΢Èí |5Ô¶à¸ö°²È«·ì϶¹«¸æ

°ä²¼¹¦·ò 2020-05-13

0x00 ·ì϶¸ÅÊö


²úÆ·

CVE ID

Àà ÐÍ

·ì϶µÈ¼¶

Ô¶³ÌÀûÓÃ

Microsoft SharePoint

CVE-2020-1023

RCE

ÊÇ

CVE-2020-1024

RCE

ÊÇ

CVE-2020-1102

RCE

ÊÇ

Windows

CVE-2020-1067

RCE

ÊÇ

Internet Explorer

CVE-2020-1064

RCE

ÊÇ

Microsoft Edge

CVE-2020-1096

RCE

ÊÇ

Windows

CVE-2020-1051

RCE

ÊÇ

CVE-2020-1174

RCE

ÊÇ

CVE-2020-1175

RCE

ÊÇ

CVE-2020-1176

RCE

ÊÇ


0x01 ·ì϶ÏêÇé


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


΢ÈíÓÚÖܶþ°ä²¼ÁË5Ô°²È«¸üв¹¶¡£¬½¨¸´ÁË´ÓEdgeµ½WindowsÒÔ¼°´ÓVisual Studioµ½.NET FrameworkµÄ12ÖÖ·ÖÆç²úÆ·µÄ111¸ö·ì϶¡£ÆäÖÐÓÐ10¸ö·ì϶ӰÏì½Ï´ó£¬¾ßÌåÈçÏ£º

CVE-2020-1023/CVE-2020-1024/CVE-2020-1102ÊÇMicrosoft SharePointÔ¶³Ì´úÂëÖ´Ðзì϶¡£µ±Èí¼þÎÞ·¨²é³­ÀûÓ÷¨Ê½°üµÄÔ´ÏóÕ÷ʱ£¬Microsoft SharePoinÈí¼þÖдæÔÚÔ¶³ÌÖ´ÐдúÂë·ì϶¡£³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷ÕßÄܹ»ÔÚ SharePointÀûÓ÷¨Ê½³ØºÍSharePoint·þÎñÆ÷³¡ÕÊ»§µÄ¸ßµÍÎÄÖÐÔËÐÐËÁÒâ´úÂë¡£¹¥»÷Õß±ØÐëÓÕʹÓû§½«¾­ÌØÊâÉè¼ÆµÄSharePointÀûÓ÷¨Ê½°üÉÏ´«µ½ÊÜÓ°Ïì°æ±¾µÄ SharePoint£¬ÄÜÁ¦ÀûÓô˷ì϶¡£

CVE-2020-1067ÊÇWindowsÔ¶³ÌÖ´ÐдúÂë·ì϶¡£Windows´¦ÖÃÄÚ´æÖжÔÏóµÄ·½Ê½ÖдæÔÚÔ¶³ÌÖ´ÐдúÂë·ì϶¡£³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷ÕßÄܹ»Ê¹ÓÃÌáÉýµÄÌØȨÔÚÖ¸±êϵͳÉÏÖ´ÐÐËÁÒâ´úÂë¡£ÈôÒªÀûÓô˷ì϶£¬ÓµÓÐÓòÓû§ÕÊ»§µÄ¹¥»÷ÕßÄܹ»´´½¨¾­ÌØÊâÉè¼ÆµÄÒªÇ󣬴ӶøʹWindowsÀûÓÃÌáÉýµÄÌØȨִÐÐËÁÒâ´úÂë¡£

CVE-2020-1064ÊÇMSHTMLÒýÇæÔ¶³ÌÖ´ÐдúÂë·ì϶¡£MSHTML ÒýÇæ²»ÕýÈ·µØÑéÖ¤ÊäÈëµÄ·½Ê½ÖдæÔÚÔ¶³ÌÖ´ÐдúÂë·ì϶¡£¹¥»÷ÕßÄܹ»ÔÚµ±Ç°Óû§µÄ¸ßµÍÎÄÖÐÖ´ÐÐËÁÒâ´úÂë¡£ÈôÊǵ±Ç°Óû§Ê¹ÓÃÖÎÀíÓû§È¨Ï޵Ǽ£¬Ôò³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷ÕßÄܹ»½ÚÔìÊÜÓ°ÏìµÄϵͳ¡£¹¥»÷Õß¿ÉËæºó×°Ö÷¨Ê½£»²é¿´¡¢¸ü¸Ä»òɾ³ýÊý¾Ý£»»òÕß´´½¨Õ¼ÓÐÆëÈ«Óû§È¨ÏÞµÄÐÂÕÊ»§¡£ÔÚ HTML ±à×ë¹¥»÷Çé¾°Ï£¬¹¥»÷Õß¿ÉÄܺýŪÓû§±à×ë¾­ÌØÊâÉè¼ÆרÃÅÓÃÓÚÀûÓ÷ì϶µÄÎļþ¡£

CVE-2020-1096ÊÇMicrosoft Edge PDFÔ¶³ÌÖ´ÐдúÂë·ì϶¡£µ± Microsoft Edge PDFÔĶÁÆ÷²»ÕýÈ·µØ´¦ÖÃÄÚ´æÖеĶÔÏóʱ£¬´æÔÚÔ¶³ÌÖ´ÐдúÂë·ì϶¡£¸Ã·ì϶¿ÉÄÜÒÔÒ»ÖÖʹ¹¥»÷ÕßÄܹ»ÔÚµ±Ç°Óû§µÄ»·¾³ÖÐÖ´ÐÐËÁÒâ´úÂëµÄ·½Ê½°Ü»µÄÚ´æ¡£³É¹¦ÀûÓø÷ì϶µÄ¹¥»÷ÕßÄܹ»»ñµÃÓ뵱ǰÓû§Ò»ÑùµÄÓû§È¨ÏÞ¡£ÈôÊǵ±Ç°Óû§Ê¹ÓÃÖÎÀíÓû§È¨Ï޵Ǽ£¬ÄÇô¹¥»÷Õß±ã¿É½ÚÔìÊÜÓ°ÏìµÄϵͳ¡£¹¥»÷Õß¿ÉËæºó×°Ö÷¨Ê½£»²é¿´¡¢¸ü¸Ä»òɾ³ýÊý¾Ý£»»òÕß´´½¨Õ¼ÓÐÆëÈ«Óû§È¨ÏÞµÄÐÂÕÊ»§¡£ÈôÒªÀûÓô˷ì϶£¬ÔÚ»ùÓÚ Web µÄ¹¥»÷Çé¾°ÖУ¬¹¥»÷Õß¿ÉÄÜ»áÍйÜÒ»¸öÔ̺¬¶ñÒâ PDF ÄÚÈݵÄÍøÕ¾¡£Áí±í£¬Êܵ½·ÛËéµÄÍøÕ¾ÒÔ¼°½ÓÊÜ»òÍйÜÓû§ÌṩµÄÄÚÈݵÄÍøÕ¾¿ÉÄÜÔ̺¬¿ÉÀûÓô˷ì϶µÄ¾­ÌØÊâÉè¼ÆµÄ PDF ÄÚÈÝ¡£²»Í⣬ÔÚËùÓÐÇé¿öÏ£¬¹¥»÷Õ߶¼ÎÞ·¨Ç¿ÔìÓû§²é¿´Óɹ¥»÷Õß½ÚÔìµÄÄÚÈÝ¡£Ïà·´£¬¹¥»÷Õß±ØÐëÓÕʹÓû§Ö´ÐвÙ×÷¡£ÀýÈ磬¹¥»÷Õß¿ÉÄܺýŪÓû§µ¥»÷Ö¸Ïò¹¥»÷ÕßÍøÕ¾µÄÁ´½Ó¡£

CVE-2020-1051/CVE-2020-1174/CVE-2020-1175/CVE-2020-1176ÊÇJetÊý¾Ý¿âÒýÇæÔ¶³ÌÖ´ÐдúÂë·ì϶¡£µ±Windows JetÊý¾Ý¿âÒýÇæ²»ÕýÈ·µØ´¦ÖÃÄÚ´æÖеĶÔÏóʱ£¬´æÔÚÔ¶³ÌÖ´ÐдúÂë·ì϶¡£³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷ÕßÄܹ»ÔÚÊܺ¦ÕßϵͳÉÏÖ´ÐÐËÁÒâ´úÂë¡£¹¥»÷ÕßÄܹ»Í¨¹ýÓÕʹÊܺ¦Õß´ò¿ª¾­ÌØÊâÉè¼ÆµÄÎļþÀ´ÀûÓô˷ì϶¡£


0x02 Ó°ÏìÁìÓò


·ì϶±àºÅ

ÊÜÓ°Ïì²úÆ·°æ±¾

CVE-2020-1023

CVE-2020-1024

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Server 2019

Microsoft SharePoint Foundation 2013 Service Pack 1

CVE-2020-1102

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Server 2019

CVE-2020-1064

Internet Explorer 9

Internet Explorer 11

CVE-2020-1096

Microsoft Edge (EdgeHTML-based)

CVE-2020-1067

CVE-2020-1051

CVE-2020-1174

CVE-2020-1175

CVE-2020-1176

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for x64-based Systems

Windows Server, version 1803 (Server Core Installation)

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows Server, version 1909 (Server Core installation)

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for x64-based Systems

Windows 10 Version 1709 for ARM64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows Server, version 1903 (Server Core installation)

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for Itanium-Based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)



0x03 ´ëÖý¨Òé


΢Èí¹Ù·½ÒѾ­°ä²¼²¹¶¡½¨¸´ÁËÉÏÊö·ì϶£¬ÏÂÔØÁ´½Ó£º

https://portal.msrc.microsoft.com/zh-cn/security-guidance


0x04 ÓйØÐÂÎÅ


https://www.zdnet.com/article/microsoft-may-2020-patch-tuesday-fixes-111-vulnerabilities/#ftag=RSSbaffb68


0x05 ²Î¿¼Á´½Ó


https://portal.msrc.microsoft.com/zh-cn/security-guidance


0x06 ¹¦·òÏß


2020-05-12 ΢Èí¹Ù·½°ä²¼·ì϶

2020-05-13 VSRC°ä²¼·ì϶¹«¸æ

GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾