1346 | Windows Modules Installer 特权提升漏洞 | Important |
Windows Update Stack | CVE-2020-1392 | Windows 特权提升漏洞 | Important |
Windows WalletService | CVE-2020-1344 | Windows WalletService 特权提升漏洞 | Important |
Windows WalletService | CVE-2020-1361 | Windows WalletService 信息泄露漏洞 | Important |
Windows WalletService | CVE-2020-1362 | Windows WalletService 特权提升漏洞 | Important |
Windows WalletService | CVE-2020-1364 | Windows WalletService 拒绝服务漏洞 | Important |
Windows WalletService | CVE-2020-1369 | Windows WalletService 特权提升漏洞 | Important |
Internet Explorer | CVE-2020-1432 | Skype for Business via Internet Explorer 信息泄露漏洞 | Low |
Microsoft Edge | CVE-2020-1433 | Microsoft Edge PDF 信息泄露漏洞 | Low |
Microsoft Edge | CVE-2020-1462 | Skype for Business via Microsoft Edge (EdgeHTML-based) 信息泄露漏洞 | Low |
Microsoft Scripting Engine | CVE-2020-1403 | VBScript 远程代码执行漏洞 | Moderate |
修复建议
微软官方已经发布更新补丁,请及时进行补丁更新。