Выпущены обновления безопасности Microsoft за март 2019

Компания Microsoft выпустила обновления безопасности для следующих продуктов: Windows, Windows Server, Microsoft Edge, Internet Explorer, Office, SharePoint Server, Visual Studio, Team Foundation Server, .NET Core SDK, NuGet, Mono Framework, Chakra Core и Adobe Flash Player.

Сводная информация по количеству и типу уязвимостей в соответствующих продуктах приведена на графике ниже:

Сводная информация по количеству и типу уязвимостей закрытых обновлениями безопасности в марте

Информация об уровне критичности, потенциальном ущербе и соответствующих обновлениях, закрывающих данные уязвимости, представлена в таблице ниже:

Product Family Maximum Severity Maximum Impact Associated KB Articles and/or Support Webpages
Windows 10 v1809, v1803, v1709, v1703, v1607, Windows 10 for 32-bit Systems, and Windows 10 for x64-based Systems (not including Edge) Critical Remote Code Execution Windows 10 v1809 Security Update: 4489899

Windows 10 v1803 Security Update: 4489868

Windows 10 v1709 Security Update: 4489886

Windows 10 v1703 Security Update: 4489871

Windows 10 v1607 Security Update: 4489882

Windows 10 Security Update: 4489872

Windows Server 2019, Windows Server 2016, and Server Core installations (2019, 2016, v1803, and v1709) Critical Remote Code Execution Windows Server 2019 Security Update: 4489899

Windows Server 2016 Security Update: 4489882

Windows Server, version 1803 Security Update: 4489868

Windows Server, version 1709 Security Update: 4489886

Windows 8.1 , Windows Server 2012 R2, Windows Server 2012, Windows 7, Windows Server 2008 R2, and Windows Server 2008 Critical Remote Code Execution Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 Monthly Rollup: 4489881

Windows 8.1 and Windows Server 2012 R2 Security Only: 4489883

Windows Server 2012 Security Only: 4489884

Windows Server 2012 Monthly Rollup: 4489891

Windows 7 and Windows Server 2008 R2 Monthly Rollup: 4489878

Windows 7 and Windows Server 2008 R2 Security Only: 4489885

Windows 7 and Windows Server 2008 R2 Security Update: 4474419

Windows Server 2008 Monthly Rollup: 4489880

Windows Server 2008 Security Only: 4489876

Microsoft Edge Critical Remote Code Execution Microsoft Edge on Windows 10 v1809 and Microsoft Edge on Windows Server 2019 Security Update: 4489899

Microsoft Edge on Windows 10 v1803 Security Update: 4489868

Microsoft Edge on Windows 10 v1709 Security Update: 4489886

Microsoft Edge on Windows 10 v1703 Security Update: 4489871

Microsoft Edge on Windows Server 2016 and Microsoft Edge on Windows 10 v1607 Security Update: 4489882

Microsoft Edge on Windows 10 Security Update: 4489872

Internet Explorer Critical Remote Code Execution Internet Explorer 11 on Windows 10 v1809 and Internet Explorer 11 on Windows Server 2019 Security Update: 4489899

Internet Explorer 11 on Windows 10 v1803 Security Update: 4489868

Internet Explorer 11 on Windows 10 v1709 Security Update: 4489886

Internet Explorer 11 on Windows 10 v1703 Security Update: 4489871

Internet Explorer 11 on Windows Server 2016 and Internet Explorer 11 on Windows 10 v1607 Security Update: 4489882

Internet Explorer 11 on Windows 10 Security Update: 4489872

Internet Explorer 9 on Windows Server 2008, Internet Explorer 11 on Windows 7, Internet Explorer 11 on Windows Server 2008 R2, Internet Explorer 11 on Windows 8.1, Internet Explorer 11 on Windows Server 2012 R2, and Internet Explorer 10 on Windows Server 2012 IE Cumulative: 4489873

Internet Explorer 10 on Windows Server 2012 Monthly Rollup: 4489891

Internet Explorer 11 on Windows 7 and Internet Explorer 11 on Windows Server 2008 R2 Monthly Rollup: 4489878

Internet Explorer 9 on Windows Server 2008 Monthly Rollup: 4489880

Microsoft Office-related software (including SharePoint) Important Remote Code Execution Microsoft Lync Server 2013 July 2018 Update: 2809243
Microsoft Office 2010 Service Pack 2 (64-bit editions): 4462226
Microsoft Office 2010 Service Pack 2 (32-bit editions): 4462226Microsoft SharePoint Enterprise Server 2016: 4462211
Microsoft SharePoint Foundation 2013: 4462208
.NET Core SDK, NuGet, and Mono Framework Important Tampering Microsoft .NET and .NET Core downloads: https://dotnet.microsoft.com/download
Visual Studio Important Remote Code Execution Microsoft Visual Studio downloads https://visualstudio.microsoft.com/downloads/
ChakraCore Critical Remote Code Execution ChakraCore is the core part of Chakra, the high-performance JavaScript engine that powers Microsoft Edge and Windows applications written in HTML/CSS/JS. More information is available at https://github.com/Microsoft/ChakraCore/wiki and https://github.com/Microsoft/ChakraCore/releases/
Adobe Flash Player Low Defense in Depth Adobe Flash Player Security Update: 4489907
Adobe Flash Player Advisory: ADV190008
Team Foundation Server Low Spoofing Team Foundation Server is now called Azure DevOps Server. Find more information on Azure DevOps Server here: https://docs.microsoft.com/en-us/azure/devops/server/?view=azure-devops

Обратите внимание

На следующие уязвимости и обновления безопасности следует обратить особое внимание:

Windows/Windows Server

CVE-2019-0726 – Windows DHCP Client Remote Code Execution Vulnerability

CVE-2019-0797 – Win32k Elevation of Privilege Vulnerability (Exploitation Detected!)

CVE-2019-0808 – Win32k Elevation of Privilege Vulnerability (Exploitation Detected!)

CVE-2019-0754 – Windows Denial of Service Vulnerability (Publicly Disclosed!)

Microsoft Edge/Internet Explorer

CVE-2019-0667 – Windows VBScript Engine Remote Code Execution Vulnerability

CVE-2019-0609 – Scripting Engine Memory Corruption Vulnerability

Microsoft Office

CVE-2019-0748 – Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

Microsoft SharePoint

CVE-2019-0778 – Microsoft Office SharePoint XSS Vulnerability

.NET Core

CVE-2019-0757 – NuGet Package Manager Tampering Vulnerability (Publicly Disclosed!)

Microsoft Visual Studio

CVE-2019-0809 – Visual Studio Remote Code Execution Vulnerability (Publicly Disclosed!)

Microsoft Active Directory

CVE-2019-0683 – Active Directory Elevation of Privilege Vulnerability (Publicly Disclosed!)

Рекомендации по безопасности

В январе были выпущены следующие рекомендательные документы:

ADV190010 – Best Practices Regarding Sharing of a Single User Account Across Multiple Users

Microsoft strongly recommends customers avoid the use of a ‘common’ or ‘shared’ Windows logon account. A single user account should never be shared amongst different users. This is especially true when users are logging into the same physical machine. Customers who have solutions designed this way are encouraged to engage their solution vendors for assistance in configuring their product to support independent user accounts.

ADV190009 – SHA-2 Code Sign Support Advisory

Microsoft is announcing the release of SHA-2 code sign support for Windows 7 SP1, and Windows Server 2008 R2 SP1.

ADV190008 – March 2019 Adobe Flash Security Update

This security update addresses minor security fixes, which are described in Adobe Security Bulletin APSB19-12.

Были дополнены и обновлены следующие рекомендательные документы:

ADV990001 – Latest Servicing Stack Updates

March 2019 SSU for Windows 7/Server 2008 R2.

Дополнительная информация

Для вашего удобства предлагаю загрузить сводную таблицу в формате Microsoft Excel, которая содержит всю информацию о данном выпуске бюллетеней безопасности Microsoft с возможностью фильтрации и поиска по всевозможным параметрам.

Вы также можете посмотреть запись нашего ежемесячного вебинара «Брифинг по безопасности», посвященного подробному разбору текущего выпуска обновлений и бюллетеней безопасности компании Microsoft.

Самую полную и актуальную информацию об уязвимостях и обновлениях безопасности вы можете найти на нашем портале Security Update Guide.

Артём Синицын,

руководитель программ информационной безопасности, Microsoft

@ArtyomSinitsyn

Tags: , ,

Связанные посты