阿里云
阿里云多端小程序中小企业获客首选
发表主题 回复主题
  • 5983阅读
  • 0回复

[安全漏洞公告专区]【漏洞公告】微软“周二补丁日”—2017年8月

级别: 论坛版主
发帖
241
云币
478
1 6N+  
|-SImxV  
2017年8月8日,微软在补丁日为48个CVE漏洞发布了补丁。相对于7月来说, 本次发布的补丁涉及到的漏洞相对较轻微。在48个CVE漏洞中,总共有26个CVE被评为“关键”,21评分为“重要”和1评级为“中等”。 在所有这些漏洞中,软件和服务安全更新包括: *U69rbYI  
[esR!})  
  • Adobe Flash Player
  • Microsoft Windows
  • Microsoft Scripting Engine
  • Microsoft Edge Browser
  • Internet Explorer
  • Microsoft JET Database Engine
  • Windows Search
  • Windows Hyper-V
w2/3\3p  
26个CVE中的18个评级为“严重”影响Microsoft脚本引擎,并可能导致远程执行代码。这些漏洞通常会被攻击者利用,设置恶意网站,并诱使受害者将其打开。我们看到在脚本引擎中修补的关键漏洞稳步增长。 %Qc5_of  
除通常的漏洞外,关键的CVE存在异议。一个影响Windows输入法编辑器(IME),通常用于为亚洲语言中的字符集提供支持。 “关键”列表中的其他漏洞涵盖了Windows子系统Linux(WSL),允许用户直接在Windows系统上运行本机Linux命令行工具,还有Microsoft JET数据库引擎,以前由Microsoft访问和Visual Basic。具有定义应用程序或仍由JET支持的软件的用户应立即进行补丁。 +~~&FO2  
V<+= t{  
 #mDeA>b  
“重要”列表中的漏洞包括许多常见的修补软件,如Office,Edge和Internet Explorer。但是,Microsoft SQL,Sharepoint和Hyper-V中的漏洞也被该列表覆盖。 ;[~:Y[N  
8A3pYW-  
详细漏洞清单: microsoft-security-updates-august-2917.xlsx (50 K) 下载次数:81 n,E =eNc  
:J{| /"==  
2UF ,W]  
Critical CVEs fEB>3hI  
_CDl9pP36#  
keYvscRBI  
August 2017 Flash Update =vaC?d3   
ADV170010 dmkd.aP4  
Remote Code Execution T1&^IO-F7$  
O0Vtvbj  
RTgR>qI&)  
Internet Explorer Memory Corruption Vulnerability ]tzO)c)w;  
CVE-2017-8651 [z^db0PU  
Remote Code Execution =(^-s Jk  
)O~V3a  
%SX)Z i=O  
Microsoft Browser Memory Corruption Vulnerability W]t!I}yPR  
CVE-2017-8653 'K9{xI@N  
Remote Code Execution M^E\L C  
covr0N)  
LXm5f;  
Microsoft Edge Memory Corruption Vulnerability .|pyloL.  
CVE-2017-8661 \VTNXEw*G  
Remote Code Execution ?y@RE  
qXH\e|  
&s|a\!>l  
Microsoft JET Database Engine Remote Code Execution Vulnerability ]ZB^Hi_  
CVE-2017-0250 ygvX}q  
Remote Code Execution .5;Xd?  
R>ak 3Y  
H</Mh*Fl2G  
Scripting Engine Memory Corruption Vulnerability ;-OnCLr  
CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8669, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, CVE-2017-8674 Zy>iaG9}  
Remote Code Execution @Y~R*^n"}  
Kc>C$}/}$  
&7{/ x~S{  
Windows IME Remote Code Execution Vulnerability RO([R=.`/  
CVE-2017-8591  !IZbMn6  
Remote Code Execution |7K[+aK  
: *~}\M*  
O%g%*9  
Windows PDF Remote Code Execution Vulnerability vSt7&ec  
CVE-2017-0293 '%u7XuU-]  
Remote Code Execution +EmT+$>J  
2f%G`4/p  
HywT  
Windows Search Remote Code Execution Vulnerability c\n&Z'vK  
CVE-2017-8620 ,Tb~+z|-[  
Remote Code Execution 6a+w/IO3OU  
#SHmAB  
fjE  
Windows Subsystem for Linux Elevation of Privilege Vulnerability =1JS6~CTLN  
CVE-2017-8622 )wmG&"qsP  
Elevation of Privilege ,s%1#cbR  
V-y"@0%1  
wIrjWU2  
Important CVEs GAZTCkB"  
Zy}Qc")Z  
WcCJ;z:S?k  
Express Compressed Fonts Remote Code Execution Vulnerability ECO4ut.d  
CVE-2017-8691 d6$,iw@>^  
Remote Code Execution h6*&1r  
73-*| @6  
;g3z?Uz)  
Internet Explorer Security Feature Bypass Vulnerability j|`6[93MG  
CVE-2017-8625 }~?B>vZS  
Security Feature Bypass pJ` M5pF  
L|y4u;-Q  
pjC2jlwm*  
02Ftn&bi  
Microsoft Edge Elevation of Privilege Vulnerability jWn!96NhlL  
CVE-2017-8503, CVE-2017-8642 6.o8vC/PZ  
Elevation of Privilege +E8Itb,  
K[wOK  
Qz T>h  
Microsoft Edge Information Disclosure Vulnerability 0_}^IiG  
CVE-2017-8644, CVE-2017-8652, CVE-2017-8662 hSxlj7Eo^T  
Information Disclosure 9uXuV$.  
RL|13CG OP  
L<kIzB !  
Microsoft Office SharePoint XSS Vulnerability hEO#uAR^Z  
CVE-2017-8654 ;(a\F  
Spoofing jpL' y1@Ut  
i[:S *`@S  
0jS"PH?[  
Microsoft SQL Server Analysis Services Information Disclosure Vulnerability "[`.I*WNo  
CVE-2017-8516 [x {S ,?6  
Information Disclosure '~dE0ohWb  
64Ot`=A"  
;z6Gk&?  
Scripting Engine Information Disclosure Vulnerability rsbd DTy  
CVE-2017-8659 nI1DLVt  
Information Disclosure Mo+ mO&B  
U'pm5Mc\q  
I91pX<NBf  
Scripting Engine Security Feature Bypass Vulnerability R3MbTg  
CVE-2017-8637 }3tbqFiH  
Security Feature Bypass Rp~#zt9:  
^*;{Uj+O~Y  
s]=s2.=  
Volume Manager Extension Driver Information Disclosure Vulnerability =F!DwaZ  
CVE-2017-8668 ZE#f{qF(  
Information Disclosure 6E9y[ %+  
HaP0;9q  
*>Z|!{bI  
Win32k Elevation of Privilege Vulnerability QjW7XVxB#N  
CVE-2017-8593 B]PTe~n^  
Elevation of Privilege a:C'N4K  
nwwKef(  
> ,L'A;c}  
Win32k Information Disclosure Vulnerability >Z#=<  
CVE-2017-8666 ` [ EzU+  
Information Disclosure b P>!&s_  
xl%!7?G|$>  
{(}Mu R  
Windows CLFS Elevation of Privilege Vulnerability 39;Z+s";  
CVE-2017-8624 20hF2V  
Elevation of Privilege 1'5I]D ec  
q% Eze  
'1)BZ!  
Windows Error Reporting Elevation of Privilege Vulnerability !B==cNq  
CVE-2017-8633 /K mzi9j+  
Elevation of Privilege ^(ks^<}  
+"Pt?k  
h+mM  
Windows Hyper-V Denial of Service Vulnerability bl|k6{A  
CVE-2017-8623 *|n::9  
Denial of Service }?,Gn]]  
gY AXUM,  
%?^T^P  
Windows Hyper-V Remote Code Execution Vulnerability ~Mv@Bl  
CVE-2017-8664 L&1VPli  
Remote Code Execution uLYz!E+E  
e";r_J3w  
Wjt1NfS&  
Windows NetBIOS Denial of Service Vulnerability JZp*"UzQr  
CVE-2017-0174 <dx xXzLT  
Denial of Service $AAv%v  
Wvl>iHB  
8tWOVLquJ  
Windows Remote Desktop Protocol Denial of Service Vulnerability :+ef|,:`/  
CVE-2017-8673 VOBzB]  
Denial of Service UhCE.# U  
i<|5~tm  
'iO?M'0gE#  
Windows Subsystem for Linux Denial of Service Vulnerability f[3DKA  
CVE-2017-8627 ODK$G [-  
Denial of Service _Zya GDv  
EWPP&(u3  
O"4Q=~Y  
Moderate CVEs .lfKS!m2  
SU OuayE  
((A]FOIbO  
Microsoft Edge Security Feature Bypass Vulnerability W B)<B  
CVE-2017-8650 gB@Xi*  
Security Feature Bypass F)/}Q[o8  
>TUs~  
6_/691  
安全建议: /_E8'qlx  
阿里安全团队建议用户关注,并根据业务情况择机更新补丁,以提高服务器安全性: tS,nO:+x  
S!qJqZ<Bv  
1.建议用户打开Windows Update功能,然后点击“检查更新”按钮,根据业务情况下载安装相关安全补丁; {]plT~{e  
注意:在更新安装升级前,建议做好测试工作,并务必做好数据备份和快照,防止出现意外。 knX0b$$  
Vu '/o[nF>  
\B"5 Kp<  
2.安装完毕后重启服务器,检查系统运行情况。 G?!b00H  
5Jq~EB{"  
情报来源: U>6MT@\  
  • https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-changes-in
  • https://portal.msrc.microsoft.com/en-us/security-guidance
  • https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b3d96835-f651-e711-80dd-000d3a32fc99
p+U}oC  
(Da/$S.  
H];|<G  
-frmvNJ F  
MB :knj  
VTySKY+  
|;_NCy8i3X  
[H z_x(t26  
BL<.u  
[ 此帖被正禾在2017-08-09 15:15重新编辑 ]
发表主题 回复主题
« 返回列表上一主题下一主题

限100 字节
如果您提交过一次失败了,可以用”恢复数据”来恢复帖子内容
 
验证问题: 6 - 1 = ?
上一个 下一个
      ×
      全新阿里云开发者社区, 去探索开发者的新世界吧!
      一站式的体验,更多的精彩!
      通过下面领域大门,一起探索新的技术世界吧~ (点击图标进入)