΢Èí | 9Ô¶à¸ö²úÆ·Îó²îͨ¸æ
Ðû²¼Ê±¼ä 2020-09-090x00 Îó²î¸ÅÊö
2020Äê09ÔÂ08ÈÕÐÇÆÚ¶þ£¬£¬£¬£¬£¬£¬MicrosoftÐû²¼ÁË9ÔµÄÇå¾²¸üС£¡£¡£¡£¡£¡£¡£±¾´ÎÇå¾²¸üй²ÐÞ¸´ÁË129¸öÎó²î£¬£¬£¬£¬£¬£¬Éæ¼°Microsoft Windows¡¢Internet Explorer¡¢Microsoft Office¡¢Microsoft Exchange ServeµÈ£¬£¬£¬£¬£¬£¬ÏÖÔÚÉÐûÓÐÒ»¸öÎó²î±»ÔÚҰʹÓᣡ£¡£¡£¡£¡£¡£ÆäÖÐÓÐ23¸öÎó²îΪÑÏÖØÎó²î£¬£¬£¬£¬£¬£¬105¸öΪ¸ßΣÎó²î¡£¡£¡£¡£¡£¡£¡£
0x01 Îó²îÏêÇé
2020Äê9ÔÂÇå¾²¸üÐÂÉæ¼°ÒÔÏÂ×é¼þ£º
lMicrosoft Windows
lMicrosoft Edge (EdgeHTML-based)
lMicrosoft Edge (Chromium-based)
lMicrosoft ChakraCore
lnternet Explorer
lSQL Server
lMicrosoft JET Database Engine
lMicrosoft Office and Microsoft Office Services and Web Apps
lMicrosoft Dynamics
lVisual Studio
lMicrosoft Exchange Server
lSQL Server
lASP.NET
lMicrosoft OneDrive
lAzure DevOps
²¿·ÖÊÜÓ°ÏìµÄ°æ±¾ÈçÏ£º
CVE±àºÅ | Ó°Ïì°æ±¾ |
CVE-2020-0664 | Windows Server 2008 for 32-bit SystemsService Pack 2 Windows Server 2008 for 32-bit SystemsService Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server, version 1903 (Server Core installation) Windows Server, version 1909 (Server Core installation)
|
CVE-2020-0922 CVE-2020-1252 CVE-2020-1285 | Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-basedSystems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1709 for x64-basedSystems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server, version 1903 (Server Core installation) Windows Server, version 1909 (Server Core installation) Windows Server, version 2004 (Server Core installation) |
CVE-2020-1129 | Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server, version 1903 (Server Core installation) Windows Server, version 1909 (Server Core installation) Windows Server, version 2004 (Server Core installation) |
CVE-2020-1200 | Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2010 Service Pack 2 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019 |
CVE-2020-1210 | Microsoft Business Productivity Servers 2010 Service Pack 2 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2010 Service Pack 2 Microsoft SharePoint Server 2019 |
CVE-2020-1319 | Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server, version 1903 (Server Core installation) Windows Server, version 1909 (Server Core installation) Windows Server, version 2004 (Server Core installation) |
CVE-2020-1452 CVE-2020-1453 CVE-2020-1460 | Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2010 Service Pack 2 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019 |
CVE-2020-1576 | Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2010 Service Pack 2 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2010 Service Pack 2 Microsoft SharePoint Server 2019 |
CVE-2020-1595 | Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019 |
²¿·ÖÎó²îÏêÇ飺
1.Microsoft COM Ô¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2020-0922£©
WindowsµÄMicrosoft COM´¦Öóͷ£Äڴ湤¾ßµÄ·½·¨Öб£´æÒ»¸öÔ¶³Ì´úÂëÖ´ÐÐÎó²î¡£¡£¡£¡£¡£¡£¡£
¹¥»÷ÕßÒýÓÕÓû§»á¼ûÒ»¸ö´øÓжñÒâJavaScriptµÄÍøÕ¾¿ÉʹÓôËÎó²î£¬£¬£¬£¬£¬£¬ÀÖ³ÉʹÓôËÎó²îµÄ¹¥»÷Õß¿ÉÒÔÔÚÄ¿µÄϵͳÉÏÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£¡£
ÏêϸÐÅÏ¢¼°²¹¶¡ÏÂÔØµØµã£º
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0922
2.Microsoft SharePointÔ¶³Ì´úÂëÖ´Ðжà¸öÇå¾²Îó²î
µ±Èí¼þÎÞ·¨¼ì²éÓ¦ÓóÌÐò°üµÄÔ´±ê¼Çʱ£¬£¬£¬£¬£¬£¬Microsoft SharePointÖн«±£´æÒ»¸öÔ¶³Ì´úÂëÖ´ÐÐÎó²î¡£¡£¡£¡£¡£¡£¡£
¹¥»÷ÕßÐèÒªÉÏ´«Ò»¸ö¶ñÒâµÄSharePointÓ¦ÓóÌÐò°üµ½ÊÜÓ°ÏìµÄSharePoint°æÔÀ´Ê¹ÓôËÎó²î£¬£¬£¬£¬£¬£¬ÀÖ³ÉʹÓôËÎó²îµÄ¹¥»÷Õß¿ÉÒÔÔÚSharePointÓ¦ÓóÌÐò³ØºÍSharePointЧÀÍÆ÷ÕÊ»§ÖÐÔËÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£¡£
±¾´ÎMicrosoftÐÞ¸´ÁËSharepoint 2010ÄêÖÁ2019Äê°æ±¾ÖеÄ7¸öÆäËûÑÏÖØÎó²î¡£¡£¡£¡£¡£¡£¡£»®·ÖΪ£ºCVE-2020-1200¡¢CVE-2020-1210¡¢CVE-2020-1452¡¢CVE-2020-1453¡¢CVE-2020-1576¡¢CVE-2020-1460ºÍCVE-2020-1595¡£¡£¡£¡£¡£¡£¡£
1.CVE-2020-1200
ÏêϸÐÅÏ¢¼°²¹¶¡ÏÂÔØµØµã£º
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1200
2.CVE-2020-1210
CVE-2020-1210ÊÇÊÜÖ§³Ö°æ±¾µÄMicrosoft SharepointÎĵµÖÎÀíÈí¼þÖеÄÔ¶³Ì´úÂëÖ´ÐÐÎó²î¡£¡£¡£¡£¡£¡£¡£
ÏêϸÐÅÏ¢¼°²¹¶¡ÏÂÔØµØµã£º
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1210
3.CVE-2020-1452
ÏêϸÐÅÏ¢¼°²¹¶¡ÏÂÔØµØµã£º
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1452
4.CVE-2020-1453
ÏêϸÐÅÏ¢¼°²¹¶¡ÏÂÔØµØµã£º
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1453
5.CVE-2020-1460
µ±Microsoft SharePoint ServerÎÞ·¨×¼È·Ê¶±ðºÍ¹ýÂ˲»Çå¾²µÄASP.Net Web¿Ø¼þʱ£¬£¬£¬£¬£¬£¬Ëü»á±£´æÒ»¸öÔ¶³Ì´úÂëÖ´ÐÐÎó²î¡£¡£¡£¡£¡£¡£¡£
¹¥»÷Õßͨ¹ýÔÚÊÜÓ°ÏìµÄMicrosoft SharePoint Server°æ±¾ÉϽ¨É貢ŲÓÃÌØÖÆÒ³ÃæÀ´Ê¹ÓôËÎó²î£¬£¬£¬£¬£¬£¬ÀÖ³ÉʹÓôËÎó²î²¢¾ÓÉÉí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉÒÔʹÓÃÌØÖÆÒ³ÃæÔÚSharePointÓ¦ÓóÌÐò³ØÀú³ÌÇå¾²·½ÃæÖ´ÐвÙ×÷¡£¡£¡£¡£¡£¡£¡£
ÏêϸÐÅÏ¢¼°²¹¶¡ÏÂÔØµØµã£º
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1460
6.CVE-2020-1576
ÏêϸÐÅÏ¢¼°²¹¶¡ÏÂÔØµØµã£º
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1576
7.CVE-2020-1595
Microsoft SharePointÖб£´æÒ»¸öÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¬£¬£¬£¬£¬£¬ÓÉÓÚûÓзÀ»¤Õ½ÂÔÀ´Ê¹APIÃâÊܲ»Çå¾²Êý¾ÝÊäÈëµÄ¹¥»÷¡£¡£¡£¡£¡£¡£¡£¹¥»÷Õßͨ¹ýÔÚÊÜÓ°ÏìµÄSharePoint°æ±¾ÉÏʹÓÃÌØÊâÃûÌõÄÊäÈë»á¼ûÒ×ÊÜѬȾµÄAPIÀ´Ê¹ÓôËÎó²î¡£¡£¡£¡£¡£¡£¡£
ÏêϸÐÅÏ¢¼°²¹¶¡ÏÂÔØµØµã£º
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1595
3.Microsoft Windows Codecs ¿âÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2020-1319£©
Microsoft Windows Codecs ¿â´¦Öóͷ£ÄÚ´æÖеŤ¾ßʱ£¬£¬£¬£¬£¬£¬±£´æÒ»´¦Ô¶³Ì´úÂëÖ´ÐÐÎó²î¡£¡£¡£¡£¡£¡£¡£
ÀÖ³ÉʹÓôËÎó²îµÄ¹¥»÷Õß¿ÉÒÔ¿ØÖÆÊÜÓ°ÏìµÄϵͳ£¬£¬£¬£¬£¬£¬Èç×°ÖóÌÐò¡¢Éó²é¡¢¸ü¸Ä»òɾ³ýÊý¾Ý£¬£¬£¬£¬£¬£¬»ò½¨Éè¾ßÓÐÍêÈ«Óû§È¨ÏÞµÄÐÂÕÊ»§¡£¡£¡£¡£¡£¡£¡£
ÏêϸÐÅÏ¢¼°²¹¶¡ÏÂÔØµØµã£º
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1319
4.Dynamics 365£¨on-premises£©Ô¶³Ì´úÂëÖ´ÐÐÎó²î
1. Microsoft Dynamics 365 for Finance and Operations£¨on-premises£©Ô¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2020-16857£©
Microsoft Dynamics 365 for Finance and Operations£¨on-premises£©°æ±¾10.0.11Öб£´æÒ»¸öÔ¶³Ì´úÂëÖ´ÐÐÎó²î¡£¡£¡£¡£¡£¡£¡£¾ÓÉÉí·ÝÑéÖ¤µÄ¡¢¾ßÓе¼ÈëºÍµ¼³öÊý¾ÝÌØÈ¨µÄ¹¥»÷Õß¿ÉÒÔͨ¹ý½«¶ñÒâÎļþ·¢Ë͵½Ò×Êܹ¥»÷µÄDynamicsЧÀÍÆ÷À´Ê¹ÓôËÎó²î£¬£¬£¬£¬£¬£¬ÀÖ³ÉʹÓôËÎó²îµÄ¹¥»÷Õß¿ÉÒÔͨ¹ýÔÚÊܺ¦ÕßЧÀÍÆ÷ÉÏÖ´ÐÐЧÀÍÆ÷¶Ë½ÅÔÀ´ÊµÏÖÔ¶³Ì´úÂëÖ´ÐС£¡£¡£¡£¡£¡£¡£
ÏêϸÐÅÏ¢¼°²¹¶¡ÏÂÔØµØµã£º
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16857
2. Microsoft Dynamics 365£¨on-premises£©Ô¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2020-16862£©
µ±Ð§ÀÍÆ÷ÎÞ·¨×¼È·¿´´ýÊÜÓ°ÏìµÄDynamicsЧÀÍÆ÷µÄWebÇëÇóʱ£¬£¬£¬£¬£¬£¬Microsoft Dynamics 365£¨on-premises£©Öн«±£´æÒ»¸öÔ¶³Ì´úÂëÖ´ÐÐÎó²î¡£¡£¡£¡£¡£¡£¡£¾ÓÉÉí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉÒÔͨ¹ý½«¶ñÒâÇëÇó·¢Ë͵½Ò×Êܹ¥»÷µÄDynamicsЧÀÍÆ÷À´Ê¹ÓôËÎó²î£¬£¬£¬£¬£¬£¬ÀÖ³ÉʹÓôËÎó²îµÄ¹¥»÷Õß¿ÉÒÔÔÚSQLЧÀÍÕÊ»§ÖÐÔËÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£¡£
ÏêϸÐÅÏ¢¼°²¹¶¡ÏÂÔØµØµã£º
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16862
5.Microsoft Exchange ServerÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2020-16875 £©
ÓÉÓÚ¶Ôcmdlet²ÎÊýµÄÑéÖ¤²»×¼È·£¬£¬£¬£¬£¬£¬Microsoft ExchangeЧÀÍÆ÷Öб£´æÒ»¸öÔ¶³Ì´úÂëÖ´ÐÐÎó²î¡£¡£¡£¡£¡£¡£¡£ÀÖ³ÉʹÓôËÎó²îµÄ¹¥»÷Õß¿ÉÒÔÔÚÊÜÓ°ÏìµÄϵͳÉÏÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£¡£
ÏêϸÐÅÏ¢¼°²¹¶¡ÏÂÔØµØµã£º
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16875
0x02 ´¦Öóͷ£½¨Òé
΢Èí¹Ù·½ÒÑÓÚ2020Äê09ÔÂ08ÈÕÐû²¼ÁËÏà¹ØÈí¼þµÄÇå¾²¸üУ¬£¬£¬£¬£¬£¬½¨ÒéÓû§ÊµÊ±¸üÐÂÏà¹Ø²¹¶¡¡£¡£¡£¡£¡£¡£¡£
ÏÂÔØµØµã£º
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Sep
0x03 Ïà¹ØÐÂÎÅ
https://krebsonsecurity.com/2020/09/microsoft-patch-tuesday-sept-2020-edition/
https://blog.qualys.com/vulnerabilities-research/2020/09/08/september-2020-patch-tuesday-129-vulnerabilities-23-critical-sharepoint-exchange-windows-codecs-adobe-vulns
0x04 ²Î¿¼Á´½Ó
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Sep
0x05 ʱ¼äÏß
2020-09-08΢Èí¹Ù·½Ðû²¼Çå¾²¸üÐÂ
2020-09-09 VSRCÐû²¼Ç徲ͨ¸æ