阿里云
发表主题 回复主题
  • 4706阅读
  • 0回复

[安全漏洞公告专区]【漏洞公告】微软“周二补丁日”—2017年8月

级别: 论坛版主
发帖
234
云币
459
~{n_rKYV  
Vvm6T@b M8  
2017年8月8日,微软在补丁日为48个CVE漏洞发布了补丁。相对于7月来说, 本次发布的补丁涉及到的漏洞相对较轻微。在48个CVE漏洞中,总共有26个CVE被评为“关键”,21评分为“重要”和1评级为“中等”。 在所有这些漏洞中,软件和服务安全更新包括: ;J2U5Y NO  
`Vw9j,G  
  • Adobe Flash Player
  • Microsoft Windows
  • Microsoft Scripting Engine
  • Microsoft Edge Browser
  • Internet Explorer
  • Microsoft JET Database Engine
  • Windows Search
  • Windows Hyper-V
Fw+JhI VP  
26个CVE中的18个评级为“严重”影响Microsoft脚本引擎,并可能导致远程执行代码。这些漏洞通常会被攻击者利用,设置恶意网站,并诱使受害者将其打开。我们看到在脚本引擎中修补的关键漏洞稳步增长。 zek\AQN  
除通常的漏洞外,关键的CVE存在异议。一个影响Windows输入法编辑器(IME),通常用于为亚洲语言中的字符集提供支持。 “关键”列表中的其他漏洞涵盖了Windows子系统Linux(WSL),允许用户直接在Windows系统上运行本机Linux命令行工具,还有Microsoft JET数据库引擎,以前由Microsoft访问和Visual Basic。具有定义应用程序或仍由JET支持的软件的用户应立即进行补丁。 ba% [!  
)"m FlS<I  
7\"-<z;kK  
“重要”列表中的漏洞包括许多常见的修补软件,如Office,Edge和Internet Explorer。但是,Microsoft SQL,Sharepoint和Hyper-V中的漏洞也被该列表覆盖。 Q[i;I bY  
9u1_L`+b  
详细漏洞清单: microsoft-security-updates-august-2917.xlsx (50 K) 下载次数:77 O!d^v9hM,  
^Xt9AM]e  
;G0~f9  
Critical CVEs K^J;iu4  
Ki^m&P   
({m["d  
August 2017 Flash Update s$C;31k  
ADV170010 6aM`qz)  
Remote Code Execution #Jy+:|jJ  
c500:OSB  
[_|i W%<`  
Internet Explorer Memory Corruption Vulnerability KofjveOiC  
CVE-2017-8651 vO]gj/SaT  
Remote Code Execution 5>j,P   
ppR_y  
$B}(5D a  
Microsoft Browser Memory Corruption Vulnerability L^RyJ;^c  
CVE-2017-8653 *W(b=u  
Remote Code Execution 7vNS@[8  
S^I38gJd  
To}L%)  
Microsoft Edge Memory Corruption Vulnerability VEpIAC4  
CVE-2017-8661 :7W5R  
Remote Code Execution eP &K]#  
[mw#a9  
4yQ4lU,r  
Microsoft JET Database Engine Remote Code Execution Vulnerability ~ZG>n{Q   
CVE-2017-0250 mTZlrkT  
Remote Code Execution aFyNm@a  
t^8#~o!%  
|8`}yRsQ  
Scripting Engine Memory Corruption Vulnerability PA`b~Ct  
CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8669, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, CVE-2017-8674 {EW}Wd  
Remote Code Execution nqgfAQsE)  
4z#CkT  
/Klwh1E  
Windows IME Remote Code Execution Vulnerability #kLM=a/_NO  
CVE-2017-8591 #g~~zwx/N  
Remote Code Execution tSYeZ~  
0AR4/5.  
@m6pAo4P  
Windows PDF Remote Code Execution Vulnerability eC[g"Ef  
CVE-2017-0293 p7.@ez ;  
Remote Code Execution ;1(OC-2>d  
G<Lm}  
/%)M lG  
Windows Search Remote Code Execution Vulnerability *aG0p&n}  
CVE-2017-8620 am:LLk-Lx  
Remote Code Execution yQou8P=%  
(O?z6g  
^$?8!WE  
Windows Subsystem for Linux Elevation of Privilege Vulnerability tG%R_$*  
CVE-2017-8622 vaTXu*   
Elevation of Privilege qn+mlduU  
}f6.eqBX4  
Rw$ @%o%  
Important CVEs ^QYI`u`4  
/Zm@.%.  
8d Ftp3(  
Express Compressed Fonts Remote Code Execution Vulnerability ?hfos Bn&[  
CVE-2017-8691 mcr71j  
Remote Code Execution 5O*+5n  
h[XGFz  
y{v*iH<  
Internet Explorer Security Feature Bypass Vulnerability YI\^hP#  
CVE-2017-8625 rbP.N ?YU%  
Security Feature Bypass sjaG%f&h  
J+.t \R  
OW #pBeX99  
@]2cL  
Microsoft Edge Elevation of Privilege Vulnerability 8,['q~z  
CVE-2017-8503, CVE-2017-8642 _a.Q@A4'  
Elevation of Privilege >!a*wf~]  
lzw r]J%|?  
VF[]E0=u6  
Microsoft Edge Information Disclosure Vulnerability BF]b\/I  
CVE-2017-8644, CVE-2017-8652, CVE-2017-8662 i<@|+*>M  
Information Disclosure -MOf[f^  
0} {QQB  
JFZZ-t;*  
Microsoft Office SharePoint XSS Vulnerability VBd.5YW  
CVE-2017-8654  ;xry  
Spoofing M)|}Vn;!  
]INbRytvc  
x$A5Ved  
Microsoft SQL Server Analysis Services Information Disclosure Vulnerability E%40u.0  
CVE-2017-8516 7H./o Vl  
Information Disclosure 85H8`YwPh  
.m+KXlP  
5HJ6[.HO  
Scripting Engine Information Disclosure Vulnerability -4V1s;QUZ  
CVE-2017-8659 UUA7m$F1  
Information Disclosure  ,?`$ ~8  
\y<n{"a  
ogQbST  
Scripting Engine Security Feature Bypass Vulnerability &z,w0FOre  
CVE-2017-8637 RAxA H  
Security Feature Bypass Y&+<'FA  
;O.U-s  
O5e9vQH  
Volume Manager Extension Driver Information Disclosure Vulnerability O </<  
CVE-2017-8668 #~ / -n&#  
Information Disclosure 8$@gAlI^  
w~1K93/p!  
r@iGM Jx$  
Win32k Elevation of Privilege Vulnerability 8R-?x/:  
CVE-2017-8593 qzmY]N+w|  
Elevation of Privilege ( R Ttz  
3hb1^HNT  
\Mt(9jNK  
Win32k Information Disclosure Vulnerability l |\Q~ D!o  
CVE-2017-8666 W;u~}k<  
Information Disclosure syV &Ds)  
J]Uki*s  
n,n]V$HFGh  
Windows CLFS Elevation of Privilege Vulnerability +D$\^ <#  
CVE-2017-8624 +vJ[k2d  
Elevation of Privilege ,AACE7%l  
")cdY) 14"  
J[]YG+r  
Windows Error Reporting Elevation of Privilege Vulnerability E!jM&\Zj  
CVE-2017-8633 #;2Ju'e#z  
Elevation of Privilege ! QP~#a%  
2h u;N  
 +loD{  
Windows Hyper-V Denial of Service Vulnerability (hdP(U77  
CVE-2017-8623 D4;V8(w=#  
Denial of Service 0xZq?9a  
m {wMzsQ  
>qCUs3}C{*  
Windows Hyper-V Remote Code Execution Vulnerability Oh-HfJyi  
CVE-2017-8664 d-39G*;1  
Remote Code Execution O_(/uLH  
`<C)oF\~f  
Sxf<8Px9i  
Windows NetBIOS Denial of Service Vulnerability lhJT&  
CVE-2017-0174 MS><7lk-  
Denial of Service rp.JYz,  
gmy_ZVU'  
Y <Ta2H  
Windows Remote Desktop Protocol Denial of Service Vulnerability H2|&  
CVE-2017-8673 v-_K'm  
Denial of Service W1U r~x`  
W UDQb5k  
4LJUO5(y@  
Windows Subsystem for Linux Denial of Service Vulnerability ;40!2P8t  
CVE-2017-8627 r4A%`sk@  
Denial of Service h+}`mi  
?VO*s-G:J  
8cF-kfbfZ  
Moderate CVEs fQ 'P2$  
q2Ax-#  
!+=jD3HTJ  
Microsoft Edge Security Feature Bypass Vulnerability gO1`zP!9Z  
CVE-2017-8650 x]XhWScr '  
Security Feature Bypass 1E=%:?d  
Xc"S"a^\%  
]aXCi"fMs  
安全建议: $ZH$x3;  
阿里安全团队建议用户关注,并根据业务情况择机更新补丁,以提高服务器安全性: OjJKloy'  
8L9xP'[^  
1.建议用户打开Windows Update功能,然后点击“检查更新”按钮,根据业务情况下载安装相关安全补丁; p4bQCI  
注意:在更新安装升级前,建议做好测试工作,并务必做好数据备份和快照,防止出现意外。 Ng0V&oDI  
+_3> T''_  
W5<1@  
2.安装完毕后重启服务器,检查系统运行情况。 AhiZ0W"  
|j#x}8 [(  
情报来源: cRDjpc]  
  • https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-changes-in
  • https://portal.msrc.microsoft.com/en-us/security-guidance
  • https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b3d96835-f651-e711-80dd-000d3a32fc99
;.'2ZNt2  
7-nwfp&|$  
=Bu d!  
=X2 Ieb  
i$?i1z*c}  
~^UQw? ;  
w*eO9k  
]Z&2  
IwiR2K  
[ 此帖被正禾在2017-08-09 15:15重新编辑 ]
发表主题 回复主题
« 返回列表上一主题下一主题

限100 字节
如果您在写长篇帖子又不马上发表,建议存为草稿
 
验证问题: ECS是阿里云提供的什么服务? 正确答案:云服务器
上一个 下一个