阿里云
订阅广场
发表主题 回复主题
  • 4123阅读
  • 0回复

[安全漏洞公告专区]【漏洞公告】微软“周二补丁日”—2017年8月

级别: 论坛版主
发帖
215
云币
400
)6:]o&bZ  
k5t^s  
2017年8月8日,微软在补丁日为48个CVE漏洞发布了补丁。相对于7月来说, 本次发布的补丁涉及到的漏洞相对较轻微。在48个CVE漏洞中,总共有26个CVE被评为“关键”,21评分为“重要”和1评级为“中等”。 在所有这些漏洞中,软件和服务安全更新包括: Yuo1'gE+  
,0uo&/Y4L  
  • Adobe Flash Player
  • Microsoft Windows
  • Microsoft Scripting Engine
  • Microsoft Edge Browser
  • Internet Explorer
  • Microsoft JET Database Engine
  • Windows Search
  • Windows Hyper-V
aaz"`,7_  
26个CVE中的18个评级为“严重”影响Microsoft脚本引擎,并可能导致远程执行代码。这些漏洞通常会被攻击者利用,设置恶意网站,并诱使受害者将其打开。我们看到在脚本引擎中修补的关键漏洞稳步增长。 fb"J Bc}X  
除通常的漏洞外,关键的CVE存在异议。一个影响Windows输入法编辑器(IME),通常用于为亚洲语言中的字符集提供支持。 “关键”列表中的其他漏洞涵盖了Windows子系统Linux(WSL),允许用户直接在Windows系统上运行本机Linux命令行工具,还有Microsoft JET数据库引擎,以前由Microsoft访问和Visual Basic。具有定义应用程序或仍由JET支持的软件的用户应立即进行补丁。 "bR'Bt  
}d~wDg<#  
:#w+?LA*  
“重要”列表中的漏洞包括许多常见的修补软件,如Office,Edge和Internet Explorer。但是,Microsoft SQL,Sharepoint和Hyper-V中的漏洞也被该列表覆盖。 ]\RSHz  
H*{k4  
详细漏洞清单: microsoft-security-updates-august-2917.xlsx (50 K) 下载次数:74 nl'J.dJe  
A?Nn>xF9X  
e-iYJ?  
Critical CVEs U8K &Q4^  
*hZ~i{c,7  
S@c\|  
August 2017 Flash Update R] Disljq  
ADV170010 6mBDd>`0  
Remote Code Execution [T4 pgt'H  
~)wwX:;B_  
: _^0'ULP  
Internet Explorer Memory Corruption Vulnerability 4ypRyO  
CVE-2017-8651 E#<7\ p>  
Remote Code Execution jy!f{dsC  
i$[,-4 v  
,TF<y#wed  
Microsoft Browser Memory Corruption Vulnerability x/%7%_+'  
CVE-2017-8653 >HcYVp~G  
Remote Code Execution n9kd2[s|  
5 6Sh  
(Bt;DM#>  
Microsoft Edge Memory Corruption Vulnerability YER:ICQ  
CVE-2017-8661 $/[Gys3"  
Remote Code Execution [|a( y6Q  
_8[UtZYG  
iN<(O7B;  
Microsoft JET Database Engine Remote Code Execution Vulnerability #Rin*HL##  
CVE-2017-0250 vIVw'Z(g}  
Remote Code Execution {A]k%74-a  
d[Rb:Y w  
g|ql 5jW  
Scripting Engine Memory Corruption Vulnerability t/JOERw  
CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8669, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, CVE-2017-8674 3D 9N: c  
Remote Code Execution 09R,'QJ|  
K4j@j}zK9I  
v[R_S  
Windows IME Remote Code Execution Vulnerability j6n2dMRvSE  
CVE-2017-8591 Az U|p  
Remote Code Execution z@!^ow)`J  
T(Y}V[0+  
WYSck&9  
Windows PDF Remote Code Execution Vulnerability cJP'ShnCh  
CVE-2017-0293 6RH/V:YY  
Remote Code Execution i[^k.W3gf  
\HCOR, `T  
^pJ0nY# c  
Windows Search Remote Code Execution Vulnerability shM{Y9~O9&  
CVE-2017-8620 LkaG8#m1R  
Remote Code Execution myD{sE2A  
s,84*6u  
8dc538:q}  
Windows Subsystem for Linux Elevation of Privilege Vulnerability "3@KRb4f  
CVE-2017-8622 b![t6-f^z  
Elevation of Privilege LPq2+:JpS  
v-ThdE$G#  
GSQfg  
Important CVEs %h0D)6 j  
!loO%3_)  
bKYY{V55  
Express Compressed Fonts Remote Code Execution Vulnerability ]X*YAPv  
CVE-2017-8691 h>dxBN  
Remote Code Execution ?hKm&B;d  
>5c]aNcv  
Q5g,7ac8L  
Internet Explorer Security Feature Bypass Vulnerability ?3[tJreVj  
CVE-2017-8625 P!5Z]+B#  
Security Feature Bypass ^,Xa IP+[  
# 2d,U\_  
vsH3{:&;"P  
+hpSxdAz4  
Microsoft Edge Elevation of Privilege Vulnerability .XIr?>G  
CVE-2017-8503, CVE-2017-8642 Cgo9rC~]  
Elevation of Privilege 02,W~+d1  
7iP5T  
1XCmM Z  
Microsoft Edge Information Disclosure Vulnerability 3#9uEDdE  
CVE-2017-8644, CVE-2017-8652, CVE-2017-8662 2@fa rx:  
Information Disclosure uw_H:-J  
goB;EWz  
+uELTHH=  
Microsoft Office SharePoint XSS Vulnerability PzLJ/QER  
CVE-2017-8654 mdaYYD=c%  
Spoofing ":V%(c  
5.dl>,  
<z',]hy  
Microsoft SQL Server Analysis Services Information Disclosure Vulnerability of=ql  
CVE-2017-8516 KYf;_C,$  
Information Disclosure 6i| ~7md,  
5\&]J7(  
ac|/Y$\w  
Scripting Engine Information Disclosure Vulnerability @*SA$9/l  
CVE-2017-8659 i$["aP~G  
Information Disclosure ).Q[!lly   
"ct58Y@   
bH,M,xIL2  
Scripting Engine Security Feature Bypass Vulnerability p=vV4C:  
CVE-2017-8637 JDKLKHOMZ  
Security Feature Bypass y`6\L$c  
cN5"i0xk  
:kt/$S^-  
Volume Manager Extension Driver Information Disclosure Vulnerability js -2"I  
CVE-2017-8668 ncj!KyU  
Information Disclosure &1l~&,,  
B 2Z0  
\OT6L'l],  
Win32k Elevation of Privilege Vulnerability PV(4$I}  
CVE-2017-8593 l/ QhD?)9  
Elevation of Privilege @+E7w6>%  
/e(W8aszi  
g8'~e{= (  
Win32k Information Disclosure Vulnerability [1U{ci&=p  
CVE-2017-8666 onib x^Fcd  
Information Disclosure /S[?{QA  
` jyKCm.$#  
%i595Ij-]  
Windows CLFS Elevation of Privilege Vulnerability c})wD+1  
CVE-2017-8624 J)KnE2dw5  
Elevation of Privilege ~?d>fR:X  
\C7q4p?8  
hX3@f;[B2  
Windows Error Reporting Elevation of Privilege Vulnerability ^N{k6>;  
CVE-2017-8633 2LC w*eT{)  
Elevation of Privilege &r:=KT3  
fK"iF@=Z`  
lC4PKm no  
Windows Hyper-V Denial of Service Vulnerability &oEyixe  
CVE-2017-8623 TL@mM  
Denial of Service 7D9]R#-K  
h7*O.Opm=  
P7UJ-2%Y+  
Windows Hyper-V Remote Code Execution Vulnerability p#=;)1  
CVE-2017-8664 USFg_sO  
Remote Code Execution JnHNkCaU  
mV;3ILO  
T%~SM5  
Windows NetBIOS Denial of Service Vulnerability ="2/\*.SL  
CVE-2017-0174 @,e8t BL  
Denial of Service }lO }x  
K~3Ebr  
CIy^`2wq  
Windows Remote Desktop Protocol Denial of Service Vulnerability _D JCsK|  
CVE-2017-8673 yW`e |!  
Denial of Service R"{l[9j4>  
sv`"\3N[  
`x2,;h!:)N  
Windows Subsystem for Linux Denial of Service Vulnerability 6klD22b2$  
CVE-2017-8627 ^/<|f,2  
Denial of Service p&O8qAaO  
q)k{W>O  
#D0W7 a  
Moderate CVEs --A&TV  
ZRP y~wy>  
K"^cq~   
Microsoft Edge Security Feature Bypass Vulnerability f:XfAH3R{  
CVE-2017-8650 B j=@&;  
Security Feature Bypass l?<q YjI  
67?n-NP  
.:[`j3s)Y  
安全建议: `@MPkC y1  
阿里安全团队建议用户关注,并根据业务情况择机更新补丁,以提高服务器安全性: gCL{Cw  
x G^f  
1.建议用户打开Windows Update功能,然后点击“检查更新”按钮,根据业务情况下载安装相关安全补丁; sJv`fjf%8  
注意:在更新安装升级前,建议做好测试工作,并务必做好数据备份和快照,防止出现意外。 0$QIfT)  
V]m^7^m3  
]LVnt-q  
2.安装完毕后重启服务器,检查系统运行情况。 {(!)P  
%",ULtZ+  
情报来源: 1J&#&\,f&  
  • https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-changes-in
  • https://portal.msrc.microsoft.com/en-us/security-guidance
  • https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b3d96835-f651-e711-80dd-000d3a32fc99
Pa[?L:E  
z'*ml ?  
)vQNiik#  
F3 Y<ZbxT  
B*2{M  
BvQUn@ XE  
wx./"m.M  
+[_gyLN<5b  
,# eO&  
[ 此帖被正禾在2017-08-09 15:15重新编辑 ]
发表主题 回复主题
« 返回列表上一主题下一主题

限100 字节
如果您在写长篇帖子又不马上发表,建议存为草稿
 
验证问题: 阿里云官网域名是什么? 正确答案:www.aliyun.com
上一个 下一个