΢Èí |5Ô¶à¸öÇå¾²Îó²îͨ¸æ

Ðû²¼Ê±¼ä 2020-05-13

0x00 Îó²î¸ÅÊö


²úÆ·

CVE ID

Àà ÐÍ

Îó²îÆ·¼¶

Ô¶³ÌʹÓÃ

Microsoft SharePoint

CVE-2020-1023

RCE

ÊÇ

CVE-2020-1024

RCE

ÊÇ

CVE-2020-1102

RCE

ÊÇ

Windows

CVE-2020-1067

RCE

ÊÇ

Internet Explorer

CVE-2020-1064

RCE

ÊÇ

Microsoft Edge

CVE-2020-1096

RCE

ÊÇ

Windows

CVE-2020-1051

RCE

ÊÇ

CVE-2020-1174

RCE

ÊÇ

CVE-2020-1175

RCE

ÊÇ

CVE-2020-1176

RCE

ÊÇ


0x01 Îó²îÏêÇé


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


΢ÈíÓÚÖܶþÐû²¼ÁË5ÔÂÇå¾²¸üв¹¶¡£¡£ ¡£¡£¡£¡£¬£¬£¬£¬ÐÞ¸´ÁË´ÓEdgeµ½WindowsÒÔ¼°´ÓVisual Studioµ½.NET FrameworkµÄ12ÖÖ²î±ð²úÆ·µÄ111¸öÎó²î¡£¡£ ¡£¡£¡£¡£ÆäÖÐÓÐ10¸öÎó²îÓ°Ïì½Ï´ó£¬£¬£¬£¬ÏêϸÈçÏ£º

CVE-2020-1023/CVE-2020-1024/CVE-2020-1102ÊÇMicrosoft SharePointÔ¶³Ì´úÂëÖ´ÐÐÎó²î¡£¡£ ¡£¡£¡£¡£µ±Èí¼þÎÞ·¨¼ì²éÓ¦ÓóÌÐò°üµÄÔ´±ê¼Çʱ£¬£¬£¬£¬Microsoft SharePoinÈí¼þÖб£´æÔ¶³ÌÖ´ÐдúÂëÎó²î¡£¡£ ¡£¡£¡£¡£ÀÖ³ÉʹÓôËÎó²îµÄ¹¥»÷Õß¿ÉÒÔÔÚ SharePointÓ¦ÓóÌÐò³ØºÍSharePointЧÀÍÆ÷³¡ÕÊ»§µÄÉÏÏÂÎÄÖÐÔËÐÐí§Òâ´úÂë¡£¡£ ¡£¡£¡£¡£¹¥»÷Õß±ØÐèÓÕʹÓû§½«¾­ÌØÊâÉè¼ÆµÄSharePointÓ¦ÓóÌÐò°üÉÏ´«µ½ÊÜÓ°Ïì°æ±¾µÄ SharePoint£¬£¬£¬£¬²Å»ªÊ¹ÓôËÎó²î¡£¡£ ¡£¡£¡£¡£

CVE-2020-1067ÊÇWindowsÔ¶³ÌÖ´ÐдúÂëÎó²î¡£¡£ ¡£¡£¡£¡£Windows´¦Öóͷ£ÄÚ´æÖй¤¾ßµÄ·½·¨Öб£´æÔ¶³ÌÖ´ÐдúÂëÎó²î¡£¡£ ¡£¡£¡£¡£ÀÖ³ÉʹÓôËÎó²îµÄ¹¥»÷Õß¿ÉÒÔʹÓÃÌáÉýµÄÌØȨÔÚÄ¿µÄϵͳÉÏÖ´ÐÐí§Òâ´úÂë¡£¡£ ¡£¡£¡£¡£ÈôҪʹÓôËÎó²î£¬£¬£¬£¬¾ßÓÐÓòÓû§ÕÊ»§µÄ¹¥»÷Õß¿ÉÒÔ½¨Éè¾­ÌØÊâÉè¼ÆµÄÇëÇ󣬣¬£¬£¬´Ó¶øʹWindowsʹÓÃÌáÉýµÄÌØȨִÐÐí§Òâ´úÂë¡£¡£ ¡£¡£¡£¡£

CVE-2020-1064ÊÇMSHTMLÒýÇæÔ¶³ÌÖ´ÐдúÂëÎó²î¡£¡£ ¡£¡£¡£¡£MSHTML ÒýÇ治׼ȷµØÑéÖ¤ÊäÈëµÄ·½·¨Öб£´æÔ¶³ÌÖ´ÐдúÂëÎó²î¡£¡£ ¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔÔÚÄ¿½ñÓû§µÄÉÏÏÂÎÄÖÐÖ´ÐÐí§Òâ´úÂë¡£¡£ ¡£¡£¡£¡£ÈôÊÇÄ¿½ñÓû§Ê¹ÓÃÖÎÀíÓû§È¨Ï޵Ǽ£¬£¬£¬£¬ÔòÀÖ³ÉʹÓôËÎó²îµÄ¹¥»÷Õß¿ÉÒÔ¿ØÖÆÊÜÓ°ÏìµÄϵͳ¡£¡£ ¡£¡£¡£¡£¹¥»÷Õß¿ÉËæºó×°ÖóÌÐò£»£» £»£»£» £»Éó²é¡¢¸ü¸Ä»òɾ³ýÊý¾Ý£»£» £»£»£» £»»òÕß½¨ÉèÓµÓÐÍêÈ«Óû§È¨ÏÞµÄÐÂÕÊ»§¡£¡£ ¡£¡£¡£¡£ÔÚ HTML ±à¼­¹¥»÷ÇéÐÎÏ£¬£¬£¬£¬¹¥»÷Õß¿ÉÄÜÓÕÆ­Óû§±à¼­¾­ÌØÊâÉè¼ÆרÃÅÓÃÓÚʹÓÃÎó²îµÄÎļþ¡£¡£ ¡£¡£¡£¡£

CVE-2020-1096ÊÇMicrosoft Edge PDFÔ¶³ÌÖ´ÐдúÂëÎó²î¡£¡£ ¡£¡£¡£¡£µ± Microsoft Edge PDFÔĶÁÆ÷²»×¼È·µØ´¦Öóͷ£ÄÚ´æÖеŤ¾ßʱ£¬£¬£¬£¬±£´æÔ¶³ÌÖ´ÐдúÂëÎó²î¡£¡£ ¡£¡£¡£¡£¸ÃÎó²î¿ÉÄÜÒÔÒ»ÖÖʹ¹¥»÷Õß¿ÉÒÔÔÚÄ¿½ñÓû§µÄÇéÐÎÖÐÖ´ÐÐí§Òâ´úÂëµÄ·½·¨Ëð»µÄÚ´æ¡£¡£ ¡£¡£¡£¡£ÀÖ³ÉʹÓøÃÎó²îµÄ¹¥»÷Õß¿ÉÒÔ»ñµÃÓëÄ¿½ñÓû§ÏàͬµÄÓû§È¨ÏÞ¡£¡£ ¡£¡£¡£¡£ÈôÊÇÄ¿½ñÓû§Ê¹ÓÃÖÎÀíÓû§È¨Ï޵Ǽ£¬£¬£¬£¬ÄÇô¹¥»÷Õß±ã¿É¿ØÖÆÊÜÓ°ÏìµÄϵͳ¡£¡£ ¡£¡£¡£¡£¹¥»÷Õß¿ÉËæºó×°ÖóÌÐò£»£» £»£»£» £»Éó²é¡¢¸ü¸Ä»òɾ³ýÊý¾Ý£»£» £»£»£» £»»òÕß½¨ÉèÓµÓÐÍêÈ«Óû§È¨ÏÞµÄÐÂÕÊ»§¡£¡£ ¡£¡£¡£¡£ÈôҪʹÓôËÎó²î£¬£¬£¬£¬ÔÚ»ùÓÚ Web µÄ¹¥»÷ÇéÐÎÖУ¬£¬£¬£¬¹¥»÷Õß¿ÉÄÜ»áÍйÜÒ»¸ö°üÀ¨¶ñÒâ PDF ÄÚÈݵÄÍøÕ¾¡£¡£ ¡£¡£¡£¡£ÁíÍ⣬£¬£¬£¬Êܵ½ÆÆËðµÄÍøÕ¾ÒÔ¼°½ÓÊÜ»òÍйÜÓû§ÌṩµÄÄÚÈݵÄÍøÕ¾¿ÉÄÜ°üÀ¨¿ÉʹÓôËÎó²îµÄ¾­ÌØÊâÉè¼ÆµÄ PDF ÄÚÈÝ¡£¡£ ¡£¡£¡£¡£²»¹ý£¬£¬£¬£¬ÔÚËùÓÐÇéÐÎÏ£¬£¬£¬£¬¹¥»÷Õ߶¼ÎÞ·¨Ç¿ÖÆÓû§Éó²éÓɹ¥»÷Õß¿ØÖƵÄÄÚÈÝ¡£¡£ ¡£¡£¡£¡£Ïà·´£¬£¬£¬£¬¹¥»÷Õß±ØÐèÓÕʹÓû§Ö´ÐвÙ×÷¡£¡£ ¡£¡£¡£¡£ÀýÈ磬£¬£¬£¬¹¥»÷Õß¿ÉÄÜÓÕÆ­Óû§µ¥»÷Ö¸Ïò¹¥»÷ÕßÍøÕ¾µÄÁ´½Ó¡£¡£ ¡£¡£¡£¡£

CVE-2020-1051/CVE-2020-1174/CVE-2020-1175/CVE-2020-1176ÊÇJetÊý¾Ý¿âÒýÇæÔ¶³ÌÖ´ÐдúÂëÎó²î¡£¡£ ¡£¡£¡£¡£µ±Windows JetÊý¾Ý¿âÒýÇ治׼ȷµØ´¦Öóͷ£ÄÚ´æÖеŤ¾ßʱ£¬£¬£¬£¬±£´æÔ¶³ÌÖ´ÐдúÂëÎó²î¡£¡£ ¡£¡£¡£¡£ÀÖ³ÉʹÓôËÎó²îµÄ¹¥»÷Õß¿ÉÒÔÔÚÊܺ¦ÕßϵͳÉÏÖ´ÐÐí§Òâ´úÂë¡£¡£ ¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔͨ¹ýÓÕʹÊܺ¦Õß·­¿ª¾­ÌØÊâÉè¼ÆµÄÎļþÀ´Ê¹ÓôËÎó²î¡£¡£ ¡£¡£¡£¡£


0x02 Ó°Ïì¹æÄ£


Îó²î±àºÅ

ÊÜÓ°Ïì²úÆ·°æ±¾

CVE-2020-1023

CVE-2020-1024

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Server 2019

Microsoft SharePoint Foundation 2013 Service Pack 1

CVE-2020-1102

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Server 2019

CVE-2020-1064

Internet Explorer 9

Internet Explorer 11

CVE-2020-1096

Microsoft Edge (EdgeHTML-based)

CVE-2020-1067

CVE-2020-1051

CVE-2020-1174

CVE-2020-1175

CVE-2020-1176

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for x64-based Systems

Windows Server, version 1803 (Server Core Installation)

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows Server, version 1909 (Server Core installation)

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for x64-based Systems

Windows 10 Version 1709 for ARM64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows Server, version 1903 (Server Core installation)

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for Itanium-Based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)



0x03 ´¦Öóͷ£½¨Òé


΢Èí¹Ù·½ÒѾ­Ðû²¼²¹¶¡ÐÞ¸´ÁËÉÏÊöÎó²î£¬£¬£¬£¬ÏÂÔØÁ´½Ó£º

https://portal.msrc.microsoft.com/zh-cn/security-guidance


0x04 Ïà¹ØÐÂÎÅ


https://www.zdnet.com/article/microsoft-may-2020-patch-tuesday-fixes-111-vulnerabilities/#ftag=RSSbaffb68


0x05 ²Î¿¼Á´½Ó


https://portal.msrc.microsoft.com/zh-cn/security-guidance


0x06 ʱ¼äÏß


2020-05-12 ΢Èí¹Ù·½Ðû²¼Îó²î

2020-05-13 VSRCÐû²¼Îó²îͨ¸æ

¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨