【漏洞情报】微软2020年12月补丁情报

Products
- Recommended
- Cloud Essential Products
- Big Data
- Enterprise Applications
- Developer Services
No results found. Please try re-entering the product name
Popular Products

Elastic Compute Service HOT

Machine Vision HOT

IoT Platform HOT

Dedicated Host

API Gateway

Data Transmission Service

Key Management Service

E-MapReduce

Application Management Service

Latest Products

Voiceprint Recognition NEW

Cloud Digital Signature Service

Resource Orchestration Service

DB Backup and Recovery Service

Database Management Service

Omni-Sinitic

Registration

Recommended Services

Documentation

Partners

Computing

Elastic Compute Service HOT

Elastic GPU Service

Dedicated Host

Auto Scaling

Bare Metal Service

Pingan Kubernetes cluster Service

Storage

Elastic Block Storage

Object Based Storage

CloudNAS

Backup

DB Backup and Recovery Service

Network&CDN

Virtual Private Cloud

Elastic Load Balancing

Internet Gateway

NAT Gateway

Express Connect

VPN Gateway

Content Distribution Network

Security

Ping An Host Security NEW

Web Scan

Web Application Firewall

Ping An Security Center (PSC)

Certificate Authority Service

Security Expert Service

Web Application Firewall ( New )

Mobile Security

Database

RDS-PostgreSQL

RDS-MySQL

Redis

Document Database Service

TiDB

Database Management Service

PingAn Database Audit Service

Data Transmission Service

Advanced Database Service

Big Data Computing

E-MapReduce

Big Data Search and Analysis

Ping An Brain

Log Service

Big Data Application

Nebula BI

Big Data Solutions

Facial Recognition

Fake ID Identification

Voiceprint-based Verification

Domain Name and Website

Domain Name Service

Domain Name Registration NEW

Platform

IoT Platform

Edge Node Service (Beta) NEW

Communications

Direct Mail

Short Message Service

PAVIDEO

Intelligent Management

AnBot

Office Automation

Electronic Voucher Platform Core

Digital Signatures Certification System

ZHI NIAO

RPA Robee

Unified Collaborative Office Platform

Auto Service

Ping An Drive

Management & Monitoring

Key Management Service

Argus

Resource Access Management

Operation System Platform

Middleware

API Gateway

Message Queue

Message Queue Kafka (Beta)

IT Management & Tools

Wizard

ServiceBot

D7 Extended Deployment Automation

LINKDO

Application Management Service

Dynamic Traffic Distribution Platform

WiseAPM

WiseAPM Mobile

WiseAPM Browser

WiseAPM DialTest

WiseAPM Database
Solutions
- Universal Solutions
- Industry Solutions
Enterprise Service Solutions

Unified Platform

Collaborative Office

Swift Website Deployment

Hybrid Cloud Solutions

Cloud Migration

Big Data Solutions

Facial Recognition

Fake ID Identification

AI Solutions

AI-Smart Home

Security Solutions

Universal Security

Financial Cloud Security

Private Cloud Solutions

Ping An Private Cloud NEW

Financial Solutions

Bank

Insurance

Investment

Internet Finance

Smart City Solutions

Smart Public Security

Smart Penitentiary

Smart Airport

Smart Port

Smart Traffic

Smart Higher Education

Smart Community

Smart Building

Smart Scenic Areas

Smart Environment Protection

Medical Solutions

Smart Medical Platform

PACS Cloud Solution for Medical Imagery

Medical Active-Standby Cloud system
Customers
Pricing
Partners
Documentation
About Us

首页
安全公告
公告详情

【漏洞情报】微软2020年12月补丁情报

【漏洞详情】

微软于本周发布了2020年12月安全补丁，共修复包括58个安全漏洞，其中Microsoft SharePoint、Microsoft Dynamics 365 for Finance and Operations、Hyper-V、Microsoft Exchange、Chakra Scripting Engine、Git for Visual Studio 等产品中的10 个漏洞被微软官方标记为紧急漏洞，严重漏洞清单如下：

序号	CVE 编号	CVE 标题	严重程度
1	VE-2020-17131	Chakra Scripting Engine Memory Corruption Vulnerability	Critical
2	CVE-2020-17095	Hyper-V Remote Code Execution Vulnerability	Critical
3	CVE-2020-17152	Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability	Critical
4	CVE-2020-17158	Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability	Critical
5	CVE-2020-17117	Microsoft Exchange Remote Code Execution Vulnerability	Critical
6	CVE-2020-17132	Microsoft Exchange Remote Code Execution Vulnerability	Critical
7	CVE-2020-17142	Microsoft Exchange Remote Code Execution Vulnerability	Critical
8	CVE-2020-17118	Microsoft SharePoint Remote Code Execution Vulnerability	Critical
9	CVE-2020-17121	Microsoft SharePoint Remote Code Execution Vulnerability	Critical

【风险评级】

高危

【影响范围】

l Windows系统及相关产品

【修复建议】

建议受影响的用户结合实际业务评估漏洞风险影响，可通过如下方案避免安全风险：

修复方法：打开 Windows Update 更新功能，点击“检查更新”按钮，依据业务需求下载安装相关安全补丁，安装完毕后重启系统，并检查系统运行情况。

【参考链接】

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Dec

特别提醒：修复漏洞前请进行充分测试，并务必做好数据备份和快照，防止出现意外。

平安云

2020年12月9日

上一条公告【漏洞情报】XStream反序列化漏洞情报

下一条公告【漏洞情报】Apache Struts远程代码执行漏洞情报