阿里云
发表主题 回复主题
  • 2912阅读
  • 0回复

[安全漏洞公告专区]【漏洞公告】微软“周二补丁日”—2017年8月

级别: 论坛版主
发帖
153
云币
293
ovv<7`  
r{y&}gA  
2017年8月8日,微软在补丁日为48个CVE漏洞发布了补丁。相对于7月来说, 本次发布的补丁涉及到的漏洞相对较轻微。在48个CVE漏洞中,总共有26个CVE被评为“关键”,21评分为“重要”和1评级为“中等”。 在所有这些漏洞中,软件和服务安全更新包括: }Rujh4*  
v+a$Xh3Y~  
  • Adobe Flash Player
  • Microsoft Windows
  • Microsoft Scripting Engine
  • Microsoft Edge Browser
  • Internet Explorer
  • Microsoft JET Database Engine
  • Windows Search
  • Windows Hyper-V
p=F!)TnJN  
26个CVE中的18个评级为“严重”影响Microsoft脚本引擎,并可能导致远程执行代码。这些漏洞通常会被攻击者利用,设置恶意网站,并诱使受害者将其打开。我们看到在脚本引擎中修补的关键漏洞稳步增长。 W\mj?R   
除通常的漏洞外,关键的CVE存在异议。一个影响Windows输入法编辑器(IME),通常用于为亚洲语言中的字符集提供支持。 “关键”列表中的其他漏洞涵盖了Windows子系统Linux(WSL),允许用户直接在Windows系统上运行本机Linux命令行工具,还有Microsoft JET数据库引擎,以前由Microsoft访问和Visual Basic。具有定义应用程序或仍由JET支持的软件的用户应立即进行补丁。 <a9<rF =r  
: utY4  
${(v Er#}k  
“重要”列表中的漏洞包括许多常见的修补软件,如Office,Edge和Internet Explorer。但是,Microsoft SQL,Sharepoint和Hyper-V中的漏洞也被该列表覆盖。 Y+il>.Z  
#_]/Mr1  
详细漏洞清单: microsoft-security-updates-august-2917.xlsx (50 K) 下载次数:40 }yQ&[Mt  
{ +d](+$  
e/+_tC$@p@  
Critical CVEs >R9Q|   
ze* =7  
<(YE_<F*  
August 2017 Flash Update :H9\nU1  
ADV170010 bv %Bo4s  
Remote Code Execution L{;Sc_  
%6A."sePO  
)OjTn"  
Internet Explorer Memory Corruption Vulnerability R]dN-'U  
CVE-2017-8651 X<:B"rPuK  
Remote Code Execution @zu IR0Gr)  
Uh6LU5  
9jwcO)p^  
Microsoft Browser Memory Corruption Vulnerability w&c6iFMd0  
CVE-2017-8653 O|Sbe%[*wW  
Remote Code Execution %"<|u)E  
7rIz  
++9?LH4S4  
Microsoft Edge Memory Corruption Vulnerability }%8 :8_Ke  
CVE-2017-8661 *}F>c3x]  
Remote Code Execution v,T :V#f^  
n*gr(S  
ko-3`hX`  
Microsoft JET Database Engine Remote Code Execution Vulnerability C ~e&J&zh  
CVE-2017-0250 ,=_)tX^  
Remote Code Execution fnXYp !  
Q!9  
GtuA94=!V&  
Scripting Engine Memory Corruption Vulnerability <v=$A]K  
CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8669, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, CVE-2017-8674 `i!BXOOV{  
Remote Code Execution _h6j, )  
-JKl\E  
`Wl_yC_*G;  
Windows IME Remote Code Execution Vulnerability ]QU 9|1  
CVE-2017-8591 f 7R/i  
Remote Code Execution "U"phLX  
h6CAd-\x\  
=l)D$l  
Windows PDF Remote Code Execution Vulnerability V jdu9Ez  
CVE-2017-0293 `w6*(t:T  
Remote Code Execution ]KQv ]'  
]8n*fo2#  
'iM#iA8  
Windows Search Remote Code Execution Vulnerability _2-fH  
CVE-2017-8620 4Wd H!z  
Remote Code Execution +Rj8 "p$K  
> `1K0?_  
@3w6 !Sgh  
Windows Subsystem for Linux Elevation of Privilege Vulnerability A=Y A#0  
CVE-2017-8622 !+k);;.+  
Elevation of Privilege sck.2-f"  
ptc.JB6  
kOE\.}~4  
Important CVEs *g*~+B :  
&wX568o  
bhl9:`s  
Express Compressed Fonts Remote Code Execution Vulnerability u?F^gIw  
CVE-2017-8691 34 '[O  
Remote Code Execution 4wkmgS  
,/ YTW@N  
h+c9FN  
Internet Explorer Security Feature Bypass Vulnerability #AR$'TE#  
CVE-2017-8625 M?d(-en  
Security Feature Bypass hz+O.k],?  
F-X L  
Z?<&@YQS  
K0{ ,*>C  
Microsoft Edge Elevation of Privilege Vulnerability S^x?<kYQau  
CVE-2017-8503, CVE-2017-8642 NI:3hfs  
Elevation of Privilege b&*)C#7/T  
kXgc'w6EhF  
nh]HEG0CZJ  
Microsoft Edge Information Disclosure Vulnerability Lng@'Yr  
CVE-2017-8644, CVE-2017-8652, CVE-2017-8662 \>tx:;D3  
Information Disclosure -uN M_|MO  
=`k', V_  
;LC?3.  
Microsoft Office SharePoint XSS Vulnerability 7fC:' 1]G  
CVE-2017-8654 )!lx'>0>  
Spoofing Ie[DTy  
$q##Tys  
C{>dE:*K^  
Microsoft SQL Server Analysis Services Information Disclosure Vulnerability Ki>XLX,er=  
CVE-2017-8516 **.g^Pyc  
Information Disclosure H@te!EE  
KJv[z   
+*IRI/KUD  
Scripting Engine Information Disclosure Vulnerability A`* l+M^z  
CVE-2017-8659 i}O.,iH  
Information Disclosure YH&q5W,KX  
aP]h03sS  
w8bvqTQ  
Scripting Engine Security Feature Bypass Vulnerability j XYr&F  
CVE-2017-8637 V@nZ_.  
Security Feature Bypass TPYh<p#  
@}s EP&$  
QZ+G2$  
Volume Manager Extension Driver Information Disclosure Vulnerability z0UtKE^b  
CVE-2017-8668 -@XOe&q  
Information Disclosure #8$" 84&N.  
%a]Imsm  
j@{B 8  
Win32k Elevation of Privilege Vulnerability OlgM7Vrl  
CVE-2017-8593 h@TP=  
Elevation of Privilege $&&+2?cx0  
0lOR.}]q  
ff]fN:}V  
Win32k Information Disclosure Vulnerability ,YJn=9pTl  
CVE-2017-8666 q8HnPXV  
Information Disclosure {gxP_>  
VB`% u=  
"ji+~%`^[t  
Windows CLFS Elevation of Privilege Vulnerability ;#^ o5ht  
CVE-2017-8624 s~ou$!|  
Elevation of Privilege 5~d=,;yE  
hZw8*H^tP  
[NV/*>"j&  
Windows Error Reporting Elevation of Privilege Vulnerability nTD4^'  
CVE-2017-8633 fe8hgTP|  
Elevation of Privilege "x nULQK  
zFQm3!.  
w"W;PdH)  
Windows Hyper-V Denial of Service Vulnerability <AK9HPxP  
CVE-2017-8623 SM1L^M3)  
Denial of Service ]]e>Jym  
:^-\KE` 3  
64vj6 &L  
Windows Hyper-V Remote Code Execution Vulnerability fWb+08}C  
CVE-2017-8664 dkqyn"^  
Remote Code Execution LXZI|K[}k  
UFC^ lv  
p=^6V"'  
Windows NetBIOS Denial of Service Vulnerability HKIr?  
CVE-2017-0174 EB@rIvUi,  
Denial of Service 73nM9  
g)!q4 -q  
Az-!X!O*f  
Windows Remote Desktop Protocol Denial of Service Vulnerability :D eJnE  
CVE-2017-8673 P s<k2  
Denial of Service  z:   
}Oqt=Wm  
TQPrOs?  
Windows Subsystem for Linux Denial of Service Vulnerability W Q9Q:F2  
CVE-2017-8627 REh\WgV!u  
Denial of Service j)#yyK{k2s  
U3{4GmrT  
h0HK~S#xBv  
Moderate CVEs `U|zNizO  
PHUeN]s#  
W}%"xy]N  
Microsoft Edge Security Feature Bypass Vulnerability F,Ve,7kh  
CVE-2017-8650 =-&h@mB;G  
Security Feature Bypass ggm'9|  
u:6R|%1fNn  
!w@i,zqu  
安全建议: B|8|f(tsSa  
阿里安全团队建议用户关注,并根据业务情况择机更新补丁,以提高服务器安全性: X[f)0w%  
Koj9]2<0  
1.建议用户打开Windows Update功能,然后点击“检查更新”按钮,根据业务情况下载安装相关安全补丁; a.RYRq4o  
注意:在更新安装升级前,建议做好测试工作,并务必做好数据备份和快照,防止出现意外。 g#Ta03\  
SLUQFoz}  
P=L@!F+s  
2.安装完毕后重启服务器,检查系统运行情况。 @,-D P41g  
-M_>]ubG  
情报来源:  K V  
  • https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-changes-in
  • https://portal.msrc.microsoft.com/en-us/security-guidance
  • https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b3d96835-f651-e711-80dd-000d3a32fc99
Oamz>Hplu  
%o{IQ4Lz#  
ZU;jz[}  
K5t.OAA:  
~jmI`X/  
 WK@<#  
B#35)QI  
E H%hL5(  
N8x.D-=gG  
[ 此帖被正禾在2017-08-09 15:15重新编辑 ]
发表主题 回复主题
« 返回列表上一主题下一主题

限100 字节
如果您在写长篇帖子又不马上发表,建议存为草稿
 
验证问题: 73 - 9 = ?
上一个 下一个