1. 首页>
  2. 腾讯云代理

【安全预警】关于微软2019年1月安全补丁更新说明

腾讯云 2019年03月13日 浏览99

腾讯云代理 腾讯云直播申请 游戏上云

摘要:

尊敬的腾讯云客户,您好: 

  近日,腾讯云安全中心监测到微软发布了 2019 年 1 月安全补丁更新,共披露了 49 个安全漏洞,其中包含 7 个严重漏洞,攻击者可利用漏洞实施远程代码执行等攻击。
       为避免您的业务受影响,腾讯云安全中心建议您及时开展安全自查,如在受影响范围,请您及时进行更新修复,避免被外部攻击者入侵。
 
【漏洞详情】
严重漏洞(7个):
CVE-2019-0550 - Windows Hyper-V remote code execution vulnerability
CVE-2019-0551 - Windows Hyper-V remote code execution vulnerability 
CVE-2019-0539 - Chakra Scripting Engine memory corruption vulnerability
CVE-2019-0567 - Chakra Scripting Engine memory corruption vulnerability
CVE-2019-0568 - Chakra Scripting Engine memory corruption vulnerability
CVE-2019-0547 - Windows DHCP client memory corruption vulnerability 
CVE-2019-0565 - Microsoft Edge memory corruption vulnerability 
重要漏洞(41个)
CVE-2019-0555 - Microsoft XmlDocument escalation of privilege vulnerability 
CVE-2019-0572 - Windows Data Sharing elevation of privilege vulnerability
CVE-2019-0573 - Windows Data Sharing elevation of privilege vulnerability
CVE-2019-0574 - Windows Data Sharing elevation of privilege vulnerability 
CVE-2019-0536 - Windows kernel information disclosure vulnerability 
CVE-2019-0537 - Visual Studio information disclosure vulnerability 
CVE-2019-0538 - Windows Jet Database Engine remote code execution vulnerability 
CVE-2019-0541 - MSHTML engine remote code execution vulnerability
CVE-2019-0543 - Windows elevation of privilege vulnerability
CVE-2019-0545 - .NET Framework and .NET Core information disclosure vulnerability
CVE-2019-0548 - ASP.NET Core denial of service vulnerability
CVE-2019-0549 - Windows kernel information disclosure vulnerability
CVE-2019-0552 - Windows COM Desktop Broker elevation of privilege vulnerability
CVE-2019-0553 - Windows Subsystem for Linux information disclosure vulnerability
CVE-2019-0554 - Windows kernel information disclosure vulnerability
CVE-2019-0556 - Microsoft SharePoint Server cross-site-scripting (XSS) vulnerability
CVE-2019-0557 - Microsoft SharePoint Server cross-site-scripting (XSS) vulnerability
CVE-2019-0558 - Microsoft SharePoint Server cross-site-scripting (XSS) vulnerability
CVE-2019-0559 - Microsoft Outlook information disclosure vulnerability
CVE-2019-0560 - Microsoft Office information disclosure vulnerability
CVE-2019-0561 - Microsoft Word information disclosure vulnerability
CVE-2019-0562 - Microsoft SharePoint Server elevation of privilege vulnerability
CVE-2019-0564 - ASP.NET Core  denial of service vulnerability
CVE-2019-0566 - Microsoft Edge Browser Broker COM object elevation of privilege vulnerability
CVE-2019-0569 - Windows kernel information disclosure vulnerability
CVE-2019-0570 - Windows Runtime elevation of privilege vulnerability
CVE-2019-0571 - Windows Data Sharing Service elevation of privilege vulnerability 
CVE-2019-0575 - Windows Data Sharing Service remote code execution vulnerability
CVE-2019-0576 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0577 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0578 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0579 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0580 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0581 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0582 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0583 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0584 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0585 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0586 - Windows Jet Database Engine remote code execution vulnerability
CVE-2019-0588 - Microsoft Exchange PowerShell API information disclosure vulnerability
CVE-2019-0542 - 暂未披露详细信息
 
【风险等级】
   高风险
 
【漏洞风险】
代码执行、权限提升、安全绕过以及信息泄露
 
【影响版本】
目前已知受影响产品如下:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office
ChakraCore
.NET Framework
ASP.NET
Microsoft Exchange Server
Microsoft Visual Studio
【修复建议】
目前微软官方均已发布漏洞修复更新,腾讯云安全团队建议您:
1)不要打开来历不明的文件或者链接,避免被被攻击者利用在机器上执行恶意代码;
2)打开Windows Update更新功能,点击“检查更新”,根据业务情况开展评估,下载安装相应的安全补丁;
3)补丁更新完毕后,重启系统生效,并观察系统及业务运行状态;
您也可以直接通过微软官方链接进行下载安装,补丁下载地址:https://portal.msrc.microsoft.com/en-us/security-guidance
【备注】建议您在安装补丁前做好数据备份工作,避免出现意外。
 
【漏洞参考】


相关文章

在线客服
淘宝购买
腾讯云直播申请 title=
+成为腾讯云VIP客户 腾讯云直播申请 客服电话

15818558013

0755-33940501-803

0755-33940501-808