΢Èí | 9Ô¶à¸ö²úÆ··ì϶¹«¸æ

°ä²¼¹¦·ò 2020-09-09


0x00 ·ì϶¸ÅÊö

    2020Äê09ÔÂ08ÈÕÐÇÆÚ¶þ£¬Microsoft°ä²¼ÁË9Եݲȫ¸üС£±¾´Î°²È«¸üй²½¨¸´ÁË129¸ö·ì϶£¬Éæ¼°Microsoft Windows¡¢Internet Explorer¡¢Microsoft Office¡¢Microsoft Exchange ServeµÈ£¬Ä¿Ç°ÉÐûÓÐÒ»¸ö·ì϶±»ÔÚÒ°ÀûÓá£ÆäÖÐÓÐ23¸ö·ì϶ΪÑϳÁ·ì϶£¬105¸öΪ¸ßΣ·ì϶¡£

 

0x01 ·ì϶ÏêÇé

ͼƬ12.png


2020Äê9Ô°²È«¸üÐÂÉæ¼°ÒÔÏÂ×é¼þ£º


    lMicrosoft Windows

    lMicrosoft Edge (EdgeHTML-based)

    lMicrosoft Edge (Chromium-based)

    lMicrosoft ChakraCore

    lnternet Explorer

    lSQL Server

    lMicrosoft JET Database Engine

    lMicrosoft Office and Microsoft Office Services and Web Apps

    lMicrosoft Dynamics

    lVisual Studio

    lMicrosoft Exchange Server

    lSQL Server

    lASP.NET

    lMicrosoft OneDrive

    lAzure DevOps



²¿ÃÅÊÜÓ°ÏìµÄ°æ±¾ÈçÏ£º



CVE񅧏

Ó°Ïì°æ±¾

CVE-2020-0664

Windows Server 2008 for 32-bit SystemsService Pack 2

Windows Server 2008 for 32-bit SystemsService Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1903 (Server Core installation)

Windows Server, version 1909 (Server Core installation)

 

CVE-2020-0922

CVE-2020-1252

CVE-2020-1285

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-basedSystems

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for ARM64-based Systems

Windows 10 Version 1709 for x64-basedSystems

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core   installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server   Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1   (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016  (Server   Core installation)

Windows Server 2019

Windows Server 2019  (Server   Core installation)

Windows Server, version 1903 (Server Core installation)

Windows Server, version 1909 (Server Core installation)

Windows Server, version 2004 (Server Core installation)

CVE-2020-1129

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for ARM64-based Systems

Windows 10 Version 1709 for x64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows Server 2016

Windows Server 2016  (Server   Core installation)

Windows Server 2019

Windows Server 2019  (Server   Core installation)

Windows Server, version 1903 (Server Core installation)

Windows Server, version 1909 (Server Core installation)

Windows Server, version 2004 (Server Core installation)

CVE-2020-1200

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Foundation 2010 Service Pack 2

Microsoft SharePoint Foundation 2013 Service Pack 1

Microsoft SharePoint Server 2019

CVE-2020-1210

Microsoft Business Productivity Servers 2010 Service Pack 2

Microsoft SharePoint Enterprise Server 2013 Service Pack 1

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Server 2010 Service Pack 2

Microsoft SharePoint Server 2019

CVE-2020-1319

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for ARM64-based Systems

Windows 10 Version 1709 for x64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows Server 2016

Windows Server 2016  (Server   Core installation)

Windows Server 2019

Windows Server 2019  (Server   Core installation)

Windows Server, version 1903 (Server Core installation)

Windows Server, version 1909 (Server Core installation)

Windows Server, version 2004 (Server Core installation)

CVE-2020-1452

CVE-2020-1453

CVE-2020-1460

Microsoft SharePoint Enterprise Server 2013 Service Pack 1

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Foundation 2010 Service Pack 2

Microsoft SharePoint Foundation 2013 Service Pack 1

Microsoft SharePoint Server 2019

CVE-2020-1576

Microsoft SharePoint Enterprise Server 2013 Service Pack 1

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Foundation 2010 Service Pack 2

Microsoft SharePoint Foundation 2013 Service Pack 1

Microsoft SharePoint Server 2010 Service Pack 2

Microsoft SharePoint Server 2019

CVE-2020-1595

Microsoft SharePoint Enterprise Server 2013 Service Pack 1

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Foundation 2013 Service Pack 1

Microsoft SharePoint Server 2019


²¿ÃÅ·ì϶ÏêÇ飺

1.Microsoft COM Ô¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2020-0922£©

 WindowsµÄMicrosoft COM´¦ÖÃÄÚ´æ¶ÔÏóµÄ·½Ê½ÖдæÔÚÒ»¸öÔ¶³Ì´úÂëÖ´Ðзì϶¡£

¹¥»÷ÕßÒýÓÕÓû§½Ó¼ûÒ»¸ö´øÓжñÒâJavaScriptµÄÍøÕ¾¿ÉÀûÓô˷ì϶£¬³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷ÕßÄܹ»ÔÚÖ¸±êϵͳÉÏÖ´ÐÐËÁÒâ´úÂë¡£

¾ßÌåÐÅÏ¢¼°²¹¶¡ÏÂÔصØÖ·£º

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0922

 

2.Microsoft SharePointÔ¶³Ì´úÂëÖ´Ðжà¸ö°²È«·ì϶

µ±Èí¼þÎÞ·¨²é³­ÀûÓ÷¨Ê½°üµÄÔ´ÏóÕ÷ʱ£¬Microsoft SharePointÖн«´æÔÚÒ»¸öÔ¶³Ì´úÂëÖ´Ðзì϶¡£

¹¥»÷Õß±ØÒªÉÏ´«Ò»¸ö¶ñÒâµÄSharePointÀûÓ÷¨Ê½°üµ½ÊÜÓ°ÏìµÄSharePoint°æÕý±¾ÀûÓô˷ì϶£¬³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷ÕßÄܹ»ÔÚSharePointÀûÓ÷¨Ê½³ØºÍSharePoint·þÎñÆ÷ÕÊ»§ÖÐÔËÐÐËÁÒâ´úÂë¡£

±¾´ÎMicrosoft½¨¸´ÁËSharepoint 2010ÄêÖÁ2019Äê°æ±¾ÖеÄ7¸öÆäËûÑϳÁ·ì϶¡£±ðÀëΪ£ºCVE-2020-1200¡¢CVE-2020-1210¡¢CVE-2020-1452¡¢CVE-2020-1453¡¢CVE-2020-1576¡¢CVE-2020-1460ºÍCVE-2020-1595¡£

1.CVE-2020-1200

¾ßÌåÐÅÏ¢¼°²¹¶¡ÏÂÔصØÖ·£º

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1200

2.CVE-2020-1210

CVE-2020-1210ÊÇÊÜÖ§³Ö°æ±¾µÄMicrosoft SharepointÎĵµÖÎÀíÈí¼þÖеÄÔ¶³Ì´úÂëÖ´Ðзì϶¡£

¾ßÌåÐÅÏ¢¼°²¹¶¡ÏÂÔصØÖ·£º

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1210

3.CVE-2020-1452

¾ßÌåÐÅÏ¢¼°²¹¶¡ÏÂÔصØÖ·£º

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1452

4.CVE-2020-1453

¾ßÌåÐÅÏ¢¼°²¹¶¡ÏÂÔصØÖ·£º

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1453

5.CVE-2020-1460

µ±Microsoft SharePoint ServerÎÞ·¨ÕýÈ·¼ø±ðºÍ¹ýÂ˲»°²È«µÄASP.Net Web¿Ø¼þʱ£¬Ëü»á´æÔÚÒ»¸öÔ¶³Ì´úÂëÖ´Ðзì϶¡£

¹¥»÷Õßͨ¹ýÔÚÊÜÓ°ÏìµÄMicrosoft SharePoint Server°æ±¾ÉÏ´´½¨²¢Å²ÓÃÌØÔìÒ³ÃæÀ´ÀûÓô˷ì϶£¬³É¹¦ÀûÓô˷ì϶²¢¾­¹ýÉí·ÝÑéÖ¤µÄ¹¥»÷ÕßÄܹ»Ê¹ÓÃÌØÔìÒ³ÃæÔÚSharePointÀûÓ÷¨Ê½³Ø¹ý³Ì°²È«·½ÃæÖ´ÐвÙ×÷¡£

¾ßÌåÐÅÏ¢¼°²¹¶¡ÏÂÔصØÖ·£º

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1460

6.CVE-2020-1576

¾ßÌåÐÅÏ¢¼°²¹¶¡ÏÂÔصØÖ·£º

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1576

7.CVE-2020-1595

Microsoft SharePointÖдæÔÚÒ»¸öÔ¶³Ì´úÂëÖ´Ðзì϶£¬ÓÉÓÚûÓзÀ»¤Õ½ÊõÀ´Ê¹APIÃâÊܲ»°²È«Êý¾ÝÊäÈëµÄ¹¥»÷¡£¹¥»÷Õßͨ¹ýÔÚÊÜÓ°ÏìµÄSharePoint°æ±¾ÉÏʹÓÃÌØÊâÌåʽµÄÊäÈë½Ó¼ûÒ×ÊÜϰȾµÄAPIÀ´ÀûÓô˷ì϶¡£

¾ßÌåÐÅÏ¢¼°²¹¶¡ÏÂÔصØÖ·£º

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1595

 

3.Microsoft Windows Codecs ¿âÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2020-1319£©

Microsoft Windows Codecs ¿â´¦ÖÃÄÚ´æÖеĶÔÏóʱ£¬´æÔÚÒ»´¦Ô¶³Ì´úÂëÖ´Ðзì϶¡£

³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷ÕßÄܹ»½ÚÔìÊÜÓ°ÏìµÄϵͳ£¬Èç×°Ö÷¨Ê½¡¢²é¿´¡¢¸ü¸Ä»òɾ³ýÊý¾Ý£¬»ò´´½¨ÓµÓÐÆëÈ«Óû§È¨ÏÞµÄÐÂÕÊ»§¡£

¾ßÌåÐÅÏ¢¼°²¹¶¡ÏÂÔصØÖ·£º

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1319

 

4.Dynamics 365£¨on-premises£©Ô¶³Ì´úÂëÖ´Ðзì϶

1. Microsoft Dynamics 365 for Finance and Operations£¨on-premises£©Ô¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2020-16857£©

Microsoft Dynamics 365 for Finance and Operations£¨on-premises£©°æ±¾10.0.11ÖдæÔÚÒ»¸öÔ¶³Ì´úÂëÖ´Ðзì϶¡£¾­¹ýÉí·ÝÑéÖ¤µÄ¡¢ÓµÓе¼ÈëºÍµ¼³öÊý¾ÝÌØȨµÄ¹¥»÷ÕßÄܹ»Í¨¹ý½«¶ñÒâÎļþ·¢Ë͵½Ò×Êܹ¥»÷µÄDynamics·þÎñÆ÷À´ÀûÓô˷ì϶£¬³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷ÕßÄܹ»Í¨¹ýÔÚÊܺ¦Õß·þÎñÆ÷ÉÏÖ´ÐзþÎñÆ÷¶Ë½ÅÕý±¾ÊµÏÖÔ¶³Ì´úÂëÖ´ÐС£

¾ßÌåÐÅÏ¢¼°²¹¶¡ÏÂÔصØÖ·£º

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16857

2. Microsoft Dynamics 365£¨on-premises£©Ô¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2020-16862£©

µ±·þÎñÆ÷ÎÞ·¨ÕýÈ·¶Ô´ýÊÜÓ°ÏìµÄDynamics·þÎñÆ÷µÄWebÒªÇóʱ£¬Microsoft Dynamics 365£¨on-premises£©Öн«´æÔÚÒ»¸öÔ¶³Ì´úÂëÖ´Ðзì϶¡£¾­¹ýÉí·ÝÑéÖ¤µÄ¹¥»÷ÕßÄܹ»Í¨¹ý½«¶ñÒâÒªÇó·¢Ë͵½Ò×Êܹ¥»÷µÄDynamics·þÎñÆ÷À´ÀûÓô˷ì϶£¬³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷ÕßÄܹ»ÔÚSQL·þÎñÕÊ»§ÖÐÔËÐÐËÁÒâ´úÂë¡£

¾ßÌåÐÅÏ¢¼°²¹¶¡ÏÂÔصØÖ·£º

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16862

 

5.Microsoft Exchange ServerÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2020-16875 £©

ÓÉÓÚ¶Ôcmdlet²ÎÊýµÄÑéÖ¤²»ÕýÈ·£¬Microsoft Exchange·þÎñÆ÷ÖдæÔÚÒ»¸öÔ¶³Ì´úÂëÖ´Ðзì϶¡£³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷ÕßÄܹ»ÔÚÊÜÓ°ÏìµÄϵͳÉÏÖ´ÐÐËÁÒâ´úÂë¡£

¾ßÌåÐÅÏ¢¼°²¹¶¡ÏÂÔصØÖ·£º

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16875

0x02 ´ëÖý¨Òé

΢Èí¹Ù·½ÒÑÓÚ2020Äê09ÔÂ08ÈÕ°ä²¼ÁËÓйØÈí¼þµÄ°²È«¸üУ¬½¨ÒéÓû§ÊµÊ±¸üÐÂÓйز¹¶¡¡£

ÏÂÔصØÖ·£º

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Sep

0x03 ÓйØÐÂÎÅ

https://krebsonsecurity.com/2020/09/microsoft-patch-tuesday-sept-2020-edition/

https://blog.qualys.com/vulnerabilities-research/2020/09/08/september-2020-patch-tuesday-129-vulnerabilities-23-critical-sharepoint-exchange-windows-codecs-adobe-vulns

0x04 ²Î¿¼Á´½Ó

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Sep

0x05 ¹¦·òÏß

2020-09-08΢Èí¹Ù·½°ä²¼°²È«¸üÐÂ

2020-09-09 VSRC°ä²¼°²È«¹«¸æ



ͼƬ5.png