阿里云
发表主题 回复主题
  • 3055阅读
  • 0回复

[安全漏洞公告专区]【漏洞公告】微软“周二补丁日”—2017年8月

级别: 论坛版主
发帖
155
云币
296
@.SuHd  
TE!+G\@  
2017年8月8日,微软在补丁日为48个CVE漏洞发布了补丁。相对于7月来说, 本次发布的补丁涉及到的漏洞相对较轻微。在48个CVE漏洞中,总共有26个CVE被评为“关键”,21评分为“重要”和1评级为“中等”。 在所有这些漏洞中,软件和服务安全更新包括: L}x,>hbT  
 ]H_|E  
  • Adobe Flash Player
  • Microsoft Windows
  • Microsoft Scripting Engine
  • Microsoft Edge Browser
  • Internet Explorer
  • Microsoft JET Database Engine
  • Windows Search
  • Windows Hyper-V
!.}ZlA  
26个CVE中的18个评级为“严重”影响Microsoft脚本引擎,并可能导致远程执行代码。这些漏洞通常会被攻击者利用,设置恶意网站,并诱使受害者将其打开。我们看到在脚本引擎中修补的关键漏洞稳步增长。 T_=iJ: Q  
除通常的漏洞外,关键的CVE存在异议。一个影响Windows输入法编辑器(IME),通常用于为亚洲语言中的字符集提供支持。 “关键”列表中的其他漏洞涵盖了Windows子系统Linux(WSL),允许用户直接在Windows系统上运行本机Linux命令行工具,还有Microsoft JET数据库引擎,以前由Microsoft访问和Visual Basic。具有定义应用程序或仍由JET支持的软件的用户应立即进行补丁。 N +M^e`H  
z6+D=<  
*sbZ{{]e  
“重要”列表中的漏洞包括许多常见的修补软件,如Office,Edge和Internet Explorer。但是,Microsoft SQL,Sharepoint和Hyper-V中的漏洞也被该列表覆盖。 p ! _\a  
cN(Toj'`  
详细漏洞清单: microsoft-security-updates-august-2917.xlsx (50 K) 下载次数:47 d?Y|w3lB  
nnol)|C{5Y  
4T<4Rb[  
Critical CVEs gvLzE&V}  
GZ@`}7b}  
\)' o{l&  
August 2017 Flash Update quGv q"Y>  
ADV170010 yoc;`hO-  
Remote Code Execution y +2  
swGp{wJ  
4`M7 3k0  
Internet Explorer Memory Corruption Vulnerability G &LOjd 2  
CVE-2017-8651 9KgGK cy%  
Remote Code Execution *~>} *  
@V>BG8Y  
-fm1T|>#  
Microsoft Browser Memory Corruption Vulnerability *fj5$T-Z  
CVE-2017-8653 7yM"G$  
Remote Code Execution k(bDj[0q^  
=]swhF+l-  
*@1(!A  
Microsoft Edge Memory Corruption Vulnerability pSC\[%K  
CVE-2017-8661 a(Fx1`}  
Remote Code Execution !`h^S)$  
*\!>22*  
NZW)$c'  
Microsoft JET Database Engine Remote Code Execution Vulnerability (O@fgBM  
CVE-2017-0250 2f8\Osn>m  
Remote Code Execution DY(pU/q  
b$W~w*O   
)oU%++cdo  
Scripting Engine Memory Corruption Vulnerability Nm.G,6<J  
CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8669, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, CVE-2017-8674 cKM#0dq  
Remote Code Execution K275{ydN  
Ua2waA  
P1u(0t  
Windows IME Remote Code Execution Vulnerability 618k-  
CVE-2017-8591 0` y*7.Ip  
Remote Code Execution =lOdg3#\a  
9m+ejTK{U  
`Hp=1a  
Windows PDF Remote Code Execution Vulnerability y`Nprwb  
CVE-2017-0293 N}\%r&KR=  
Remote Code Execution f'WRszrF  
]H$Trf:L  
~cL)0/j}  
Windows Search Remote Code Execution Vulnerability fuQk}OW{  
CVE-2017-8620 dMlJ2\ ]u  
Remote Code Execution =v:}{~M^$  
RE%25t|  
kuI$VC  
Windows Subsystem for Linux Elevation of Privilege Vulnerability # H)\ts  
CVE-2017-8622 ]*]#I?&'Hx  
Elevation of Privilege ]VcuD05"C  
Xf%vfAf  
57jDsQAj  
Important CVEs N# <X"&-_#  
5I>a|I!j  
?[#4WH-G  
Express Compressed Fonts Remote Code Execution Vulnerability f!K{f[aDa  
CVE-2017-8691 m8,jVR  
Remote Code Execution I1 +A$<Fa  
ZuNUha&a  
VoC|z Rd_  
Internet Explorer Security Feature Bypass Vulnerability q5G`N>"V  
CVE-2017-8625 Ov~vK\  
Security Feature Bypass H.]p\ UY9  
ecMpU8}rR  
OD6dMql  
G{u(pC^  
Microsoft Edge Elevation of Privilege Vulnerability 8'-E>+L   
CVE-2017-8503, CVE-2017-8642 ">v- CSHY  
Elevation of Privilege cMoBYk  
OIY  
P%y9fU2[  
Microsoft Edge Information Disclosure Vulnerability qS/ 'Kyp_  
CVE-2017-8644, CVE-2017-8652, CVE-2017-8662 pebNE3`#  
Information Disclosure _T(77KLn;  
Q6$^lRNOpk  
q-r5zGI  
Microsoft Office SharePoint XSS Vulnerability *]>~lO1  
CVE-2017-8654 },%, v2}  
Spoofing Sd *7jW?  
'NN3XyD  
BmFtRbR  
Microsoft SQL Server Analysis Services Information Disclosure Vulnerability j)mi~i*U  
CVE-2017-8516 gg&Dej2{  
Information Disclosure h3(B7n7  
`,s0^?_  
$xK(bc'{  
Scripting Engine Information Disclosure Vulnerability :Tdl84   
CVE-2017-8659 3^`.bm4 ^  
Information Disclosure A",Xn/d  
BYZllwxwTE  
yPk s,7U  
Scripting Engine Security Feature Bypass Vulnerability "u3 N9  
CVE-2017-8637 ch)#NHZ9F  
Security Feature Bypass , L5.KwB  
X<uH [  
fO}Y$y\q  
Volume Manager Extension Driver Information Disclosure Vulnerability A&C?|M? M  
CVE-2017-8668 vFK!LeF%  
Information Disclosure ;5:3 =F>ao  
:9W)CwZ)V  
U?8X]  
Win32k Elevation of Privilege Vulnerability QuBaG<  
CVE-2017-8593 /'L/O;H20  
Elevation of Privilege J\Z\q  
`r+`vJ$  
,%]x T>kH  
Win32k Information Disclosure Vulnerability puK /;nns  
CVE-2017-8666 f/pr  
Information Disclosure \SA$:^zO  
7Yly^  
(@cZmU,  
Windows CLFS Elevation of Privilege Vulnerability ePY69!pO5e  
CVE-2017-8624 }O8#4-E_Ji  
Elevation of Privilege qViolmDz  
k2DBm q;  
cB4p.iO   
Windows Error Reporting Elevation of Privilege Vulnerability t**o<p#)f  
CVE-2017-8633 \q:PU6q  
Elevation of Privilege ' 4 Kf  
S*a_  
f/]g@/`  
Windows Hyper-V Denial of Service Vulnerability Hv .C5mo  
CVE-2017-8623 Zl7m:b2M  
Denial of Service ~ MW_=6U  
/;xmM 2B'  
nX-%qc"  
Windows Hyper-V Remote Code Execution Vulnerability S@eI3Pk E  
CVE-2017-8664 Y?V>%eBu  
Remote Code Execution WHv xBd  
`KJ BQK  
^ ,yh384  
Windows NetBIOS Denial of Service Vulnerability Hbi2amfBu  
CVE-2017-0174 pYaq1_<+  
Denial of Service P:2 0i*QU  
"~aCW~  
N TL`9b  
Windows Remote Desktop Protocol Denial of Service Vulnerability *m`KY)b=l  
CVE-2017-8673 \&5t@sC  
Denial of Service VD-2{em  
I:,D:00+  
@Xq3>KJ_)H  
Windows Subsystem for Linux Denial of Service Vulnerability *8j2iu-|  
CVE-2017-8627 |\S p IFH1  
Denial of Service [";<YR7iRN  
kc-v(WIC  
"+:~#&r  
Moderate CVEs ,MdK "Qa>  
)]3(ue  
k-a3oLCR,  
Microsoft Edge Security Feature Bypass Vulnerability XhxCOpO  
CVE-2017-8650 xk$U+8K  
Security Feature Bypass J\x.:=V  
Ye) F{WqZ#  
-% Z?rn2  
安全建议: x"QZ}28(t  
阿里安全团队建议用户关注,并根据业务情况择机更新补丁,以提高服务器安全性: l:H}Y3_I  
p@+r&Mg%W"  
1.建议用户打开Windows Update功能,然后点击“检查更新”按钮,根据业务情况下载安装相关安全补丁; sy;_%,}N  
注意:在更新安装升级前,建议做好测试工作,并务必做好数据备份和快照,防止出现意外。 Q`7.-di  
M;K%=l$NG  
{expx<+4F  
2.安装完毕后重启服务器,检查系统运行情况。 uRfFPOYH  
\,5OPSB  
情报来源: +>wBGVvS  
  • https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-changes-in
  • https://portal.msrc.microsoft.com/en-us/security-guidance
  • https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b3d96835-f651-e711-80dd-000d3a32fc99
I?!7]Sn$  
2RC|u?+@  
{*J{1)2  
q2C._{ 0'  
;}k9YlQrN  
Z&E!m   
~E tW B  
>2w^dI2  
V O= o)H\  
[ 此帖被正禾在2017-08-09 15:15重新编辑 ]
发表主题 回复主题
« 返回列表上一主题下一主题

限100 字节
如果您在写长篇帖子又不马上发表,建议存为草稿
 
验证问题: 阿里云官网域名是什么? 正确答案:www.aliyun.com
上一个 下一个