通告编号:NS-2020-0065
2020-11-11
TAG: | 安全更新、Windows、Office、Exchange Server、Defender |
|---|---|
漏洞危害: | 攻击者利用本次安全更新中的漏洞,可造成信息泄露、权限提升、远程代码执行等。 |
版本: | 1.0 |
1
漏洞概述
北京时间11月11日,微软发布11月安全更新补丁,修复了112个安全问题,涉及Microsoft Windows、Microsoft Office、Microsoft Exchange Server、Visual Studio、Windows Defender等广泛使用的产品,其中包括远程代码执行和权限提升等高危漏洞类型。
本月微软月度更新修复的漏洞中,严重程度为关键(Critical)的漏洞共有17个,重要(Important)漏洞有93个,2个 低危(Low)级别漏洞。请相关用户及时更新补丁进行防护,详细漏洞列表请参考附录。
绿盟远程安全评估系统(RSAS)已具备微软此次补丁更新中大多数漏洞的检测能力(包括CVE-2020-17042、CVE-2020-17048、CVE-2020-17051、CVE-2020-17052、CVE-2020-17053、CVE-2020-170585等高危漏洞),请相关用户关注绿盟远程安全评估系统系统插件升级包的更新,及时升级至V6.0R02F01.2007,官网链接:http://update.nsfocus.com/update/listRsasDetail/v/vulsys
参考链接:
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2020-Nov
SEE MORE →
2重点漏洞简述
根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:
Windows 网络文件系统远程代码执行漏洞(CVE-2020-17051):
Windows NFS v3服务器中存在可远程利用的堆溢出漏洞。在nfssvr.sys文件的某函数中,某处字符串ANSI转换为UNICODE后,调用了memcpy,从而造成了缓冲区溢出。攻击者可以利用此漏洞来访问系统,并通过精心制作的NFS数据包远程执行恶意代码。
官方通告链接:
https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2020-17051
Windows 网络文件系统信息泄露漏洞(CVE-2020-17056):
存在于nfssvr.sys驱动中的远程越界读取漏洞,当nfssvr对READ程序处理时存在越界读取,可导致ASLR(地址空间布局随机化)被绕过。此漏洞可被攻击者用来造成信息泄漏,并与CVE-2020-17051进行组合利用。
官方通告链接:
https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2020-17056
Windows 内核 cng.sys权限提升漏洞(CVE-2020-17087):
该漏洞是Windows cng.sys驱动中的缓冲区溢出漏洞,攻击者可以在用户端通过IOCTL 0x390400发送对应的畸形数据,从而造成溢出。攻击者还可以通过诱使用户打开恶意的文件或网络资源进行利用,达到本地提权或沙箱逃逸的目的。目前该漏洞PoC已公开,并发现在野利用。
官方通告链接:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087
Windows Print Spooler远程代码执行漏洞(CVE-2020-17042):
漏洞的CVSS评分为8.8,可利用性等级为“Exploitation Less Likely”。微软目前没有披露此漏洞的详细信息,根据Windows Print Spooler的历史漏洞,可与其他漏洞组合利用实现控制主机并进一步在网络中传播。
官方通告链接:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17042
Microsoft SharePoint 远程代码执行漏洞(CVE-2020-17061):
该漏洞为Microsoft SharePoint的远程代码执行漏洞。由于Microsoft SharePoint对用户输入的验证不足,存在反序列化漏洞,导致用户可以输入一些精心构造的数据,造成内存破坏,从而造成远程代码执行。
官方通告链接:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17061
Microsoft Exchange Server远程执行代码漏洞(CVE-2020-17083/CVE-2020-17084):
Microsoft Exchange在处理内存中的对象时存在以上漏洞。攻击者诱使用户打开精心构造的电子邮件来触发漏洞,成功利用此漏洞的攻击者可在受影响的系统上执行任意代码。
官方通告链接:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17083
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17084
Windows Hyper-V 安全功能绕过漏洞(CVE-2020-17040):
Microsoft 图形组件在处理内存中的对象时存在远程代码执行漏洞。攻击者可通过诱导用户打开特制文件来进行利用,成功利用此漏洞的远程攻击者可在目标系统上执行任意代码。
官方通告链接:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17040
3影响范围
以下为重点关注漏洞的受影响产品版本,其他漏洞影响产品范围请参阅官方通告链接。
漏洞编号 | 受影响产品版本 |
|---|---|
CVE-2020-17051 | Windows Server 2019 (Server Core installation)Windows Server 2019Windows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows 10 Version 2004 for x64-based SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows Server 2012Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows RT 8.1Windows 8.1 for x64-based systemsWindows 8.1 for 32-bit systemsWindows 7 for x64-based Systems Service Pack 1Windows 7 for 32-bit Systems Service Pack 1Windows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1607 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows Server, version 2004 (Server Core installation)Windows Server, version 20H2 (Server Core Installation)Windows 10 Version 20H2 for x64-based SystemsWindows 10 Version 20H2 for ARM64-based SystemsWindows 10 Version 20H2 for 32-bit Systems |
CVE-2020-17056 | Windows 10 Version 20H2 for 32-bit SystemsWindows 10 Version 20H2 for x64-based SystemsWindows Server, version 20H2 (Server Core Installation)Windows 10 Version 20H2 for ARM64-based SystemsWindows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2012Windows RT 8.1Windows 8.1 for x64-based systemsWindows 8.1 for 32-bit systemsWindows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1607 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 for 32-bit SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 2004 for x64-based SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows Server 2019 (Server Core installation)Windows Server 2019Windows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1803 for 32-bit Systems |
CVE-2020-17087 | Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2019 (Server Core installation)Windows Server 2019Windows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2012Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows RT 8.1Windows 8.1 for x64-based systemsWindows 8.1 for 32-bit systemsWindows 7 for x64-based Systems Service Pack 1Windows 7 for 32-bit Systems Service Pack 1Windows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1607 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 for 32-bit SystemsWindows Server, version 20H2 (Server Core Installation)Windows 10 Version 20H2 for ARM64-based SystemsWindows 10 Version 20H2 for 32-bit SystemsWindows 10 Version 20H2 for x64-based SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 2004 for x64-based SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based Systems |
CVE-2020-17042 | Windows Server, version 20H2 (Server Core Installation)Windows 10 Version 20H2 for ARM64-based SystemsWindows 10 Version 20H2 for 32-bit SystemsWindows 10 Version 20H2 for x64-based SystemsWindows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2012Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows RT 8.1Windows 8.1 for x64-based systemsWindows 8.1 for 32-bit systemsWindows 7 for x64-based Systems Service Pack 1Windows 7 for 32-bit Systems Service Pack 1Windows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1607 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 for 32-bit SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 2004 for x64-based SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows Server 2019 (Server Core installation)Windows Server 2019Windows 10 Version 1809 for ARM64-based Systems |
CVE-2020-17061 | Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Foundation 2010 Service Pack 2Microsoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016 |
CVE-2020-17083CVE-2020-17084 | Microsoft Exchange Server 2019 Cumulative Update 6Microsoft Exchange Server 2019 Cumulative Update 7Microsoft Exchange Server 2016 Cumulative Update 17Microsoft Exchange Server 2016 Cumulative Update 18Microsoft Exchange Server 2013 Cumulative Update 23 |
CVE-2020-17040 | Windows Server 2019 (Server Core installation)Windows Server 2019Windows 10 Version 1809 for x64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows Server, version 20H2 (Server Core Installation)Windows Server, version 2004 (Server Core installation)Windows 10 Version 2004 for x64-based SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1909 for x64-based SystemsWindows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows 8.1 for x64-based systemsWindows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1607 for x64-based SystemsWindows 10 for x64-based SystemsWindows 10 Version 20H2 for x64-based Systems |
4漏洞防护
4.1 补丁更新
目前微软官方已针对受支持的产品版本发布了修复以上漏洞的安全补丁,强烈建议受影响用户尽快安装补丁进行防护,官方下载链接:
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2020-Nov
注:由于网络问题、计算机环境问题等原因,Windows Update的补丁更新可能出现失败。用户在安装补丁后,应及时检查补丁是否成功更新。
右键点击Windows图标,选择“设置(N)”,选择“更新和安全”-“Windows更新”,查看该页面上的提示信息,也可点击“查看更新历史记录”查看历史更新情况。
针对未成功安装的更新,可点击更新名称跳转到微软官方下载页面,建议用户点击该页面上的链接,转到“Microsoft更新目录”网站下载独立程序包并安装。
附录:漏洞列表
影响产品 | CVE 编号 | 漏洞标题 | 严重程度 |
|---|---|---|---|
Windows | CVE-2020-17078 | Raw Image Extension 远程代码执行漏洞 | Critical |
Windows | CVE-2020-17079 | Raw Image Extension 远程代码执行漏洞 | Critical |
Windows | CVE-2020-17101 | HEIF Image Extensions 远程代码执行漏洞 | Critical |
Windows | CVE-2020-17105 | AV1 Video Extension 远程代码执行漏洞 | Critical |
Windows | CVE-2020-17106 | HEVC Video Extensions 远程代码执行漏洞 | Critical |
Windows | CVE-2020-17107 | HEVC Video Extensions 远程代码执行漏洞 | Critical |
Windows | CVE-2020-17108 | HEVC Video Extensions 远程代码执行漏洞 | Critical |
Windows | CVE-2020-17109 | HEVC Video Extensions 远程代码执行漏洞 | Critical |
Windows | CVE-2020-17110 | HEVC Video Extensions 远程代码执行漏洞 | Critical |
Azure | CVE-2020-16988 | Azure Sphere 权限提升漏洞 | Critical |
Windows | CVE-2020-17042 | Windows Print Spooler 远程代码执行漏洞 | Critical |
ChakraCore,Microsoft Edge | CVE-2020-17048 | Chakra Scripting Engine 内存泄露漏洞 | Critical |
Windows | CVE-2020-17051 | Windows Network File System 远程代码执行漏洞 | Critical |
Internet Explorer,Microsoft Edge | CVE-2020-17052 | Scripting Engine 内存泄露漏洞 | Critical |
Internet Explorer | CVE-2020-17053 | Internet Explorer 内存泄露漏洞 | Critical |
Internet Explorer,Microsoft Edge | CVE-2020-17058 | Microsoft Browser 内存泄露漏洞 | Critical |
Windows | CVE-2020-17082 | Raw Image Extension 远程代码执行漏洞 | Critical |
Azure | CVE-2020-16970 | Azure Sphere Unsigned Code Execution Vulnerability | Important |
Microsoft Office | CVE-2020-16979 | Microsoft SharePoint 信息披露漏洞 | Important |
Windows | CVE-2020-16997 | Remote Desktop Protocol Server 信息披露漏洞 | Important |
Windows | CVE-2020-16998 | DirectX 权限提升漏洞 | Important |
Windows | CVE-2020-16999 | Windows WalletService 信息披露漏洞 | Important |
Windows | CVE-2020-17000 | Remote Desktop Protocol Client 信息披露漏洞 | Important |
Windows | CVE-2020-17001 | Windows Print Spooler 权限提升漏洞 | Important |
Windows | CVE-2020-17004 | Windows Graphics Component 信息披露漏洞 | Important |
Microsoft Office | CVE-2020-17019 | Microsoft Excel 远程代码执行漏洞 | Important |
Microsoft Office | CVE-2020-17020 | Microsoft Word Security 功能绕过 | Important |
Windows | CVE-2020-17055 | Windows Remote Access 权限提升漏洞 | Important |
Windows | CVE-2020-17056 | Windows Network File System 信息披露漏洞 | Important |
Windows | CVE-2020-17057 | Windows Win32k 权限提升漏洞 | Important |
Windows | CVE-2020-17068 | Windows GDI 远程代码执行漏洞 | Important |
Windows | CVE-2020-17069 | Windows NDIS 信息披露漏洞 | Important |
Windows | CVE-2020-17070 | Windows Update Medic Service 权限提升漏洞 | Important |
Windows | CVE-2020-17071 | Windows Delivery Optimization 信息披露漏洞 | Important |
Windows | CVE-2020-17073 | Windows Update Orchestrator Service 权限提升漏洞 | Important |
Windows | CVE-2020-17074 | Windows Update Orchestrator Service 权限提升漏洞 | Important |
Windows | CVE-2020-17075 | Windows USO Core Worker 权限提升漏洞 | Important |
Windows | CVE-2020-17076 | Windows Update Orchestrator Service 权限提升漏洞 | Important |
Windows | CVE-2020-17077 | Windows Update Stack 权限提升漏洞 | Important |
Windows | CVE-2020-17087 | Windows Kernel Local 权限提升漏洞 | Important |
Windows | CVE-2020-17088 | Windows Common Log File System Driver 权限提升漏洞 | Important |
Windows | CVE-2020-17090 | Microsoft Defender for Endpoint Security 功能绕过 | Important |
Microsoft Office | CVE-2020-17091 | Microsoft Teams 远程代码执行漏洞 | Important |
Microsoft Visual Studio | CVE-2020-17100 | Visual Studio Tampering Vulnerability | Important |
Windows | CVE-2020-17102 | WebP Image Extensions 信息披露漏洞 | Important |
Windows | CVE-2020-17113 | Windows Camera Codec 信息披露漏洞 | Important |
Windows | CVE-2020-1599 | Windows 欺骗漏洞 | Important |
Azure | CVE-2020-16981 | Azure Sphere 权限提升漏洞 | Important |
Azure | CVE-2020-16982 | Azure Sphere Unsigned Code Execution Vulnerability | Important |
Azure | CVE-2020-16983 | Azure Sphere Tampering Vulnerability | Important |
Azure | CVE-2020-16984 | Azure Sphere Unsigned Code Execution Vulnerability | Important |
Azure | CVE-2020-16985 | Azure Sphere 信息披露漏洞 | Important |
Azure | CVE-2020-16986 | Azure Sphere 拒绝服务漏洞 | Important |
Azure | CVE-2020-16987 | Azure Sphere Unsigned Code Execution Vulnerability | Important |
Azure | CVE-2020-16989 | Azure Sphere 权限提升漏洞 | Important |
Azure | CVE-2020-16990 | Azure Sphere 信息披露漏洞 | Important |
Azure | CVE-2020-16991 | Azure Sphere Unsigned Code Execution Vulnerability | Important |
Azure | CVE-2020-16992 | Azure Sphere 权限提升漏洞 | Important |
Azure | CVE-2020-16993 | Azure Sphere 权限提升漏洞 | Important |
Azure | CVE-2020-16994 | Azure Sphere Unsigned Code Execution Vulnerability | Important |
Microsoft Dynamics | CVE-2020-17005 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Dynamics | CVE-2020-17006 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Windows | CVE-2020-17007 | Windows Error Reporting 权限提升漏洞 | Important |
Windows | CVE-2020-17010 | Win32k 权限提升漏洞 | Important |
Windows | CVE-2020-17011 | Windows Port Class Library 权限提升漏洞 | Important |
Windows | CVE-2020-17012 | Windows Bind Filter Driver 权限提升漏洞 | Important |
Windows | CVE-2020-17013 | Win32k 信息披露漏洞 | Important |
Windows | CVE-2020-17014 | Windows Print Spooler 权限提升漏洞 | Important |
Microsoft Office | CVE-2020-17016 | Microsoft SharePoint 欺骗漏洞 | Important |
Microsoft Office | CVE-2020-17017 | Microsoft SharePoint 信息披露漏洞 | Important |
Microsoft Dynamics | CVE-2020-17018 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Dynamics | CVE-2020-17021 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Windows | CVE-2020-17024 | Windows Client Side Rendering Print Provider 权限提升漏洞 | Important |
Windows | CVE-2020-17025 | Windows Remote Access 权限提升漏洞 | Important |
Windows | CVE-2020-17026 | Windows Remote Access 权限提升漏洞 | Important |
Windows | CVE-2020-17027 | Windows Remote Access 权限提升漏洞 | Important |
Windows | CVE-2020-17028 | Windows Remote Access 权限提升漏洞 | Important |
Windows | CVE-2020-17029 | Windows Canonical Display Driver 信息披露漏洞 | Important |
Windows | CVE-2020-17030 | Windows MSCTF Server 信息披露漏洞 | Important |
Windows | CVE-2020-17031 | Windows Remote Access 权限提升漏洞 | Important |
Windows | CVE-2020-17032 | Windows Remote Access 权限提升漏洞 | Important |
Windows | CVE-2020-17033 | Windows Remote Access 权限提升漏洞 | Important |
Windows | CVE-2020-17034 | Windows Remote Access 权限提升漏洞 | Important |
Windows | CVE-2020-17035 | Windows Kernel 权限提升漏洞 | Important |
Windows | CVE-2020-17036 | Windows Function Discovery SSDP Provider 信息披露漏洞 | Important |
Windows | CVE-2020-17037 | Windows WalletService 权限提升漏洞 | Important |
Windows | CVE-2020-17038 | Win32k 权限提升漏洞 | Important |
Windows | CVE-2020-17040 | Windows Hyper-V Security 功能绕过 | Important |
Windows | CVE-2020-17041 | Windows Print Configuration 权限提升漏洞 | Important |
Windows | CVE-2020-17043 | Windows Remote Access 权限提升漏洞 | Important |
Windows | CVE-2020-17044 | Windows Remote Access 权限提升漏洞 | Important |
Windows | CVE-2020-17045 | Windows KernelStream 信息披露漏洞 | Important |
Windows | CVE-2020-17047 | Windows Network File System 拒绝服务漏洞 | Important |
Windows | CVE-2020-17049 | Kerberos Security 功能绕过 | Important |
ChakraCore,Microsoft Edge | CVE-2020-17054 | Chakra Scripting Engine 内存泄露漏洞 | Important |
Microsoft Office | CVE-2020-17060 | Microsoft SharePoint 欺骗漏洞 | Important |
Microsoft Office | CVE-2020-17061 | Microsoft SharePoint 远程代码执行漏洞 | Important |
Microsoft Office | CVE-2020-17062 | Microsoft Office Access Connectivity Engine 远程代码执行漏洞 | Important |
Microsoft Office | CVE-2020-17063 | Microsoft Office Online 欺骗漏洞 | Important |
Microsoft Office | CVE-2020-17064 | Microsoft Excel 远程代码执行漏洞 | Important |
Microsoft Office | CVE-2020-17065 | Microsoft Excel 远程代码执行漏洞 | Important |
Microsoft Office | CVE-2020-17066 | Microsoft Excel 远程代码执行漏洞 | Important |
Microsoft Office | CVE-2020-17067 | Microsoft Excel Security 功能绕过 | Important |
Windows | CVE-2020-17081 | Microsoft Raw Image Extension 信息披露漏洞 | Important |
Exchange Server | CVE-2020-17083 | Microsoft Exchange Server 远程代码执行漏洞 | Important |
Exchange Server | CVE-2020-17084 | Microsoft Exchange Server 远程代码执行漏洞 | Important |
Exchange Server | CVE-2020-17085 | Microsoft Exchange Server 拒绝服务漏洞 | Important |
Windows | CVE-2020-17086 | Raw Image Extension 远程代码执行漏洞 | Important |
Visual Studio Code | CVE-2020-17104 | Visual Studio Code JSHint Extension 远程代码执行漏洞 | Important |
Azure DevOps Server | CVE-2020-1325 | Azure DevOps Server and Team Foundation Services 欺骗漏洞 | Important |
Microsoft Office | CVE-2020-17015 | Microsoft SharePoint 欺骗漏洞 | Low |
Windows | CVE-2020-17046 | Windows Error Reporting 拒绝服务漏洞 | Low |
