بروز رسانی سه شنبه های مایکروسافت - ماه می 2020

May 2020 Patch Tuesday Microsoft fixes 111 vulnerabilities 13 Critical

بروز رسانی سه شنبه های مایکروسافت مربوط به ماه می 2020 منتشر شد، در این بروزرسانی ها 111 آسیب پذیری موجود در محصولات مایکروسافت رفع گردیده که شامل 13 مورد حیاتی و 91 مورد مهم است. در این ماه هیچ آسیب پذیری بدون وصله یا Zero-Day وجود ندارد.


کاربران بایستی در اولین فرصت نسبت به نصب این وصله های اقدام کنند تا ویندوزهای خود در برابر خطرات ناشناخته محفوظ بماند.
3 مورد از آسیب پذیری های حیاتی مربوط به Microsoft Edge با این بروزرسانی رفع شده است، وجود این آسیب پذیریها می توانست به مهاجمان اجازه ردگیری کاربران بازدید کننده از سایتهای مخرب و اجرای کد از راه دور بدهد و در صورت سوءاستفاده مهاجم می تواند دستورات را بر روی سیستم کاربر با در اختیار داشتن کلیه مجوزها اجرا نماید:


•    CVE-2020-1056 - Microsoft Edge Elevation of Privilege Vulnerability
•   CVE-2020-1059 - Microsoft Edge Spoofing Vulnerability
•    CVE-2020-1096 - Microsoft Edge PDF Remote Code Execution Vulnerability

یکی دیگر از آسیب پذیری ها مربوط به ماژول Color Management (ICM32.dll) می باشد که این آسیب پذیری نیز اجازه اجرای کد از راه دور را به مهاجم میدهد:


•    CVE-2020-1117 | Microsoft Color Management Remote Code Execution Vulnerability

لیست کامل بروزرسانی این ماه در جدول زیر قابل مشاهده است :

TagCVE IDCVE TitleSeverity
.NET Core CVE-2020-1161 ASP.NET Core Denial of Service Vulnerability Important
.NET Core CVE-2020-1108 .NET Core & .NET Framework Denial of Service Vulnerability Important
.NET Framework CVE-2020-1066 .NET Framework Elevation of Privilege Vulnerability Important
Active Directory CVE-2020-1055 Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability Important
Common Log File System Driver CVE-2020-1154 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Internet Explorer CVE-2020-1092 Internet Explorer Memory Corruption Vulnerability Low
Internet Explorer CVE-2020-1064 MSHTML Engine Remote Code Execution Vulnerability Moderate
Internet Explorer CVE-2020-1062 Internet Explorer Memory Corruption Vulnerability Moderate
Internet Explorer CVE-2020-1093 VBScript Remote Code Execution Vulnerability Moderate
Microsoft Dynamics CVE-2020-1063 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important
Microsoft Edge CVE-2020-1059 Microsoft Edge Spoofing Vulnerability Important
Microsoft Edge CVE-2020-1056 Microsoft Edge Elevation of Privilege Vulnerability Critical
Microsoft Edge CVE-2020-1096 Microsoft Edge PDF Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2020-1145 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2020-1135 Windows Graphics Component Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2020-1179 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2020-1153 Microsoft Graphics Components Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2020-1140 DirectX Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2020-0963 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2020-1054 Win32k Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2020-1142 Windows GDI Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2020-1117 Microsoft Color Management Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2020-1141 Windows GDI Information Disclosure Vulnerability Important
Microsoft JET Database Engine CVE-2020-1176 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2020-1051 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2020-1175 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2020-1174 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2020-0901 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2020-1069 Microsoft SharePoint Server Remote Code Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2020-1100 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2020-1105 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2020-1102 Microsoft SharePoint Remote Code Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2020-1024 Microsoft SharePoint Remote Code Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2020-1023 Microsoft SharePoint Remote Code Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2020-1104 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2020-1101 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2020-1099 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2020-1103 Microsoft SharePoint Information Disclosure Vulnerability Important
Microsoft Office SharePoint CVE-2020-1107 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2020-1106 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Scripting Engine CVE-2020-1060 VBScript Remote Code Execution Vulnerability Low
Microsoft Scripting Engine CVE-2020-1065 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2020-1037 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2020-1035 VBScript Remote Code Execution Vulnerability Low
Microsoft Scripting Engine CVE-2020-1058 VBScript Remote Code Execution Vulnerability Low
Microsoft Windows CVE-2020-1111 Windows Clipboard Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1112 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1082 Windows Error Reporting Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1086 Windows Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1048 Windows Print Spooler Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1090 Windows Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1088 Windows Error Reporting Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1166 Windows Clipboard Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1021 Windows Error Reporting Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1164 Windows Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1165 Windows Clipboard Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1184 Windows State Repository Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1188 Windows State Repository Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1191 Windows State Repository Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1185 Windows State Repository Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1187 Windows State Repository Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1125 Windows Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1131 Windows State Repository Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1121 Windows Clipboard Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1123 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Important
Microsoft Windows CVE-2020-1132 Windows Error Reporting Manager Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1010 Microsoft Windows Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1028 Media Foundation Memory Corruption Vulnerability Critical
Microsoft Windows CVE-2020-1136 Media Foundation Memory Corruption Vulnerability Critical
Microsoft Windows CVE-2020-1139 Windows Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1144 Windows State Repository Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1149 Windows Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1076 Windows Denial of Service Vulnerability Important
Microsoft Windows CVE-2020-1143 Win32k Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1071 Windows Remote Access Common Dialog Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1155 Windows Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1150 Media Foundation Memory Corruption Vulnerability Important
Microsoft Windows CVE-2020-1151 Windows Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1138 Windows Storage Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1118 Microsoft Windows Transport Layer Security Denial of Service Vulnerability Important
Microsoft Windows CVE-2020-1124 Windows State Repository Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1084 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Important
Microsoft Windows CVE-2020-1116 Windows CSRSS Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-1078 Windows Installer Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1137 Windows Push Notification Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1126 Media Foundation Memory Corruption Vulnerability Critical
Microsoft Windows CVE-2020-1134 Windows State Repository Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1070 Windows Print Spooler Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1068 Microsoft Windows Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1067 Windows Remote Code Execution Vulnerability Important
Microsoft Windows CVE-2020-1072 Windows Kernel Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-1081 Windows Printer Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1079 Microsoft Windows Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1077 Windows Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1190 Windows State Repository Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1158 Windows Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1157 Windows Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1186 Windows State Repository Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1156 Windows Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1189 Windows State Repository Service Elevation of Privilege Vulnerability Important
Power BI CVE-2020-1173 Microsoft Power BI Report Server Spoofing Vulnerability Important
Visual Studio CVE-2020-1192 Visual Studio Code Python Extension Remote Code Execution Vulnerability Critical
Visual Studio CVE-2020-1171 Visual Studio Code Python Extension Remote Code Execution Vulnerability Important
Windows Hyper-V CVE-2020-0909 Windows Hyper-V Denial of Service Vulnerability Important
Windows Kernel CVE-2020-1114 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-1087 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Scripting CVE-2020-1061 Microsoft Script Runtime Remote Code Execution Vulnerability Important
Windows Subsystem for Linux CVE-2020-1075 Windows Subsystem for Linux Information Disclosure Vulnerability Important
Windows Task Scheduler CVE-2020-1113 Windows Task Scheduler Security Feature Bypass Vulnerability Important
Windows Update Stack CVE-2020-1109 Windows Update Stack Elevation of Privilege Vulnerability Important
Windows Update Stack CVE-2020-1110 Windows Update Stack Elevation of Privilege Vulnerability Important

 

منبع :

https://www.bleepingcomputer.com

افزودن دیدگاه جدید

نظر خودتان را ارسال کنید

کاربر گرامی چنانچه تمایل دارید، نقد یا نظر شما به نام خودتان در سایت ثبت شود، لطفا وارد سایت شوید.

طراحی سایت طراحی سایت طراحی سایت طراحی سایت

کلیه حقوق این سایت محفوظ و متعلق به شرکت مهندسی تحقیق و توسعه ارتباط پانا می باشد.

گفتگوی آنلاین