شرکت مایکروسافت بهروزرسانیهای امنیتی مربوط به ماه سپتامبر را منتشر کرده است. در وصلههای ارائه شده ۸۰ نقص امنیتی رفع شدهاند که دو مورد آنها آسیبپذیری روز صفر هستند. در مجموع، ۱۷ مورد از آسیبپذیریهای برطرف شده دارای درجه حساسیت بحرانی هستند.
دو آسیبپذیری روز صفر رفع شده دارای شناسههای CVE-۲۰۱۹-۱۲۱۴ و CVE-۲۰۱۹-۱۲۱۵ هستند که هر دو آسیبپذیریهای افزایش سطح دسترسی هستند. این نوع از آسیبپذیریها معمولا توسط بدافزارها به منظور اجرای کد دلخواه با سطح دسترسی ادمین در سیستمهای آلوده مورد بهرهبرداری قرار میگیرند. آسیبپذیری اول (CVE-۲۰۱۹-۱۲۱۴) در درایور Windows Common Log File System قرار دارد و آسیبپذیری دوم (CVE-۲۰۱۹-۱۲۱۵) سرویس (ws۲ifsl.sys (Winsock را تحت تاثیر قرار میدهد.
در وصلههای منتشر شده در این ماه، چهار مورد مربوط به آسیبپذیریهای Remote Desktop هستند که با شناسههای CVE-۲۰۱۹-۰۷۸۷، CVE-۲۰۱۹-۰۷۸۸، CVE-۲۰۱۹-۱۲۹۰ و CVE-۲۰۱۹-۱۲۹۱ معرفی شدهاند. این آسیبپذیریها منجر به اجرای کد دلخواه توسط مهاجم میشوند.
لیست تمامی آسیبپذیریهای رفع شده در جدول زیر ارائه شده است:
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET Core | CVE-2019-1301 | .NET Core Denial of Service Vulnerability | Important |
| .NET Framework | CVE-2019-1142 | .NET Framework Elevation of Privilege Vulnerability | Important |
| Active Directory | CVE-2019-1273 | Active Directory Federation Services XSS Vulnerability | Important |
| Adobe Flash Player | ADV190022 | September 2019 Adobe Flash Security Update | Critical |
| ASP.NET | CVE-2019-1302 | ASP.NET Core Elevation Of Privilege Vulnerability | Important |
| Common Log File System Driver | CVE-2019-1282 | Windows Common Log File System Driver Information Disclosure Vulnerability | Important |
| Common Log File System Driver | CVE-2019-1214 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Browsers | CVE-2019-1220 | Microsoft Browser Security Feature Bypass Vulnerability | Important |
| Microsoft Edge | CVE-2019-1299 | Microsoft Edge based on Edge HTML Information Disclosure Vulnerability | Important |
| Microsoft Exchange Server | CVE-2019-1233 | Microsoft Exchange Denial of Service Vulnerability | Important |
| Microsoft Exchange Server | CVE-2019-1266 | Microsoft Exchange Spoofing Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1245 | DirectWrite Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1252 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1284 | DirectX Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1283 | Microsoft Graphics Components Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1216 | DirectX Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1286 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1244 | DirectWrite Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1251 | DirectWrite Information Disclosure Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2019-1248 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2019-1246 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2019-1243 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2019-1247 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2019-1241 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2019-1240 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2019-1250 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2019-1249 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2019-1242 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2019-1264 | Microsoft Office Security Feature Bypass Vulnerability | Important |
| Microsoft Office | CVE-2019-1263 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2019-1297 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2019-1259 | Microsoft SharePoint Spoofing Vulnerability | Moderate |
| Microsoft Office SharePoint | CVE-2019-1260 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2019-1295 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2019-1257 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2019-1296 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2019-1262 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2019-1261 | Microsoft SharePoint Spoofing Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2019-1298 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1300 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1217 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1208 | VBScript Remote Code Execution Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1138 | Chakra Scripting Engine Memory Corruption Vulnerability | Moderate |
| Microsoft Scripting Engine | CVE-2019-1221 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1237 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1236 | VBScript Remote Code Execution Vulnerability | Moderate |
| Microsoft Windows | CVE-2019-1219 | Windows Transaction Manager Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2019-1280 | LNK Remote Code Execution Vulnerability | Critical |
| Microsoft Windows | CVE-2019-1277 | Windows Audio Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1278 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1215 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1289 | Windows Update Delivery Optimization Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1292 | Windows Denial of Service Vulnerability | Important |
| Microsoft Windows | CVE-2019-1294 | Windows Secure Boot Security Feature Bypass Vulnerability | Important |
| Microsoft Windows | CVE-2019-1287 | Windows Network Connectivity Assistant Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1270 | Microsoft Windows Store Installer Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1235 | Windows Text Service Framework Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1271 | Windows Media Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1303 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1272 | Windows ALPC Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1269 | Windows ALPC Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1253 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1267 | Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1268 | Winlogon Elevation of Privilege Vulnerability | Important |
| Microsoft Yammer | CVE-2019-1265 | Microsoft Yammer Security Feature Bypass Vulnerability | Important |
| Project Rome | CVE-2019-1231 | Rome SDK Information Disclosure Vulnerability | Important |
| Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates | Critical |
| Skype for Business and Microsoft Lync | CVE-2019-1209 | Lync 2013 Information Disclosure Vulnerability | Important |
| Team Foundation Server | CVE-2019-1305 | Team Foundation Server Cross-site Scripting Vulnerability | Important |
| Team Foundation Server | CVE-2019-1306 | Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability | Critical |
| Visual Studio | CVE-2019-1232 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | Important |
| Windows Hyper-V | CVE-2019-0928 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Windows Hyper-V | CVE-2019-1254 | Windows Hyper-V Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2019-1274 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2019-1293 | Windows SMB Client Driver Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2019-1285 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2019-1256 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows RDP | CVE-2019-1291 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
| Windows RDP | CVE-2019-1290 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
| Windows RDP | CVE-2019-0788 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
| Windows RDP | CVE-2019-0787 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
منبع :
