بروز رسانی سه شنبه های مایکروسافت مربوط به ماه می 2020 منتشر شد، در این بروزرسانی ها 111 آسیب پذیری موجود در محصولات مایکروسافت رفع گردیده که شامل 13 مورد حیاتی و 91 مورد مهم است. در این ماه هیچ آسیب پذیری بدون وصله یا Zero-Day وجود ندارد.
کاربران بایستی در اولین فرصت نسبت به نصب این وصله های اقدام کنند تا ویندوزهای خود در برابر خطرات ناشناخته محفوظ بماند.
3 مورد از آسیب پذیری های حیاتی مربوط به Microsoft Edge با این بروزرسانی رفع شده است، وجود این آسیب پذیریها می توانست به مهاجمان اجازه ردگیری کاربران بازدید کننده از سایتهای مخرب و اجرای کد از راه دور بدهد و در صورت سوءاستفاده مهاجم می تواند دستورات را بر روی سیستم کاربر با در اختیار داشتن کلیه مجوزها اجرا نماید:
• CVE-2020-1056 – Microsoft Edge Elevation of Privilege Vulnerability
• CVE-2020-1059 – Microsoft Edge Spoofing Vulnerability
• CVE-2020-1096 – Microsoft Edge PDF Remote Code Execution Vulnerability
یکی دیگر از آسیب پذیری ها مربوط به ماژول Color Management (ICM32.dll) می باشد که این آسیب پذیری نیز اجازه اجرای کد از راه دور را به مهاجم میدهد:
• CVE-2020-1117 | Microsoft Color Management Remote Code Execution Vulnerability
لیست کامل بروزرسانی این ماه در جدول زیر قابل مشاهده است :
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET Core | CVE-2020-1161 | ASP.NET Core Denial of Service Vulnerability | Important |
| .NET Core | CVE-2020-1108 | .NET Core & .NET Framework Denial of Service Vulnerability | Important |
| .NET Framework | CVE-2020-1066 | .NET Framework Elevation of Privilege Vulnerability | Important |
| Active Directory | CVE-2020-1055 | Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability | Important |
| Common Log File System Driver | CVE-2020-1154 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Internet Explorer | CVE-2020-1092 | Internet Explorer Memory Corruption Vulnerability | Low |
| Internet Explorer | CVE-2020-1064 | MSHTML Engine Remote Code Execution Vulnerability | Moderate |
| Internet Explorer | CVE-2020-1062 | Internet Explorer Memory Corruption Vulnerability | Moderate |
| Internet Explorer | CVE-2020-1093 | VBScript Remote Code Execution Vulnerability | Moderate |
| Microsoft Dynamics | CVE-2020-1063 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important |
| Microsoft Edge | CVE-2020-1059 | Microsoft Edge Spoofing Vulnerability | Important |
| Microsoft Edge | CVE-2020-1056 | Microsoft Edge Elevation of Privilege Vulnerability | Critical |
| Microsoft Edge | CVE-2020-1096 | Microsoft Edge PDF Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1145 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1135 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1179 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1153 | Microsoft Graphics Components Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2020-1140 | DirectX Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-0963 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1054 | Win32k Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1142 | Windows GDI Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1117 | Microsoft Color Management Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2020-1141 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2020-1176 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2020-1051 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2020-1175 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2020-1174 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-0901 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1069 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2020-1100 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1105 | Microsoft SharePoint Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1102 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2020-1024 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2020-1023 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2020-1104 | Microsoft SharePoint Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1101 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1099 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1103 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1107 | Microsoft SharePoint Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1106 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2020-1060 | VBScript Remote Code Execution Vulnerability | Low |
| Microsoft Scripting Engine | CVE-2020-1065 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2020-1037 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2020-1035 | VBScript Remote Code Execution Vulnerability | Low |
| Microsoft Scripting Engine | CVE-2020-1058 | VBScript Remote Code Execution Vulnerability | Low |
| Microsoft Windows | CVE-2020-1111 | Windows Clipboard Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1112 | Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1082 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1086 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1048 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1090 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1088 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1166 | Windows Clipboard Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1021 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1164 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1165 | Windows Clipboard Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1184 | Windows State Repository Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1188 | Windows State Repository Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1191 | Windows State Repository Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1185 | Windows State Repository Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1187 | Windows State Repository Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1125 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1131 | Windows State Repository Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1121 | Windows Clipboard Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1123 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | Important |
| Microsoft Windows | CVE-2020-1132 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1010 | Microsoft Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1028 | Media Foundation Memory Corruption Vulnerability | Critical |
| Microsoft Windows | CVE-2020-1136 | Media Foundation Memory Corruption Vulnerability | Critical |
| Microsoft Windows | CVE-2020-1139 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1144 | Windows State Repository Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1149 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1076 | Windows Denial of Service Vulnerability | Important |
| Microsoft Windows | CVE-2020-1143 | Win32k Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1071 | Windows Remote Access Common Dialog Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1155 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1150 | Media Foundation Memory Corruption Vulnerability | Important |
| Microsoft Windows | CVE-2020-1151 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1138 | Windows Storage Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1118 | Microsoft Windows Transport Layer Security Denial of Service Vulnerability | Important |
| Microsoft Windows | CVE-2020-1124 | Windows State Repository Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1084 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | Important |
| Microsoft Windows | CVE-2020-1116 | Windows CSRSS Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-1078 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1137 | Windows Push Notification Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1126 | Media Foundation Memory Corruption Vulnerability | Critical |
| Microsoft Windows | CVE-2020-1134 | Windows State Repository Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1070 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1068 | Microsoft Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1067 | Windows Remote Code Execution Vulnerability | Important |
| Microsoft Windows | CVE-2020-1072 | Windows Kernel Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-1081 | Windows Printer Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1079 | Microsoft Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1077 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1190 | Windows State Repository Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1158 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1157 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1186 | Windows State Repository Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1156 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1189 | Windows State Repository Service Elevation of Privilege Vulnerability | Important |
| Power BI | CVE-2020-1173 | Microsoft Power BI Report Server Spoofing Vulnerability | Important |
| Visual Studio | CVE-2020-1192 | Visual Studio Code Python Extension Remote Code Execution Vulnerability | Critical |
| Visual Studio | CVE-2020-1171 | Visual Studio Code Python Extension Remote Code Execution Vulnerability | Important |
| Windows Hyper-V | CVE-2020-0909 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2020-1114 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-1087 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Scripting | CVE-2020-1061 | Microsoft Script Runtime Remote Code Execution Vulnerability | Important |
| Windows Subsystem for Linux | CVE-2020-1075 | Windows Subsystem for Linux Information Disclosure Vulnerability | Important |
| Windows Task Scheduler | CVE-2020-1113 | Windows Task Scheduler Security Feature Bypass Vulnerability | Important |
| Windows Update Stack | CVE-2020-1109 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
| Windows Update Stack | CVE-2020-1110 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
منبع :
