【漏洞通告】微軟6月安全更新多個產品高危漏洞通告
威脅對抗能力部 [綠盟科技安全情報](javascript:void(0)😉 今天
通告編號:NS-2020-0037
2020-06-10
| TA****G: | 安全更新、Windows、IE、Office、Edge、Adobe Flash |
|---|---|
| 漏洞危害: | 攻擊者利用本次安全更新中的漏洞,可造成信息泄露、特權提升、遠程代碼執行等。 |
| 版本: | 1.0 |
1
漏洞概述
北京時間6月10日,微軟發佈6月安全更新補丁,修復了130個安全問題,涉及Microsoft Windows、Internet Explorer、Microsoft Edge、Windows Defender、Microsoft Office、Visual Studio、Adobe Flash Player等廣泛使用的產品,其中包括內存泄露和遠程代碼執行等高危漏洞類型。
本月微軟月度更新修復的漏洞中,嚴重程度爲關鍵(Critical)的漏洞共有12個,重要(Important)漏洞有118個。這是微軟有史以來在一個月內發佈CVE數量最多的一次,其中Windows SMB 遠程代碼執行漏洞(CVE-2020-1301)與Windows SMBv3 客戶端/服務器信息泄漏漏洞(CVE-2020-1206)的PoC已公開,請相關用戶及時更新補丁進行防護,詳細漏洞列表請參考附錄。
參考鏈接:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jun
SEE MORE →
2重點漏洞簡述
根據產品流行度和漏洞重要性篩選出此次更新中包含影響較大的漏洞,請相關用戶重點進行關注:
CVE-2020-1206**(PoC已公開):Windows SMBv3 客戶端/**服務器信息泄漏漏洞
Microsoft Server Message Block 3.1.1 (SMBv3)協議在處理某些請求時存在信息泄露漏洞,未經身份驗證的攻擊者可通過向目標SMB服務器發送特殊設計的數據包,或配置一個惡意的 SMBv3 服務器並誘導用戶連接。攻擊者利用此漏洞可獲取到敏感信息。
與SMBv3Ghost有關的內容可參考:https://mp.weixin.qq.com/s/q3dL6YI0K-cFLbNzySabHQ
官方通告鏈接:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1206
CVE-2020-1301**(PoC已公開):**Windows SMB 遠程代碼執行漏洞
Microsoft Server Message Block 1.0 (SMBv1) 服務器在處理某些請求時存在遠程代碼執行漏洞,經過身份驗證的攻擊者向目標 SMBv1 服務器發送特殊設計的數據包,成功利用此漏洞的攻擊者可在目標系統上執行代碼。
微軟已在 2014 年棄用了 SMBv1 協議,在 Windows 10 中 默認禁用SMBv1 。檢測與禁用 SMB協議請參考官方文檔:https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3
官方通告鏈接:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1301
CVE-2020-1281**:**Windows OLE 遠程代碼執行漏洞
由於Microsoft Windows OLE 無法正確驗證用戶輸入,攻擊者可以誘使用戶在網頁或電子郵件中打開特殊設計的文件或程序,從而利用此漏洞來執行惡意代碼。
官方通告鏈接:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1281
CVE-2020-1300**:**Windows 遠程執行代碼漏洞
由於Microsoft Windows 無法正確處理 cabinet 文件,攻擊者可誘使用戶打開特殊設計的 cabinet 文件或誘騙用戶安裝僞裝成打印機驅動程序的惡意 cabinet 文件,從而利用此漏洞執行任意代碼。
官方通告鏈接:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1300
CVE-2020-1181**:**Microsoft SharePoint Server 遠程代碼執行漏洞
由於SharePoint Server無法正確識別和篩選不安全的 ASP.NET Web 控件,經過身份驗證的攻擊者通過上傳一個特別製作的頁面到SharePoint服務器,可成功利用此漏洞在服務器上執行任意代碼。
官方通告鏈接:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1181
CVE-2020-1225/1226**:**Microsoft Excel 遠程代碼執行漏洞
由於Microsoft Excel無法正確處理內存中的對象,導致存在遠程代碼執行漏洞。攻擊者通過誘使用戶使用受影響版本的Microsoft Excel打開經過特殊設計的文件進行利用。成功利用此漏洞的攻擊者可以獲得與當前用戶相同的系統控制權限。
官方通告鏈接:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1225
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1226
CVE-2020-1248**:**GDI 遠程代碼執行漏洞
Windows 圖形設備接口 (GDI) 在處理內存中對象的方式中存在遠程代碼執行漏洞。攻擊者可以利用該漏洞精心製作一個惡意網站或惡意文件,並通過釣魚郵件等方式誘導用戶點擊鏈接或打開附件。成功利用此漏洞的攻擊者可能會控制受影響的系統。
官方通告鏈接:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1248
CVE-2020-1299**:**LNK 遠程代碼執行漏洞
Windows 在處理 .LNK 文件時存在一個遠程代碼執行漏洞,攻擊者可能會向用戶顯示包含惡意 .LNK 文件和關聯的惡意二進制文件的可移除驅動器或遠程共享,成功利用此漏洞的攻擊者可獲得與本地用戶相同的系統權限。
官方通告鏈接:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1299
ADV200010| CVE-2020-9633: Adobe Flash Player 任意代碼執行漏洞
此安全更新修復了 Adobe 安全公告 APSB20-30 中描述的漏洞(CVE-2020-9633),此漏洞影響Windows、MacOS、Linux和ChromeOS,成功利用該漏洞可在當前用戶的環境中執行任意代碼。
官方通告鏈接:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200010
https://helpx.adobe.com/cn/security/products/flash-player/apsb20-30.html
3影響範圍
以下爲重點關注漏洞的受影響產品版本,其他漏洞影響產品範圍請參閱官方通告鏈接。
| 漏洞編號 | 受影響產品版本 |
|---|---|
| CVE-2020-1206 | Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation) |
| CVE-2020-1301CVE-2020-1281CVE-2020-1300 | Windows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for Itanium-Based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation) |
| CVE-2020-1181 | Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2010 Service Pack 2Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Server 2019 |
| CVE-2020-1225CVE-2020-1226 | Microsoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft 365 Apps for Enterprise for 64-bit SystemsMicrosoft Excel 2010 Service Pack 2 (32-bit editions)Microsoft Excel 2010 Service Pack 2 (64-bit editions)Microsoft Excel 2013 RT Service Pack 1Microsoft Excel 2013 Service Pack 1 (32-bit editions)Microsoft Excel 2013 Service Pack 1 (64-bit editions)Microsoft Excel 2016 (32-bit edition)Microsoft Excel 2016 (64-bit edition)Microsoft Office 2016 for MacMicrosoft Office 2019 for 32-bit editionsMicrosoft Office 2019 for 64-bit editionsMicrosoft Office 2019 for Mac |
| CVE-2020-1248 | Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation) |
| CVE-2020-1299 | Windows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation) |
| ADV200010 |CVE-2020-9633 | Windows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows Server 2019Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows Server 2016Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2012Windows Server 2012 R2Windows 10 Version 2004 for x64-based SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit Systems |
4漏洞防護
4.1 補丁更新
目前微軟官方已針對受支持的產品版本發佈了修復以上漏洞的安全補丁,強烈建議受影響用戶儘快安裝補丁進行防護,官方下載鏈接:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jun
注:由於網絡問題、計算機環境問題等原因,Windows Update的補丁更新可能出現失敗。用戶在安裝補丁後,應及時檢查補丁是否成功更新。
右鍵點擊Windows圖標,選擇“設置(N)”,選擇“更新和安全”-“Windows更新”,查看該頁面上的提示信息,也可點擊“查看更新歷史記錄”查看歷史更新情況。
針對未成功安裝的更新,可點擊更新名稱跳轉到微軟官方下載頁面,建議用戶點擊該頁面上的鏈接,轉到“Microsoft更新目錄”網站下載獨立程序包並安裝。
附錄:漏洞列表
| 影響產品 | CVE 編號 | 漏洞標題 | 嚴重程度 |
|---|---|---|---|
| Microsoft Office | CVE-2020-1181 | Microsoft SharePoint Server 遠程代碼執行漏洞 | Critical |
| Internet Explorer | CVE-2020-1213 | VBScript 遠程代碼執行漏洞 | Critical |
| Internet Explorer | CVE-2020-1216 | VBScript 遠程代碼執行漏洞 | Critical |
| ChakraCore,Microsoft Edge,Internet Explorer | CVE-2020-1219 | Microsoft Browser 內存泄露漏洞 | Critical |
| Adobe Flash | ADV200010 | June 2020 Adobe Flash Security Update | Critical |
| ChakraCore,Microsoft Edge | CVE-2020-1073 | Scripting Engine 內存泄露漏洞 | Critical |
| Windows | CVE-2020-1286 | Windows Shell 遠程代碼執行漏洞 | Critical |
| Windows | CVE-2020-1300 | Windows 遠程代碼執行漏洞 | Critical |
| Windows | CVE-2020-1248 | GDI+ 遠程代碼執行漏洞 | Critical |
| Internet Explorer | CVE-2020-1260 | VBScript 遠程代碼執行漏洞 | Critical |
| Windows | CVE-2020-1281 | Windows OLE 遠程代碼執行漏洞 | Critical |
| Windows | CVE-2020-1299 | LNK 遠程代碼執行漏洞 | Critical |
| Windows | CVE-2020-0915 | Windows GDI 權限提升漏洞 | Important |
| Windows | CVE-2020-0916 | Windows GDI 權限提升漏洞 | Important |
| Windows | CVE-2020-0986 | Windows Kernel 權限提升漏洞 | Important |
| Microsoft Office | CVE-2020-1183 | Microsoft Office SharePoint XSS漏洞 | Important |
| Microsoft Office | CVE-2020-1225 | Microsoft Excel 遠程代碼執行漏洞 | Important |
| Microsoft Office | CVE-2020-1226 | Microsoft Excel 遠程代碼執行漏洞 | Important |
| Microsoft Office | CVE-2020-1229 | Microsoft Outlook Security 功能繞過 | Important |
| Windows | CVE-2020-1334 | Windows Runtime 權限提升漏洞 | Important |
| Windows | CVE-2020-1348 | Windows GDI 信息披露漏洞 | Important |
| Windows | CVE-2020-1196 | Windows Print Configuration 權限提升漏洞 | Important |
| Windows | CVE-2020-1197 | Windows Error Reporting Manager 權限提升漏洞 | Important |
| Windows | CVE-2020-1199 | Windows Feedback Hub 權限提升漏洞 | Important |
| Windows | CVE-2020-1201 | Windows Now Playing Session Manager 權限提升漏洞 | Important |
| Microsoft Visual Studio,Windows | CVE-2020-1202 | Diagnostic Hub Standard Collector 權限提升漏洞 | Important |
| Microsoft Visual Studio,Windows | CVE-2020-1203 | Diagnostic Hub Standard Collector 權限提升漏洞 | Important |
| Windows | CVE-2020-1204 | Windows Mobile Device Management Diagnostics 權限提升漏洞 | Important |
| Windows | CVE-2020-1206 | Windows SMBv3 Client/Server 信息披露漏洞 | Important |
| Windows | CVE-2020-1207 | Win32k 權限提升漏洞 | Important |
| Windows | CVE-2020-1208 | Jet Database Engine 遠程代碼執行漏洞 | Important |
| Windows | CVE-2020-1209 | Windows Network List Service 權限提升漏洞 | Important |
| Windows | CVE-2020-1211 | Connected Devices Platform Service 權限提升漏洞 | Important |
| Windows | CVE-2020-1212 | OLE Automation 權限提升漏洞 | Important |
| Internet Explorer | CVE-2020-1214 | VBScript 遠程代碼執行漏洞 | Important |
| Internet Explorer | CVE-2020-1215 | VBScript 遠程代碼執行漏洞 | Important |
| Windows | CVE-2020-1217 | Windows Runtime 信息披露漏洞 | Important |
| Microsoft Edge (Chromium-based) in IE Mode | CVE-2020-1220 | Microsoft Edge (Chromium-based) in IE Mode 欺騙漏洞 | Important |
| Windows | CVE-2020-1222 | Microsoft Store Runtime 權限提升漏洞 | Important |
| NuGetGallery | CVE-2020-1340 | NuGetGallery 欺騙漏洞 | Important |
| Microsoft Visual Studio Code Live Share extension | CVE-2020-1343 | Visual Studio Code Live Share 信息披露漏洞 | Important |
| Windows | CVE-2020-1120 | Connected User Experiences and Telemetry Service 拒絕服務漏洞 | Important |
| Microsoft Office | CVE-2020-1148 | Microsoft SharePoint 欺騙漏洞 | Important |
| Windows | CVE-2020-1194 | Windows Registry 拒絕服務漏洞 | Important |
| Apps | CVE-2020-1223 | Word for Android 遠程代碼執行漏洞 | Important |
| Internet Explorer | CVE-2020-1230 | VBScript 遠程代碼執行漏洞 | Important |
| Windows | CVE-2020-1231 | Windows Runtime 權限提升漏洞 | Important |
| Windows | CVE-2020-1232 | Media Foundation 信息披露漏洞 | Important |
| Windows | CVE-2020-1233 | Windows Runtime 權限提升漏洞 | Important |
| Windows | CVE-2020-1234 | Windows Error Reporting 權限提升漏洞 | Important |
| Windows | CVE-2020-1235 | Windows Runtime 權限提升漏洞 | Important |
| Windows | CVE-2020-1236 | Jet Database Engine 遠程代碼執行漏洞 | Important |
| Windows | CVE-2020-1237 | Windows Kernel 權限提升漏洞 | Important |
| Windows | CVE-2020-1238 | Media Foundation 內存泄露漏洞 | Important |
| Windows | CVE-2020-1239 | Media Foundation 內存泄露漏洞 | Important |
| Microsoft Edge | CVE-2020-1242 | Microsoft Edge 信息披露漏洞 | Important |
| Windows | CVE-2020-1246 | Windows Kernel 權限提升漏洞 | Important |
| Windows | CVE-2020-1247 | Win32k 權限提升漏洞 | Important |
| Windows | CVE-2020-1262 | Windows Kernel 權限提升漏洞 | Important |
| Windows | CVE-2020-1269 | Windows Kernel 權限提升漏洞 | Important |
| Windows | CVE-2020-1271 | Windows Backup Service 權限提升漏洞 | Important |
| Windows | CVE-2020-1274 | Windows Kernel 權限提升漏洞 | Important |
| Windows | CVE-2020-1275 | Windows Kernel 權限提升漏洞 | Important |
| Windows | CVE-2020-1277 | Windows Installer 權限提升漏洞 | Important |
| Microsoft Visual Studio,Windows | CVE-2020-1278 | Diagnostics Hub Standard Collector 權限提升漏洞 | Important |
| Windows | CVE-2020-1279 | Windows Lockscreen 權限提升漏洞 | Important |
| Windows | CVE-2020-1280 | Windows Bluetooth Service 權限提升漏洞 | Important |
| Windows | CVE-2020-1282 | Windows Runtime 權限提升漏洞 | Important |
| Windows | CVE-2020-1284 | Windows SMBv3 Client/Server 拒絕服務漏洞 | Important |
| Windows | CVE-2020-1294 | Windows WalletService 權限提升漏洞 | Important |
| Microsoft Office | CVE-2020-1295 | Microsoft SharePoint 權限提升漏洞 | Important |
| Microsoft Office | CVE-2020-1298 | Microsoft Office SharePoint XSS漏洞 | Important |
| Windows | CVE-2020-1307 | Windows Kernel 權限提升漏洞 | Important |
| Windows | CVE-2020-1310 | Win32k 權限提升漏洞 | Important |
| Windows | CVE-2020-1311 | Component Object Model 權限提升漏洞 | Important |
| Windows | CVE-2020-1312 | Windows Installer 權限提升漏洞 | Important |
| Windows | CVE-2020-1316 | Windows Kernel 權限提升漏洞 | Important |
| Microsoft Office | CVE-2020-1320 | Microsoft Office SharePoint XSS漏洞 | Important |
| Microsoft Office | CVE-2020-1321 | Microsoft Office 遠程代碼執行漏洞 | Important |
| Microsoft Office | CVE-2020-1322 | Microsoft Project 信息披露漏洞 | Important |
| Windows | CVE-2020-1324 | Windows 權限提升漏洞 | Important |
| System Center | CVE-2020-1331 | System Center Operations Manager 欺騙漏洞 | Important |
| Windows | CVE-2020-1160 | Microsoft Graphics Component 信息披露漏洞 | Important |
| Windows | CVE-2020-1162 | Windows 權限提升漏洞 | Important |
| System Center | CVE-2020-1163 | Microsoft Windows Defender 權限提升漏洞 | Important |
| System Center | CVE-2020-1170 | Microsoft Windows Defender 權限提升漏洞 | Important |
| Microsoft Office | CVE-2020-1177 | Microsoft Office SharePoint XSS漏洞 | Important |
| Microsoft Office | CVE-2020-1178 | Microsoft SharePoint Server 權限提升漏洞 | Important |
| Windows | CVE-2020-1241 | Windows Kernel Security 功能繞過 | Important |
| Windows | CVE-2020-1244 | Connected User Experiences and Telemetry Service 拒絕服務漏洞 | Important |
| Windows | CVE-2020-1251 | Win32k 權限提升漏洞 | Important |
| Windows | CVE-2020-1253 | Win32k 權限提升漏洞 | Important |
| Windows | CVE-2020-1254 | Windows Modules Installer Service 權限提升漏洞 | Important |
| Windows | CVE-2020-1255 | Windows Background Intelligent Transfer Service 權限提升漏洞 | Important |
| Microsoft Visual Studio,Windows | CVE-2020-1257 | Diagnostics Hub Standard Collector 權限提升漏洞 | Important |
| Windows | CVE-2020-1258 | DirectX 權限提升漏洞 | Important |
| Windows | CVE-2020-1259 | Windows Host Guardian Service Security 功能繞過 | Important |
| Windows | CVE-2020-1261 | Windows Error Reporting 信息披露漏洞 | Important |
| Windows | CVE-2020-1263 | Windows Error Reporting 信息披露漏洞 | Important |
| Windows | CVE-2020-1264 | Windows Kernel 權限提升漏洞 | Important |
| Windows | CVE-2020-1265 | Windows Runtime 權限提升漏洞 | Important |
| Windows | CVE-2020-1266 | Windows Kernel 權限提升漏洞 | Important |
| Windows | CVE-2020-1268 | Windows Service 信息披露漏洞 | Important |
| Windows | CVE-2020-1270 | Windows WLAN Service 權限提升漏洞 | Important |
| Windows | CVE-2020-1272 | Windows Installer 權限提升漏洞 | Important |
| Windows | CVE-2020-1273 | Windows Kernel 權限提升漏洞 | Important |
| Windows | CVE-2020-1276 | Windows Kernel 權限提升漏洞 | Important |
| Windows | CVE-2020-1283 | Windows 拒絕服務漏洞 | Important |
| Windows | CVE-2020-1287 | Windows WalletService 權限提升漏洞 | Important |
| Microsoft Office | CVE-2020-1289 | Microsoft SharePoint 欺騙漏洞 | Important |
| Windows | CVE-2020-1290 | Win32k 信息披露漏洞 | Important |
| Windows | CVE-2020-1291 | Windows Network Connections Service 權限提升漏洞 | Important |
| Windows | CVE-2020-1292 | OpenSSH for Windows 權限提升漏洞 | Important |
| Microsoft Visual Studio,Windows | CVE-2020-1293 | Diagnostics Hub Standard Collector 權限提升漏洞 | Important |
| Windows | CVE-2020-1296 | Windows Diagnostics & feedback 信息披露漏洞 | Important |
| Microsoft Office | CVE-2020-1297 | Microsoft Office SharePoint XSS漏洞 | Important |
| Windows | CVE-2020-1301 | Windows SMB 遠程代碼執行漏洞 | Important |
| Windows | CVE-2020-1302 | Windows Installer 權限提升漏洞 | Important |
| Windows | CVE-2020-1304 | Windows Runtime 權限提升漏洞 | Important |
| Windows | CVE-2020-1305 | Windows State Repository Service 權限提升漏洞 | Important |
| Windows | CVE-2020-1306 | Windows Runtime 權限提升漏洞 | Important |
| Windows | CVE-2020-1309 | Microsoft Store Runtime 權限提升漏洞 | Important |
| Windows | CVE-2020-1313 | Windows Update Orchestrator Service 權限提升漏洞 | Important |
| Windows | CVE-2020-1314 | Windows Text Service Framework 權限提升漏洞 | Important |
| Internet Explorer | CVE-2020-1315 | Internet Explorer 信息披露漏洞 | Important |
| Windows | CVE-2020-1317 | Group Policy 權限提升漏洞 | Important |
| Microsoft Office | CVE-2020-1318 | Microsoft Office SharePoint XSS漏洞 | Important |
| Microsoft Office | CVE-2020-1323 | SharePoint Open Redirect Vulnerability | Important |
| Azure DevOps Server | CVE-2020-1327 | Azure DevOps Server HTML Injection Vulnerability | Important |
| Apps | CVE-2020-1329 | Microsoft Bing Search 欺騙漏洞 | Important |
轉載自https://mp.weixin.qq.com/s/i4veIOrXgqpTIulFDtbhMw