阿里云
发表主题 回复主题
  • 4716阅读
  • 0回复

[安全漏洞公告专区]【漏洞公告】微软“周二补丁日”—2017年8月

级别: 论坛版主
发帖
234
云币
459
cC]1D*Bn  
}Elce}  
2017年8月8日,微软在补丁日为48个CVE漏洞发布了补丁。相对于7月来说, 本次发布的补丁涉及到的漏洞相对较轻微。在48个CVE漏洞中,总共有26个CVE被评为“关键”,21评分为“重要”和1评级为“中等”。 在所有这些漏洞中,软件和服务安全更新包括: ^!tI+F{n{  
jzw?V9Ijb  
  • Adobe Flash Player
  • Microsoft Windows
  • Microsoft Scripting Engine
  • Microsoft Edge Browser
  • Internet Explorer
  • Microsoft JET Database Engine
  • Windows Search
  • Windows Hyper-V
Ji=iq=S7  
26个CVE中的18个评级为“严重”影响Microsoft脚本引擎,并可能导致远程执行代码。这些漏洞通常会被攻击者利用,设置恶意网站,并诱使受害者将其打开。我们看到在脚本引擎中修补的关键漏洞稳步增长。 9jO+ew  
除通常的漏洞外,关键的CVE存在异议。一个影响Windows输入法编辑器(IME),通常用于为亚洲语言中的字符集提供支持。 “关键”列表中的其他漏洞涵盖了Windows子系统Linux(WSL),允许用户直接在Windows系统上运行本机Linux命令行工具,还有Microsoft JET数据库引擎,以前由Microsoft访问和Visual Basic。具有定义应用程序或仍由JET支持的软件的用户应立即进行补丁。 k,(_R=  
e@By@r&nql  
bS6Yi)p  
“重要”列表中的漏洞包括许多常见的修补软件,如Office,Edge和Internet Explorer。但是,Microsoft SQL,Sharepoint和Hyper-V中的漏洞也被该列表覆盖。 a06q-3zw  
hglt D8,  
详细漏洞清单: microsoft-security-updates-august-2917.xlsx (50 K) 下载次数:77 -qF|Y f  
3I(M<sB}  
r/f;\w7  
Critical CVEs \]El%j4  
u&bU !ZI  
2N]s}/l  
August 2017 Flash Update b5R*]  
ADV170010 q"oNB-bz  
Remote Code Execution -GjJrYOU  
* vD<6qf  
e:<> Yq+  
Internet Explorer Memory Corruption Vulnerability Tkf !Y?  
CVE-2017-8651 z(qz(`eGC&  
Remote Code Execution A\Gw+l<h,  
*Y~64FM  
<Z;BB)I&C`  
Microsoft Browser Memory Corruption Vulnerability |zKcL3*  
CVE-2017-8653 6np wu5!  
Remote Code Execution ' iK0Wr  
J;dFmZOk  
+l(}5(wc  
Microsoft Edge Memory Corruption Vulnerability '-=?lyKv  
CVE-2017-8661 +fN0> @s  
Remote Code Execution 4NIfQYC.  
";]m]PRAam  
^(R gSMuT`  
Microsoft JET Database Engine Remote Code Execution Vulnerability M;R>]wP"V  
CVE-2017-0250 q-#fuD^  
Remote Code Execution |1o]d$3m  
`u-Y 5mY  
~m7+^c@,  
Scripting Engine Memory Corruption Vulnerability it$~uP |  
CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8669, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, CVE-2017-8674 2X`M&)"X  
Remote Code Execution ||f 4f3R'  
3B+Rx;>h  
&n|gPp77$  
Windows IME Remote Code Execution Vulnerability S%2qB;uw  
CVE-2017-8591 mwxJ#  
Remote Code Execution gK /K Z8  
_PF><ODX2  
DVd/OU  
Windows PDF Remote Code Execution Vulnerability tR3hbL$W  
CVE-2017-0293 !k:j+h/  
Remote Code Execution s6I]H  
!wgj$5Rw.  
H\T h4teE  
Windows Search Remote Code Execution Vulnerability l-&f81W  
CVE-2017-8620 8'y|cF%U  
Remote Code Execution lk80)sTZ  
JsV#:  
aozk,{9-  
Windows Subsystem for Linux Elevation of Privilege Vulnerability  Po5}Vh  
CVE-2017-8622 wP%;9y2B  
Elevation of Privilege bWqGy pq4  
vI-KH:r"{  
aUnm9u r  
Important CVEs #r1x0s40D  
?@~FT1"6G  
}~7>S5  
Express Compressed Fonts Remote Code Execution Vulnerability IAfYlS#<yD  
CVE-2017-8691 X_h+\ 7N>  
Remote Code Execution +"<f22cS1  
| c;S'36  
v#~,)-D&  
Internet Explorer Security Feature Bypass Vulnerability Ct B> s7  
CVE-2017-8625 3yTBkFI!  
Security Feature Bypass xe5>)\18-  
H:|yu  
3}"VUS0wh  
r@_;L>  
Microsoft Edge Elevation of Privilege Vulnerability  (vY10W{  
CVE-2017-8503, CVE-2017-8642 9U+^8,5  
Elevation of Privilege (F @IUbnl  
@gZ%>qe  
"$WZd  
Microsoft Edge Information Disclosure Vulnerability O". #B  
CVE-2017-8644, CVE-2017-8652, CVE-2017-8662 pD){K  
Information Disclosure I!bG7;=_  
tvd/Y|bV=  
[9w8oNg0  
Microsoft Office SharePoint XSS Vulnerability c0tv!PSw  
CVE-2017-8654 }@x0@sI9  
Spoofing U7{, *  
9;:Lf  
-1fT2e  
Microsoft SQL Server Analysis Services Information Disclosure Vulnerability ~V(WD;Mk  
CVE-2017-8516 S:Hg =|R  
Information Disclosure FQ);el'_V  
PyIIdTm  
;0ake%v]  
Scripting Engine Information Disclosure Vulnerability N8:vn0ww  
CVE-2017-8659 1 ,Y-_e)  
Information Disclosure &g|-3)A  
sY=$\hj  
5r@x$*>e  
Scripting Engine Security Feature Bypass Vulnerability |]^OX$d  
CVE-2017-8637 9=Y-w s  
Security Feature Bypass 1)H+iN|im/  
,SH))%Cyt  
Beq zw0  
Volume Manager Extension Driver Information Disclosure Vulnerability an=8['X  
CVE-2017-8668 t*~V]wZ  
Information Disclosure =rGjOb3+  
_5y3<H<?  
{|bf`  
Win32k Elevation of Privilege Vulnerability *CMe:a  
CVE-2017-8593 .sgP3Ah  
Elevation of Privilege z`y!C3w<  
:[?hU}9  
*xI0hFJIM  
Win32k Information Disclosure Vulnerability e3}`]  
CVE-2017-8666 \x5b=~/   
Information Disclosure sFuB[ JJ}  
>/9f>d?w^  
 v=R=K  
Windows CLFS Elevation of Privilege Vulnerability 1/:WA:]1 ,  
CVE-2017-8624 UOC>H%r~M?  
Elevation of Privilege >|'u:`A  
3A!`U6C(  
% \IB_M  
Windows Error Reporting Elevation of Privilege Vulnerability XvETys@d  
CVE-2017-8633 CB]#`|f  
Elevation of Privilege i=jwk_y  
o'O;69D]tX  
F9IrbLS9c  
Windows Hyper-V Denial of Service Vulnerability Dukvi;\  
CVE-2017-8623 !tJQ75Hwv  
Denial of Service ;5Spdi4w  
.5*5S[  
jkTC/9AE|  
Windows Hyper-V Remote Code Execution Vulnerability W<| M0S{  
CVE-2017-8664 &y_Ya%Z3*e  
Remote Code Execution o{MF'B #  
$FXlH;_7  
p?rh+0wgX  
Windows NetBIOS Denial of Service Vulnerability AH-B/c5  
CVE-2017-0174 GWd71ZtFO  
Denial of Service f3PDLQA  
89n\$7Ff9  
 qHVZsZ  
Windows Remote Desktop Protocol Denial of Service Vulnerability Jj%"  
CVE-2017-8673 ./5LV)_`  
Denial of Service Ql>bsr}  
kA/4W^]Ws  
}Um,wY[tK  
Windows Subsystem for Linux Denial of Service Vulnerability ,i RUR 8  
CVE-2017-8627 @~7y\G  
Denial of Service QrBb! .r  
Ob!NC&  
Rp^fY_  
Moderate CVEs  GY`mF1b  
;*(i}'  
2`dKnaF|  
Microsoft Edge Security Feature Bypass Vulnerability _p*a`,tK  
CVE-2017-8650 B<$(Nb5<  
Security Feature Bypass S$N!Dj@e;  
<S ae:m4  
{<cL@W  
安全建议: :MaP58dhh  
阿里安全团队建议用户关注,并根据业务情况择机更新补丁,以提高服务器安全性: ,tTq25~H\  
{"PIS&]tR  
1.建议用户打开Windows Update功能,然后点击“检查更新”按钮,根据业务情况下载安装相关安全补丁; /6 y9 u}  
注意:在更新安装升级前,建议做好测试工作,并务必做好数据备份和快照,防止出现意外。 -kk0zg &|i  
"LNLM  
lxsn(- j  
2.安装完毕后重启服务器,检查系统运行情况。 $sxRRe m{?  
sEymwpm9  
情报来源: ?ESsma6  
  • https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-changes-in
  • https://portal.msrc.microsoft.com/en-us/security-guidance
  • https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b3d96835-f651-e711-80dd-000d3a32fc99
x?7z15\  
$;pHv<  
^>/~MCyM.  
;RK;kdZ  
J ?0P{{  
5[y+X|Am  
Hk f<.U  
:i3 W U%  
6$)FQ U  
[ 此帖被正禾在2017-08-09 15:15重新编辑 ]
发表主题 回复主题
« 返回列表上一主题下一主题

限100 字节
如果您在写长篇帖子又不马上发表,建议存为草稿
 
验证问题: ECS是阿里云提供的什么服务? 正确答案:云服务器
上一个 下一个