真情服務  厚德載物
        
              
      
              
      
              
        
               
          
           
        
              
      
              
                  		

    
  
              

              

              
  
              
    
  
              

              



              
  
              
    
 
              
  
              
    
               
      
              
          
               
             
              聯系我們
              		
          
              
        
              
        
              
          
               
            
               
                
              
                
              市場部:0564-3227239
              
技術部:0564-3227237
              
財務部: 0564-3227034
              
公司郵箱:lachs@126.com
              
技術郵箱:cc1982@163.com
              
地址:六安市淠望路103號
              
                
              
              
              		
          
              
        
              		
    
              
  
              
  
              
    
               
      
    
              
  
              
  

              
    
              
      
               
        
              
            
               
               
              技術分類
              		
            
              
          
              
          
              
            
               
              
            
              
          
              		
      
              
    
              
    
              
      
               
        
      
              
    
              
    
              
      
               
        
              
            
               
               
              推薦資訊
              		
            
              
          
              
          
              
            
               
              
            
              
          
              		
      
              
    
              
  
              

              

              

                  		
    
              
        
              
        
              
          
              
                 
                  
              當前位置:首 
                    頁 > 技術中心 
                    > 安全產品 
                    > 查看信息
              		
          
              
        
              
            
              
              
              
                
              
                    
               
                      
              多個產品高危漏洞!微軟發布6月安全更新
              		
                    
              
                    
               
                      
              作者:永辰科技  
                          來源:綠盟科技  發表時間:2020-6-29 16:42:57  
                          點擊:2990
                        
              		
                    
              
                    
               
                      
              北京時間6月10日,微軟發布6月安全更新補丁,修復了130個安全問題,涉及Microsoft Windows、Internet Explorer、Microsoft Edge、Windows Defender、Microsoft Office、Visual Studio、Adobe Flash Player等廣泛使用的產品,其中包括內存泄露和遠程代碼執行等高危漏洞類型。
               

              本月微軟月度更新修復的漏洞中,嚴重程度為關鍵(Critical)的漏洞共有12個,重要(Important)漏洞有118個。
              

              這是微軟有史以來在一個月內發布CVE數量最多的一次,其中Windows SMB 遠程代碼執行漏洞(CVE-2020-1301)與Windows SMBv3 客戶端/服務器信息泄漏漏洞(CVE-2020-1206)的PoC已公開,請相關用戶及時更新補丁進行防護,詳細漏洞列表請參考附錄。
              

              參考鏈接:
              

              https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jun
              

              重點漏洞簡述
              

              根據產品流行度和漏洞重要性篩選出此次更新中包含影響較大的漏洞,請相關用戶重點進行關注:
              

                

              • CVE-2020-1206(PoC已公開):Windows SMBv3 客戶端/服務器信息泄漏漏洞
              

              Microsoft Server Message Block 3.1.1 (SMBv3)協議在處理某些請求時存在信息泄露漏洞,未經身份驗證的攻擊者可通過向目標SMB服務器發送特殊設計的數據包,或配置一個惡意的 SMBv3 服務器并誘導用戶連接。攻擊者利用此漏洞可獲取到敏感信息。
              

              與SMBv3Ghost有關的內容可參考:https://mp.weixin.qq.com/s/q3dL6YI0K-cFLbNzySabHQ
              

              官方通告鏈接:
              

              https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1206
              

                

              • CVE-2020-1301(PoC已公開):Windows SMB 遠程代碼執行漏洞
              

              Microsoft Server Message Block 1.0 (SMBv1) 服務器在處理某些請求時存在遠程代碼執行漏洞,經過身份驗證的攻擊者向目標 SMBv1 服務器發送特殊設計的數據包,成功利用此漏洞的攻擊者可在目標系統上執行代碼。
              

              微軟已在 2014 年棄用了 SMBv1 協議,在 Windows 10 中 默認禁用SMBv1 。檢測與禁用 SMB協議請參考官方文檔:https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3
              

              官方通告鏈接:
              

              https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1301
              

                

              • CVE-2020-1281:Windows OLE 遠程代碼執行漏洞
              

              由于Microsoft Windows OLE 無法正確驗證用戶輸入,攻擊者可以誘使用戶在網頁或電子郵件中打開特殊設計的文件或程序,從而利用此漏洞來執行惡意代碼。
              

              官方通告鏈接:
              

              https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1281
              

                

              • CVE-2020-1300:Windows 遠程執行代碼漏洞
              

              由于Microsoft Windows 無法正確處理 cabinet 文件,攻擊者可誘使用戶打開特殊設計的 cabinet 文件或誘騙用戶安裝偽裝成打印機驅動程序的惡意 cabinet 文件,從而利用此漏洞執行任意代碼。
              

              官方通告鏈接:
              

              https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1300
              

                

              • CVE-2020-1181:Microsoft SharePoint Server 遠程代碼執行漏洞
              

              由于SharePoint Server無法正確識別和篩選不安全的 ASP.NET Web 控件,經過身份驗證的攻擊者通過上傳一個特別制作的頁面到SharePoint服務器,可成功利用此漏洞在服務器上執行任意代碼。
              

              官方通告鏈接:
              

              https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1181
              

                

              • CVE-2020-1225/1226:Microsoft Excel 遠程代碼執行漏洞
              

              由于Microsoft Excel無法正確處理內存中的對象,導致存在遠程代碼執行漏洞。攻擊者通過誘使用戶使用受影響版本的Microsoft Excel打開經過特殊設計的文件進行利用。成功利用此漏洞的攻擊者可以獲得與當前用戶相同的系統控制權限。
              

              官方通告鏈接:
              

              https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1225
              

              https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1226
              

                

              • CVE-2020-1248:GDI 遠程代碼執行漏洞
              

              Windows 圖形設備接口 (GDI) 在處理內存中對象的方式中存在遠程代碼執行漏洞。攻擊者可以利用該漏洞精心制作一個惡意網站或惡意文件,并通過釣魚郵件等方式誘導用戶點擊鏈接或打開附件。成功利用此漏洞的攻擊者可能會控制受影響的系統。
              

              官方通告鏈接:
              

              https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1248
              

                

              • CVE-2020-1299:LNK 遠程代碼執行漏洞
              

              Windows 在處理 .LNK 文件時存在一個遠程代碼執行漏洞,攻擊者可能會向用戶顯示包含惡意 .LNK 文件和關聯的惡意二進制文件的可移除驅動器或遠程共享,成功利用此漏洞的攻擊者可獲得與本地用戶相同的系統權限。
              

              官方通告鏈接:
              

              https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1299
              

                

              • ADV200010| CVE-2020-9633: Adobe Flash Player 任意代碼執行漏洞
              

              此安全更新修復了 Adobe 安全公告 APSB20-30 中描述的漏洞(CVE-2020-9633),此漏洞影響Windows、MacOS、Linux和ChromeOS,成功利用該漏洞可在當前用戶的環境中執行任意代碼。
              

              官方通告鏈接:
              

              https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200010
              

              https://helpx.adobe.com/cn/security/products/flash-player/apsb20-30.html
              

              影響范圍
              

              以下為重點關注漏洞的受影響產品版本,其他漏洞影響產品范圍請參閱官方通告鏈接。
              

              


              
漏洞編號
受影響產品版本
              

              
CVE-2020-1206
Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
              

              
CVE-2020-1301CVE-2020-1281CVE-2020-1300
Windows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for Itanium-Based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016  (Server Core installation)Windows Server 2019Windows Server 2019  (Server Core installation)Windows Server, version 1803  (Server Core Installation)Windows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
              

              
CVE-2020-1181
Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2010 Service Pack 2Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Server 2019
              

              
CVE-2020-1225CVE-2020-1226
Microsoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft 365 Apps for Enterprise for 64-bit SystemsMicrosoft Excel 2010 Service Pack 2 (32-bit editions)Microsoft Excel 2010 Service Pack 2 (64-bit editions)Microsoft Excel 2013 RT Service Pack 1Microsoft Excel 2013 Service Pack 1 (32-bit editions)Microsoft Excel 2013 Service Pack 1 (64-bit editions)Microsoft Excel 2016 (32-bit edition)Microsoft Excel 2016 (64-bit edition)Microsoft Office 2016 for MacMicrosoft Office 2019 for 32-bit editionsMicrosoft Office 2019 for 64-bit editionsMicrosoft Office 2019 for Mac
              

              
CVE-2020-1248
Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
              

              
CVE-2020-1299
Windows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016  (Server Core installation)Windows Server 2019Windows Server 2019  (Server Core installation)Windows Server, version 1803  (Server Core Installation)Windows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
              

              
ADV200010 |CVE-2020-9633
Windows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows Server 2019Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows Server 2016Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2012Windows Server 2012 R2Windows 10 Version 2004 for x64-based SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit Systems
              

              漏洞防護
              

              補丁更新
              

              目前微軟官方已針對受支持的產品版本發布了修復以上漏洞的安全補丁,強烈建議受影響用戶盡快安裝補丁進行防護,官方下載鏈接:
              

              https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jun
              

              注:由于網絡問題、計算機環境問題等原因,Windows Update的補丁更新可能出現失敗。用戶在安裝補丁后,應及時檢查補丁是否成功更新。
              

              右鍵點擊Windows圖標,選擇“設置(N)”,選擇“更新和安全”-“Windows更新”,查看該頁面上的提示信息,也可點擊“查看更新歷史記錄”查看歷史更新情況。
              

              針對未成功安裝的更新,可點擊更新名稱跳轉到微軟官方下載頁面,建議用戶點擊該頁面上的鏈接,轉到“Microsoft更新目錄”網站下載獨立程序包并安裝。
              		
                    
              
                    
               
                       
                    
              
                    
               
                       
                    
              
                    
               
                      
              
                          
               
                            
                            
                          
              
                        
              		
                    
              
                    
               
                      
              		
                    
              
                  
              		
              
              
            
              
                        		
      
              
    
              
      
              
        
               
          
        
              
      
              		
  
              

              

              
  
               
    
              
      
               
          
         
        
              
      
              
      
              
        
               
          
              合作伙伴 
            
              		
          華為 | 微軟中國 | 聯想集團 | IBM | 蘋果電腦 | 浪潮集團 | 惠普中國 | 深信服 | 愛數軟件
        
              
             
              
      
              
        
               
          六安市永辰科技有限公司
版權所有 © Copyright 2010-2021 All Rights 
              六安市淠望路103號
         最佳瀏覽效果 IE8或以上瀏覽器
		  
              皖公網安備34150102000370號
              
    
               
            訪問量:3470559
               皖ICP備11014188號-1              		
        
              
      
              		
  
              
  
              




              
  
              
  

              








亚洲欧洲精品在线|
亚洲va在线va天堂va手机|
亚洲AV成人一区二区三区AV|
亚洲另类无码一区二区三区|
精品无码一区二区三区亚洲桃色|
国产偷国产偷亚洲清高动态图|
亚洲精品无码成人|
亚洲午夜精品久久久久久人妖|
激情97综合亚洲色婷婷五|
亚洲男人av香蕉爽爽爽爽|
亚洲乱码一区二区三区国产精品|
亚洲精品无码久久久久久久|
亚洲精品自产拍在线观看动漫|
亚洲精品天天影视综合网|
亚洲AV人无码综合在线观看|
国产亚洲福利精品一区|
亚洲精品美女久久久久99|
亚洲日韩精品A∨片无码|
亚洲人成在线播放网站|
国产亚洲综合一区柠檬导航|
精品亚洲永久免费精品|
亚洲AV无码一区东京热|
亚洲国产一区国产亚洲|
久久精品九九亚洲精品|
91亚洲一区二区在线观看不卡|
91亚洲导航深夜福利|
亚洲图片激情小说|
亚洲第一区二区快射影院|
一本色道久久88—综合亚洲精品|
天堂亚洲国产中文在线|
亚洲精品无码一区二区|
色偷偷尼玛图亚洲综合|
亚洲国产精品毛片av不卡在线
|
亚洲国产成a人v在线观看|
亚洲制服丝袜中文字幕|
亚洲熟妇AV一区二区三区浪潮|
亚洲av日韩综合一区久热|
亚洲另类少妇17p|
国产成人亚洲综合色影视|
久久亚洲日韩精品一区二区三区|
亚洲欧洲日韩不卡|