Выпущены обновления безопасности Microsoft за апрель 2019
Компания Microsoft выпустила обновления безопасности для следующих продуктов: Windows, Windows Server, Microsoft Edge, Internet Explorer, Office, SharePoint Server, Exchange Server, Team Foundation Server, Azure DevOps Server, Open Enclave SDK, ASP.NET Core, Chakra Core, Windows Admin Center и Adobe Flash Player.
Сводная информация по количеству и типу уязвимостей в соответствующих продуктах приведена на графике ниже:
Информация об уровне критичности, потенциальном ущербе и соответствующих обновлениях, закрывающих данные уязвимости, представлена в таблице ниже:
| Product Family | Maximum Severity | Maximum Impact | Associated KB Articles and/or Support Webpages |
| Windows 10 v1809, v1803, v1709, v1703, v1607, Windows 10 for 32-bit Systems, and Windows 10 for x64-based Systems (not including Edge) | Critical | Remote Code Execution | Windows 10 v1809 Security Update: 4493509
Windows 10 v1803 Security Update: 4493464 Windows 10 v1709 Security Update: 4493441 Windows 10 v1703 Security Update: 4493474 Windows 10 v1607 Security Update: 4493470 Windows 10 Security Update: 4493475 |
| Windows Server 2019, Windows Server 2016, and Server Core installations (2019, 2016, v1803, and v1709) | Critical | Remote Code Execution | Windows Server 2019 Security Update: 4493509
Windows Server 2016 Security Update: 4493470 Windows Server, version 1803 Security Update: 4493464 Windows Server, version 1709 Security Update: 4493441 |
| Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 7, Windows Server 2008 R2, and Windows Server 2008 | Critical | Remote Code Execution | Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 Monthly Rollup: 4493446
Windows 8.1 and Windows Server 2012 R2 Security Only: 4493467 Windows Server 2012 Monthly Rollup: 4493451 Windows Server 2012 Security Only: 4493450 Windows 7 and Windows Server 2008 R2 Monthly Rollup: 4493472 Windows 7 and Windows Server 2008 R2 Security Only: 4493448 Windows Server 2008 Monthly Rollup: 4493471 Windows Server 2008 Security Only: 4493458 |
| Microsoft Edge | Critical | Remote Code Execution | Microsoft Edge on Windows 10 v1809 and Microsoft Edge on Windows Server 2019 Security Update: 4493509
Microsoft Edge on Windows 10 v1803 Security Update: 4493464 Microsoft Edge on Windows 10 v1709 Security Update: 4493441 Microsoft Edge on Windows 10 v1703 Security Update: 4493474 Microsoft Edge on Windows Server 2016 and Microsoft Edge on Windows 10 v1607 Security Update: 4493470 Microsoft Edge on Windows 10 Security Update: 4493475 |
| Internet Explorer | Critical | Remote Code Execution | Internet Explorer 11 on Windows 10 v1809 and Internet Explorer 11 on Windows Server 2019 Security Update: 4493509
Internet Explorer 11 on Windows 10 v1803 Security Update: 4493464 Internet Explorer 11 on Windows 10 v1709 Security Update: 4493441 Internet Explorer 11 on Windows 10 v1703 Security Update: 4493474 Internet Explorer 11 on Windows Server 2016 and Internet Explorer 11 on Windows 10 v1607 Security Update: 4493470 Internet Explorer 11 on Windows 10 Security Update: 4493475 Internet Explorer 9 on Windows Server 2008, Internet Explorer 11 on Windows 7, Internet Explorer 11 on Windows Server 2008 R2, Internet Explorer 11 on Windows 8.1, Internet Explorer 11 on Windows Server 2012 R2, and Internet Explorer 10 on Windows Server 2012 IE Cumulative: 4493435 Internet Explorer 11 on Windows Server 2012 R2 Monthly Rollup: 4493446 Internet Explorer 11 on Windows 7 and Internet Explorer 11 on Windows Server 2008 R2 Monthly Rollup: 4493472 Internet Explorer 10 on Windows Server 2012 Monthly Rollup: 4493451 Internet Explorer 9 on Windows Server 2008 Monthly Rollup: 4493471 |
| Microsoft Office-related software (including SharePoint) | Important | Remote Code Execution | Microsoft Office 2016: 4462242, 4462213
Microsoft Office 2013: 4464504, 4462204 Microsoft Office 2013 RT: 4462204 Microsoft Office 2010: 4464520, 4462223 Microsoft Excel 2016: 4462236 Microsoft Excel 2013 and Excel 2013 RT: 4462209 Microsoft Excel 2010: 4462230 Microsoft SharePoint Server 2019: 4464518 Microsoft SharePoint Server 2010: 4464525 Microsoft SharePoint Enterprise Server 2016: 4464510 Microsoft SharePoint Enterprise Server 2013: 4464511 Microsoft SharePoint Foundation 2013: 4464515 Microsoft SharePoint Foundation 2010: 4464528 |
| Microsoft Exchange Server | Important | Spoofing | Microsoft Exchange Server 2019, Exchange Server 2016, Exchange Server 2013:4487563.
Microsoft Exchange Server 2010: 4491413. |
| ASP.NET Core | Important | Denial of Service | Microsoft .NET, .NET Core, and ASP.NET Core downloads: https://dotnet.microsoft.com/download |
| Windows Admin Center | Important | Elevation of Privilege | Windows Admin Center information and downloads: https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/overview |
| Team Foundation Server, Azure DevOps Server | Important | Elevation of Privilege | Team Foundation Server is now called Azure DevOps Server. Find more information on Azure DevOps Server here: https://docs.microsoft.com/en-us/azure/devops/server/? view=azure-devops |
| Open Enclave SDK | Important | Information Disclosure | Open Enclave SDK is an open-source project for building enclave applications in C and C++. More information is available at https://github.com/Microsoft/openenclave |
| ChakraCore | Critical | Remote Code Execution | ChakraCore is the core part of Chakra, the high-performance JavaScript engine that powers Microsoft Edge and Windows applications written in HTML/CSS/JS. More information is available at https://github.com/Microsoft/ChakraCore/wiki and https://github.com/Microsoft/ChakraCore/releases/ |
| Adobe Flash Player | Critical | Remote Code Execution | Adobe Flash Player Security Update: 4493478 Adobe Flash Player Advisory: ADV190011 |
Обратите внимание
На следующие уязвимости и обновления безопасности следует обратить особое внимание:
Windows/Windows Server
CVE-2019–0786 — SMB Server Elevation of Privilege Vulnerability
CVE-2019–0803 — Win32k Elevation of Privilege Vulnerability (Exploitation Detected! )
CVE-2019–0859 — Win32k Elevation of Privilege Vulnerability (Exploitation Detected! )
Microsoft Edge
CVE-2019–0739 — Scripting Engine Memory Corruption Vulnerability
Microsoft Office
CVE-2019–0822 — Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft SharePoint
CVE-2019–0831 — Microsoft Office SharePoint XSS Vulnerability
ASP.NET Core
CVE-2019–0815 — ASP.NET Core Denial of Service Vulnerability
Team Foundation Server/Azure DevOps Server
CVE-2019–0857 — Azure DevOps Server Spoofing Vulnerability
CVE-2019–0866 — Azure DevOps Server Spoofing Vulnerability
CVE-2019–0867 — Azure DevOps Server Spoofing Vulnerability
CVE-2019–0868 — Azure DevOps Server Spoofing Vulnerability
CVE-2019–0870 — Azure DevOps Server Spoofing Vulnerability
CVE-2019–0871 — Azure DevOps Server Spoofing Vulnerability
CVE-2019–0874 — Azure DevOps Server Spoofing Vulnerability
CVE-2019–0869 — Azure DevOps Server HTML Injection Vulnerability
CVE-2019–0875 — Azure DevOps Server Elevation of Privilege Vulnerability
Exchange Server
CVE-2019–0817 — Microsoft Exchange Spoofing Vulnerability
CVE-2019–0858 — Microsoft Exchange Spoofing Vulnerability
Windows Admin Center
CVE-2019–0813 — Microsoft Exchange Spoofing Vulnerability
Рекомендации по безопасности
В январе были выпущены следующие рекомендательные документы:
ADV190011 — April 2019 Adobe Flash Security Update
Были дополнены и обновлены следующие рекомендательные документы:
ADV180002 — Guidance to mitigate speculative execution side-channel vulnerabilities
ADV990001 – Latest Servicing Stack Updates
Дополнительная информация
Для вашего удобства предлагаю загрузить сводную таблицу в формате Microsoft Excel, которая содержит всю информацию о данном выпуске бюллетеней безопасности Microsoft с возможностью фильтрации и поиска по всевозможным параметрам.
Вы также можете посмотреть запись нашего ежемесячного вебинара «Брифинг по безопасности», посвященного подробному разбору текущего выпуска обновлений и бюллетеней безопасности компании Microsoft.
Самую полную и актуальную информацию об уязвимостях и обновлениях безопасности вы можете найти на нашем портале Security Update Guide.
Артём Синицын
руководитель программ
информационной безопасности
Microsoft
@ArtyomSinitsyn
Tags: Security, Security Updates
