阿里云
服务器地域选择
发表主题 回复主题
  • 3559阅读
  • 0回复

[安全漏洞公告专区]【漏洞公告】微软“周二补丁日”—2017年8月

级别: 论坛版主
发帖
180
云币
335
>d(:XP6J  
~^PNMZk  
2017年8月8日,微软在补丁日为48个CVE漏洞发布了补丁。相对于7月来说, 本次发布的补丁涉及到的漏洞相对较轻微。在48个CVE漏洞中,总共有26个CVE被评为“关键”,21评分为“重要”和1评级为“中等”。 在所有这些漏洞中,软件和服务安全更新包括: Dy*K;e-+  
+4+c zfz  
  • Adobe Flash Player
  • Microsoft Windows
  • Microsoft Scripting Engine
  • Microsoft Edge Browser
  • Internet Explorer
  • Microsoft JET Database Engine
  • Windows Search
  • Windows Hyper-V
hU3sEOm>  
26个CVE中的18个评级为“严重”影响Microsoft脚本引擎,并可能导致远程执行代码。这些漏洞通常会被攻击者利用,设置恶意网站,并诱使受害者将其打开。我们看到在脚本引擎中修补的关键漏洞稳步增长。 ^Y%<$IFG  
除通常的漏洞外,关键的CVE存在异议。一个影响Windows输入法编辑器(IME),通常用于为亚洲语言中的字符集提供支持。 “关键”列表中的其他漏洞涵盖了Windows子系统Linux(WSL),允许用户直接在Windows系统上运行本机Linux命令行工具,还有Microsoft JET数据库引擎,以前由Microsoft访问和Visual Basic。具有定义应用程序或仍由JET支持的软件的用户应立即进行补丁。 vdh[%T,&  
LYr9a(  
\5-Dp9vG  
“重要”列表中的漏洞包括许多常见的修补软件,如Office,Edge和Internet Explorer。但是,Microsoft SQL,Sharepoint和Hyper-V中的漏洞也被该列表覆盖。 ?{P$|:ha  
^{YK'60  
详细漏洞清单: microsoft-security-updates-august-2917.xlsx (50 K) 下载次数:62 A2!pbeG  
?Y 5Vje[^  
6~l+wu<$  
Critical CVEs l.(|&U~  
xiV!\Z}  
N85ZbmU~  
August 2017 Flash Update 2%| n}V[  
ADV170010 G#~U\QlG-  
Remote Code Execution 9 e|[9  
/A+5q\8G  
Fkg%_v$  
Internet Explorer Memory Corruption Vulnerability _4T7Vg''  
CVE-2017-8651 \t%iUZ$  
Remote Code Execution gtIEpYN+  
d)0|Q  
[dXa,  
Microsoft Browser Memory Corruption Vulnerability "YAnGGx)LZ  
CVE-2017-8653 ,g4T>7`&U%  
Remote Code Execution NZO86y/  
'-mzt~zGOY  
mM~&mAa+Z  
Microsoft Edge Memory Corruption Vulnerability I Bko"|e@  
CVE-2017-8661 aPRMpY-YC3  
Remote Code Execution -zWNQp$  
qL <@PC.5  
_pzYmQ  
Microsoft JET Database Engine Remote Code Execution Vulnerability `l6OQdB3W  
CVE-2017-0250 8kC$Z)  
Remote Code Execution M`7[hr  
%zo 6A1Q;  
Z78i7k}  
Scripting Engine Memory Corruption Vulnerability &gr  T@  
CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8669, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, CVE-2017-8674 }{kn/m/  
Remote Code Execution q(csZ\e=  
cP4C<UG  
|onLJY7)  
Windows IME Remote Code Execution Vulnerability SrGJ#K&%  
CVE-2017-8591 w `+.F;}s  
Remote Code Execution auqN8_+=  
^6Zx-Mf\  
xAO\'#m  
Windows PDF Remote Code Execution Vulnerability 6G#[Mc yn  
CVE-2017-0293 0l/7JH_@V  
Remote Code Execution C~?p85  
2Nx:Y+[  
+Z-{6C  
Windows Search Remote Code Execution Vulnerability .t9`e=%  
CVE-2017-8620 [w-Tf&  
Remote Code Execution .3jijc j  
/reGT!u  
\){_\{&  
Windows Subsystem for Linux Elevation of Privilege Vulnerability ,7Ejb++/M,  
CVE-2017-8622 F_i"v5#  
Elevation of Privilege _|4QrZ$n(  
'4D7:  
WnU2.:  
Important CVEs mKyF<1,m  
lxbC 7?O  
O_GHvLO=  
Express Compressed Fonts Remote Code Execution Vulnerability |`kk mq  
CVE-2017-8691 =v!Z8zk=W  
Remote Code Execution wDSwcNS  
U3-MvI,Q  
,aq>9\ pi  
Internet Explorer Security Feature Bypass Vulnerability 1(*+_TvZ  
CVE-2017-8625 KY0<N 9{  
Security Feature Bypass C-@M|K9A'  
nv7)X2jja  
ydRS\l  
\VI0/G)L  
Microsoft Edge Elevation of Privilege Vulnerability ;Xqi;EA  
CVE-2017-8503, CVE-2017-8642 F&^&"(H}  
Elevation of Privilege r+6 DlT a  
0LP0q9S:9  
p2fzbBt  
Microsoft Edge Information Disclosure Vulnerability -UAMHd}4  
CVE-2017-8644, CVE-2017-8652, CVE-2017-8662 AAuwE&Gg  
Information Disclosure O<mA+yk  
tNOOaj9mw  
n=0^8QQ  
Microsoft Office SharePoint XSS Vulnerability %F$ ]v  
CVE-2017-8654 a@9W'/?igk  
Spoofing |5q,%9_  
iCGHcN^3  
.b!HEi<F  
Microsoft SQL Server Analysis Services Information Disclosure Vulnerability KV'3\`v@LY  
CVE-2017-8516 9"L!A,&'  
Information Disclosure %,@e- &>  
[Z;H= `  
zW hzU|=8  
Scripting Engine Information Disclosure Vulnerability _j{)%%?r  
CVE-2017-8659 .)1u0 (?  
Information Disclosure vS:=%@c>ta  
kFT*So`'  
uKJo5%>  
Scripting Engine Security Feature Bypass Vulnerability :9q|<[Y^  
CVE-2017-8637 1-<?EOYaE  
Security Feature Bypass jd "YaZOQ  
x #|t#N%  
N ;n55N  
Volume Manager Extension Driver Information Disclosure Vulnerability y.gNjc  
CVE-2017-8668 j.V7`x  
Information Disclosure bHTTxZ-%  
})q8{Qj!  
D*_. 4I  
Win32k Elevation of Privilege Vulnerability b `cH.v  
CVE-2017-8593 gy#G;9p  
Elevation of Privilege P`_Q-vu  
>{rD3X"d  
?8<R)hJa<  
Win32k Information Disclosure Vulnerability &s\/Uq  
CVE-2017-8666 9/R=_y-  
Information Disclosure bZ+H u~  
k4^!"~<+0  
lZ`@ }^&  
Windows CLFS Elevation of Privilege Vulnerability i^4i]+  
CVE-2017-8624 H4M`^r@)'  
Elevation of Privilege 2e({%P@2?  
`#j;\  
Q[aBxy (  
Windows Error Reporting Elevation of Privilege Vulnerability nv: VX{%  
CVE-2017-8633 %kQ[z d^  
Elevation of Privilege ,twm)%caU  
;M *G  
HLq2a vs\  
Windows Hyper-V Denial of Service Vulnerability ^c){N-G  
CVE-2017-8623 TLz>|gr  
Denial of Service >kDkvg1"  
U-q:Y-h  
#/hXcF  
Windows Hyper-V Remote Code Execution Vulnerability  '^,|8A2  
CVE-2017-8664 ] ; B`'Ia  
Remote Code Execution TO] cZZ<  
[*Vo`WgbD  
Z.U8d(  
Windows NetBIOS Denial of Service Vulnerability {9nH#yv  
CVE-2017-0174 aR%E"P-6l  
Denial of Service qu/b:P  
$#J  
R]TS5b-  
Windows Remote Desktop Protocol Denial of Service Vulnerability 'L veCi_  
CVE-2017-8673 '77Gg  
Denial of Service mX@!O[f%9e  
vu_ u\2d  
7JLjA\k  
Windows Subsystem for Linux Denial of Service Vulnerability _Xfn  
CVE-2017-8627 ;:w0%>X^  
Denial of Service p+xjYU4^C  
Z$Vd8U;  
Iv>4o~t  
Moderate CVEs Y;>D"C..  
3TNj*jo  
RhSoD.Da  
Microsoft Edge Security Feature Bypass Vulnerability _'U(q\ri  
CVE-2017-8650 xdrs!GV:  
Security Feature Bypass Rj])c^ZA'*  
A=\:b^\  
-X,[NI3  
安全建议: G!5~`v  
阿里安全团队建议用户关注,并根据业务情况择机更新补丁,以提高服务器安全性: =g$>]AE  
vQ1#Zg y  
1.建议用户打开Windows Update功能,然后点击“检查更新”按钮,根据业务情况下载安装相关安全补丁; fH ?s~X]  
注意:在更新安装升级前,建议做好测试工作,并务必做好数据备份和快照,防止出现意外。 ?9:~d#p  
3 UG UZ  
a>BPK"K2  
2.安装完毕后重启服务器,检查系统运行情况。 #0 eop>O  
9=p/'d8  
情报来源: "D7wtpJ  
  • https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-changes-in
  • https://portal.msrc.microsoft.com/en-us/security-guidance
  • https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b3d96835-f651-e711-80dd-000d3a32fc99
1'BC R  
6w4}4i  
3s$vaV~(a  
{9<c*0l  
j5bp)U  
G"nGaFT~  
5PPaR|c3  
2HF_kYZ  
]r(s02  
[ 此帖被正禾在2017-08-09 15:15重新编辑 ]
发表主题 回复主题
« 返回列表上一主题下一主题

限100 字节
批量上传需要先选择文件,再选择上传
 
验证问题: 14 + 39 = ?
上一个 下一个