阿里云
发表主题 回复主题
  • 3812阅读
  • 0回复

[安全漏洞公告专区]【漏洞公告】微软“周二补丁日”—2017年8月

级别: 论坛版主
发帖
210
云币
391
P !i_?M  
$KbZ4bB[Bo  
2017年8月8日,微软在补丁日为48个CVE漏洞发布了补丁。相对于7月来说, 本次发布的补丁涉及到的漏洞相对较轻微。在48个CVE漏洞中,总共有26个CVE被评为“关键”,21评分为“重要”和1评级为“中等”。 在所有这些漏洞中,软件和服务安全更新包括: ?OFa Q  
)vS0Au^C~  
  • Adobe Flash Player
  • Microsoft Windows
  • Microsoft Scripting Engine
  • Microsoft Edge Browser
  • Internet Explorer
  • Microsoft JET Database Engine
  • Windows Search
  • Windows Hyper-V
PP$sdmo  
26个CVE中的18个评级为“严重”影响Microsoft脚本引擎,并可能导致远程执行代码。这些漏洞通常会被攻击者利用,设置恶意网站,并诱使受害者将其打开。我们看到在脚本引擎中修补的关键漏洞稳步增长。 7. <jdp  
除通常的漏洞外,关键的CVE存在异议。一个影响Windows输入法编辑器(IME),通常用于为亚洲语言中的字符集提供支持。 “关键”列表中的其他漏洞涵盖了Windows子系统Linux(WSL),允许用户直接在Windows系统上运行本机Linux命令行工具,还有Microsoft JET数据库引擎,以前由Microsoft访问和Visual Basic。具有定义应用程序或仍由JET支持的软件的用户应立即进行补丁。 6ieul@?*u*  
uC;_?Bve  
2.aCo, Kb;  
“重要”列表中的漏洞包括许多常见的修补软件,如Office,Edge和Internet Explorer。但是,Microsoft SQL,Sharepoint和Hyper-V中的漏洞也被该列表覆盖。 20V~?xs~  
YbU8 xq  
详细漏洞清单: microsoft-security-updates-august-2917.xlsx (50 K) 下载次数:70 OF7hp5  
qR'FbI  
Ax&!Nz+?  
Critical CVEs ;stuTj@vH  
nZbI}kcm  
i]r(VKX  
August 2017 Flash Update H7X-\K 1w  
ADV170010 Rlewp8?LB  
Remote Code Execution Y/5M)AyJt  
RRt(%Wm*  
5)RZJrN]  
Internet Explorer Memory Corruption Vulnerability @q'kKVJs  
CVE-2017-8651 gTho:;q7a  
Remote Code Execution 8:{id>Mm^  
v8ap"9b  
/Sj~lHh  
Microsoft Browser Memory Corruption Vulnerability 'GJB9i+a^  
CVE-2017-8653 \P.h;|u  
Remote Code Execution |/gt;H~:  
C#U(POA  
n4k q=Z%  
Microsoft Edge Memory Corruption Vulnerability r"dIB@  
CVE-2017-8661 yl-:9|LT  
Remote Code Execution ,0! 2x"Q=  
Wi&v?nm  
}YDi/b7  
Microsoft JET Database Engine Remote Code Execution Vulnerability =K`.$R  
CVE-2017-0250 3NpB1lgh&:  
Remote Code Execution %4*c/ c6  
(A~7>\r +  
[KK |_  
Scripting Engine Memory Corruption Vulnerability ^ #:;6^Su  
CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8669, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, CVE-2017-8674 }93kHO{  
Remote Code Execution {fXkbMO|  
x4^nT=?6_  
P-\f-FS  
Windows IME Remote Code Execution Vulnerability EsGu#lD2  
CVE-2017-8591 E'LI0fr  
Remote Code Execution 8o5[tl ?w  
G WIsT\J  
nONuw;K  
Windows PDF Remote Code Execution Vulnerability yvB]rz} i  
CVE-2017-0293 _N`.1Dl%Q  
Remote Code Execution N!K%aH~O  
'8q3ub<\  
G)7U &B  
Windows Search Remote Code Execution Vulnerability k+h}HCzE  
CVE-2017-8620 Av.tr&ZNb  
Remote Code Execution z0}j7ns]  
%OBW/Ti  
PF~@@j  
Windows Subsystem for Linux Elevation of Privilege Vulnerability Clum m@z;#  
CVE-2017-8622 layxtECP(  
Elevation of Privilege V"#0\ |]m  
gnp.!-  
W22S/s  
Important CVEs wsQnjT>  
p'h'Cz  
JG!B3^qB  
Express Compressed Fonts Remote Code Execution Vulnerability {"wF;*U.V  
CVE-2017-8691 <,~OcJG(   
Remote Code Execution Ub3$`  
G+c&e:ip<  
:4{ `c.S  
Internet Explorer Security Feature Bypass Vulnerability Dmh$@Uu#F  
CVE-2017-8625 8&@=Anc&q  
Security Feature Bypass u2#q7}  
>fC&bab  
>6C\T@{lJ  
e1Db +QBV  
Microsoft Edge Elevation of Privilege Vulnerability + f6LG 0q  
CVE-2017-8503, CVE-2017-8642 7\UHADr  
Elevation of Privilege 0C<\m\|~k  
,Q"'q0hM=  
( >}1t!1  
Microsoft Edge Information Disclosure Vulnerability L0![SE>  
CVE-2017-8644, CVE-2017-8652, CVE-2017-8662 (pELd(*Ga  
Information Disclosure li*S^uSF  
.B`$hxl*0c  
2O kID WcM  
Microsoft Office SharePoint XSS Vulnerability I=L[ "]  
CVE-2017-8654 ^(;x-d3  
Spoofing NO*, }aeG  
?xaUWD  
4u5j 7`O  
Microsoft SQL Server Analysis Services Information Disclosure Vulnerability E3wpC#[Q1  
CVE-2017-8516 \6 \bD<  
Information Disclosure Ft>B% -;  
1L <TzQ  
Xq1#rK(  
Scripting Engine Information Disclosure Vulnerability C@-Hm  
CVE-2017-8659 0L>3 i8'  
Information Disclosure QbdXt%gZe  
9'( _*KSH  
F>.y>h  
Scripting Engine Security Feature Bypass Vulnerability j"jssbu}  
CVE-2017-8637 #. Dl1L/  
Security Feature Bypass V_ 6K?~j  
S*Ea" vBA  
l i<9nMZ<  
Volume Manager Extension Driver Information Disclosure Vulnerability M.H!dZ  
CVE-2017-8668 *$7^.eHfdd  
Information Disclosure lZwjrU| _  
jO"/5 x26  
VY/r2o#  
Win32k Elevation of Privilege Vulnerability UW":&`i  
CVE-2017-8593 ZvuY] =^3  
Elevation of Privilege $idToOkw  
nIH(2j  
L@MCB-@V  
Win32k Information Disclosure Vulnerability yMW3mx301j  
CVE-2017-8666 YEV;GFI1  
Information Disclosure qo9&e~Y<G  
0of:tZU  
~/4j&IG  
Windows CLFS Elevation of Privilege Vulnerability .NdsKhg b  
CVE-2017-8624 T72Li"00  
Elevation of Privilege C^C'!  
Gad&3M0r  
a\-5tYo`u  
Windows Error Reporting Elevation of Privilege Vulnerability 6+sz4  
CVE-2017-8633 $I`,nN  
Elevation of Privilege wB8548C}-  
K{y`Sb~k  
Y+S<?8pA  
Windows Hyper-V Denial of Service Vulnerability ;Qd'G7+  
CVE-2017-8623 f[zKA{R  
Denial of Service 0lt1/PEKx2  
>Dv=lgPF  
`iuQ.I  
Windows Hyper-V Remote Code Execution Vulnerability [HXd|,~_j-  
CVE-2017-8664 o)\EfPT  
Remote Code Execution ,DKW_F|  
6mZpyt  
3rh t5n2-  
Windows NetBIOS Denial of Service Vulnerability ke*&*mx"L  
CVE-2017-0174 Pw|/PfG  
Denial of Service w#(E+s~}  
<y-2ovw*  
!H^R_GC  
Windows Remote Desktop Protocol Denial of Service Vulnerability vO{[P# L}  
CVE-2017-8673 4>=Y@z  
Denial of Service :)_P7k`>e/  
~}YgZ/U7T  
#z}IW(u<  
Windows Subsystem for Linux Denial of Service Vulnerability tG,xG&  
CVE-2017-8627 78z/D|{"  
Denial of Service >48)@sS  
w RTzpG4  
mpCKF=KL.  
Moderate CVEs imS&N.*3m  
%gEfG#S  
{7Ez7'SVV  
Microsoft Edge Security Feature Bypass Vulnerability vP<8 ,XG  
CVE-2017-8650 ~i@Z4t j7  
Security Feature Bypass 3Z)vJC9'  
fl9J  
+QrbW  
安全建议: oX]c$<w5  
阿里安全团队建议用户关注,并根据业务情况择机更新补丁,以提高服务器安全性: "6'# L,  
FJ&?My,=J  
1.建议用户打开Windows Update功能,然后点击“检查更新”按钮,根据业务情况下载安装相关安全补丁; pzBd(d^*  
注意:在更新安装升级前,建议做好测试工作,并务必做好数据备份和快照,防止出现意外。 x:Tm4V{  
Qgv-QcI{  
T;I>5aQ:q4  
2.安装完毕后重启服务器,检查系统运行情况。 0/%VejZ'  
;lb@o,R :  
情报来源: [.iz<Yh  
  • https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-changes-in
  • https://portal.msrc.microsoft.com/en-us/security-guidance
  • https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b3d96835-f651-e711-80dd-000d3a32fc99
w0t||qj^>"  
b{d@:"  
"^iw {]~U  
j.rJfbE|X  
1@0ZP~LTB  
of:xj$dQ_  
?\Jl] {i2  
cz9T,  
<[GkhPfZ  
[ 此帖被正禾在2017-08-09 15:15重新编辑 ]
发表主题 回复主题
« 返回列表上一主题下一主题

限100 字节
如果您在写长篇帖子又不马上发表,建议存为草稿
 
验证问题: 阿里云官网域名是什么? 正确答案:www.aliyun.com
上一个 下一个