微软1月补丁日回顾 | 新年新气象

微软发布1月份安全补丁,修复51个安全漏洞

微软在昨日例行更新中发布了1月份的安全补丁,修复了51个安全漏洞。其中有7个漏洞被标记为关键漏洞。

此次并没有出现已在野利用的漏洞,仅有一个漏洞是此前已披露的,这个漏洞是CVE-2019-0579。在9月的时候ZDI曾公开披露过这个漏洞(因为微软超过120天未修复漏洞),微软接着在10月的补丁日修复了这个漏洞,但仍有可以绕过的方式,此次则再次尝试Patch掉这个漏洞。

此前推特上疯狂丢0day的作者披露的漏洞暂还未修复完成,恐怕还需花些时日。

 

1月更新中几个重要的漏洞

CVE-2019-0550/0551 Hyper-V RCE漏洞

两个相似的漏洞,虽然归类为远程代码执行,但实际上是需要Guest权限下操作。近日360安全研究员因Hyper-V漏洞收获百万奖金,可见此类漏洞影响力与重要性。这两个漏洞同时也是去年Pwn2Own中用到的漏洞,并获得了25万美金奖励。

CVE-2019-0547 DHCP RCE漏洞

上次见到影响稍广的DHCP客户端漏洞是Linux上的CVE-2018-1111,差不多半年后Windows上也出现了类似的问题。此漏洞危害、利用评级非常高,被多家安全企业列入应用补丁的第一梯队。根据微软描述只需向客户端发送特殊的响应包即可触发漏洞,可能会遭到大规模的利用。

CVE-2019-0586 Exchange RCE漏洞

微软此次并未将其归类为关键漏洞,但此漏洞根据描述利用场景还是较为容易的,发送特殊的邮件即可在Exchange服务器System用户权限下实现代码执行。

 

漏洞列表

CVE Title Severity Public Exploit XI – Latest XI – Older Type
CVE-2019-0579 Jet Database Engine Remote Code Execution Vulnerability Important Yes No 3 3 RCE
CVE-2019-0539 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2019-0568 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2019-0567 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2019-0565 Microsoft Edge Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2019-0547 Windows DHCP Client Remote Code Execution Vulnerability Critical No No 1 N/A RCE
CVE-2019-0550 Windows Hyper-V Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2019-0551 Windows Hyper-V Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2019-0564 ASP.NET Core Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2019-0548 ASP.NET Core Denial of Service Vulnerability Important No No 2 2 EoP
CVE-2019-0566 Microsoft Edge Elevation of Privilege Vulnerability Important No No 1 N/A EoP
CVE-2019-0562 Microsoft SharePoint Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2019-0543 Microsoft Windows Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2019-0555 Microsoft XmlDocument Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2019-0552 Windows COM Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2019-0571 Windows Data Sharing Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2019-0572 Windows Data Sharing Service Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2019-0573 Windows Data Sharing Service Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2019-0574 Windows Data Sharing Service Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2019-0570 Windows Runtime Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2019-0545 ASP.NET Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2019-0560 Microsoft Office Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2019-0559 Microsoft Outlook Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2019-0537 Microsoft Visual Studio Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2019-0561 Microsoft Word Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2019-0536 Windows Kernel Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2019-0549 Windows Kernel Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2019-0554 Windows Kernel Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2019-0569 Windows Kernel Information Disclosure Vulnerability Important No No 1 1 Info
CVE-2019-0553 Windows Subsystem for Linux Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2019-0541 Internet Explorer Remote Code Execution Vulnerability Important No No 1 1 RCE
CVE-2019-0538 Jet Database Engine Remote Code Execution Vulnerability Important No No 3 3 RCE
CVE-2019-0575 Jet Database Engine Remote Code Execution Vulnerability Important No No 3 3 RCE
CVE-2019-0576 Jet Database Engine Remote Code Execution Vulnerability Important No No 3 3 RCE
CVE-2019-0577 Jet Database Engine Remote Code Execution Vulnerability Important No No 3 3 RCE
CVE-2019-0578 Jet Database Engine Remote Code Execution Vulnerability Important No No 3 3 RCE
CVE-2019-0580 Jet Database Engine Remote Code Execution Vulnerability Important No No 3 3 RCE
CVE-2019-0581 Jet Database Engine Remote Code Execution Vulnerability Important No No 3 3 RCE
CVE-2019-0582 Jet Database Engine Remote Code Execution Vulnerability Important No No 3 3 RCE
CVE-2019-0583 Jet Database Engine Remote Code Execution Vulnerability Important No No 3 3 RCE
CVE-2019-0584 Jet Database Engine Remote Code Execution Vulnerability Important No No 3 3 RCE
CVE-2019-0588 Microsoft Exchange Information Disclosure Vulnerability Important No No 2 2 RCE
CVE-2019-0586 Microsoft Exchange Memory Corruption Vulnerability Important No No 1 1 RCE
CVE-2019-0585 Microsoft Word Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2019-0556 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2019-0557 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2019-0558 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2019-0622 Skype for Android Elevation of Privilege Vulnerability Moderate No No N/A N/A EoP
CVE-2019-0546 Visual Studio Remote Code Execution Vulnerability Moderate No No 2 2 RCE

 

参考链接

https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-january-2019

https://www.thezdi.com/blog/2019/1/8/the-january-2019-security-update-review

https://blog.talosintelligence.com/2019/01/microsoft-patch-tuesday-january-2019.html

(完)