阿里云
阿里云多端小程序中小企业获客首选
发表主题 回复主题
  • 5989阅读
  • 0回复

[安全漏洞公告专区]【漏洞公告】微软“周二补丁日”—2017年8月

级别: 论坛版主
发帖
241
云币
478
Pd-0u> k  
UHr0J jQK  
2017年8月8日,微软在补丁日为48个CVE漏洞发布了补丁。相对于7月来说, 本次发布的补丁涉及到的漏洞相对较轻微。在48个CVE漏洞中,总共有26个CVE被评为“关键”,21评分为“重要”和1评级为“中等”。 在所有这些漏洞中,软件和服务安全更新包括: vg@kPuOiO  
gC^4K9g  
  • Adobe Flash Player
  • Microsoft Windows
  • Microsoft Scripting Engine
  • Microsoft Edge Browser
  • Internet Explorer
  • Microsoft JET Database Engine
  • Windows Search
  • Windows Hyper-V
+~~FfIzf#  
26个CVE中的18个评级为“严重”影响Microsoft脚本引擎,并可能导致远程执行代码。这些漏洞通常会被攻击者利用,设置恶意网站,并诱使受害者将其打开。我们看到在脚本引擎中修补的关键漏洞稳步增长。 3[8F:I0UL  
除通常的漏洞外,关键的CVE存在异议。一个影响Windows输入法编辑器(IME),通常用于为亚洲语言中的字符集提供支持。 “关键”列表中的其他漏洞涵盖了Windows子系统Linux(WSL),允许用户直接在Windows系统上运行本机Linux命令行工具,还有Microsoft JET数据库引擎,以前由Microsoft访问和Visual Basic。具有定义应用程序或仍由JET支持的软件的用户应立即进行补丁。 On%21L;JG  
#wz1uw[pI!  
QC@nRy8%  
“重要”列表中的漏洞包括许多常见的修补软件,如Office,Edge和Internet Explorer。但是,Microsoft SQL,Sharepoint和Hyper-V中的漏洞也被该列表覆盖。 b0W~*s [4  
L"|4 v  
详细漏洞清单: microsoft-security-updates-august-2917.xlsx (50 K) 下载次数:81 %qG nvQ  
')C %CAYW  
AITV+=sN  
Critical CVEs 72rnMHq  
&k'J5YHm8H  
",wv*z)_>  
August 2017 Flash Update 4w p5ghe  
ADV170010 Ay?;0w0  
Remote Code Execution TI '(  
[k~V77w 14  
&)F8i# M  
Internet Explorer Memory Corruption Vulnerability Gao8!OaQ  
CVE-2017-8651 pfd||Z  
Remote Code Execution &YMz3ugI  
5Fh?YS=  
O'tVZ!C#J  
Microsoft Browser Memory Corruption Vulnerability CX](^yU_  
CVE-2017-8653 }bj dK  
Remote Code Execution ^kg[n908Nw  
fq^D<c{3  
FPM@%U  
Microsoft Edge Memory Corruption Vulnerability 5Ym/'eT  
CVE-2017-8661 ?.E ixGzI^  
Remote Code Execution z}I4m  
$nR1AOm}.B  
p3?!}VM!y  
Microsoft JET Database Engine Remote Code Execution Vulnerability x13t@b  
CVE-2017-0250 R@lmX%Z1  
Remote Code Execution Af8&PhyrU  
W zM9{c  
sW/^82(dM  
Scripting Engine Memory Corruption Vulnerability 4;G:.k!K  
CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8669, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, CVE-2017-8674 /S}0u}jID?  
Remote Code Execution j$Ttoo  
'FB?#C%U  
3#)I7FG  
Windows IME Remote Code Execution Vulnerability h.\V;6ly  
CVE-2017-8591 pk&kJ307  
Remote Code Execution ')pXQ  
S\7-u\)  
}6#lE,\lM  
Windows PDF Remote Code Execution Vulnerability X+l &MD  
CVE-2017-0293 :f^ =~#!  
Remote Code Execution Wn*>h'R  
VgfA&?4[  
o(~QuHOp8>  
Windows Search Remote Code Execution Vulnerability 0IHcyb  
CVE-2017-8620 !Pnvqgp/  
Remote Code Execution <5qXC.{Cyp  
0cV=>|b>;  
@4h{#  
Windows Subsystem for Linux Elevation of Privilege Vulnerability 0!v+ +  
CVE-2017-8622 "#uXpCuw  
Elevation of Privilege HX1RA 5O  
7P}&<;5zD  
\!HG kmd  
Important CVEs KiXXlaOs  
r)$(>/[$  
.ztO._J7f  
Express Compressed Fonts Remote Code Execution Vulnerability N?`-$C ]  
CVE-2017-8691 E. @n Rj#  
Remote Code Execution ${"+bWG2G!  
5a moK7  
;m/%g{oV  
Internet Explorer Security Feature Bypass Vulnerability V+7x_>!&)  
CVE-2017-8625 0pP;[7k\  
Security Feature Bypass s;-(dQ{O  
02Z># AE  
?#|Y'%a"  
0eQwi l@  
Microsoft Edge Elevation of Privilege Vulnerability h+o-h4X  
CVE-2017-8503, CVE-2017-8642 B%95M|  
Elevation of Privilege v]CH L# |  
*QAcp` ;*  
JTuU}nm+  
Microsoft Edge Information Disclosure Vulnerability _~f&wkc  
CVE-2017-8644, CVE-2017-8652, CVE-2017-8662 }:UNL^e?  
Information Disclosure Ii"h:GY;\  
|/,XdTSy  
7MXi_V;p<  
Microsoft Office SharePoint XSS Vulnerability sqkk 4w1#C  
CVE-2017-8654 u~Zx9>f  
Spoofing HIUB:  
5 rpX"(  
'0z-duu  
Microsoft SQL Server Analysis Services Information Disclosure Vulnerability if6/ +7  
CVE-2017-8516 2y/|/IW=  
Information Disclosure P@ Oq'y[  
,Y|WSKY*  
Opc, {,z6  
Scripting Engine Information Disclosure Vulnerability 9sQ7wlK  
CVE-2017-8659 pSM\(kVKa  
Information Disclosure b}DxD1*nsI  
.W[ 9G\  
IKT3T_\-I  
Scripting Engine Security Feature Bypass Vulnerability i7hWBd4wK  
CVE-2017-8637 d~NvS-u7  
Security Feature Bypass V^9c:!aI  
F Xbf7G)H  
J&mZsa)4  
Volume Manager Extension Driver Information Disclosure Vulnerability nksx|i l  
CVE-2017-8668 1D3{\v  
Information Disclosure 9?8Yf(MC%u  
u-yVc*<,  
aj>6q=R  
Win32k Elevation of Privilege Vulnerability sFh mp  
CVE-2017-8593 [wHGt?R  
Elevation of Privilege QrmiQ]d*p  
0)=U:y.  
Mi+<|5is  
Win32k Information Disclosure Vulnerability $\:;N]Cs~0  
CVE-2017-8666 'Z^-(xG,+  
Information Disclosure <kJ,E[4`  
8R G U^&  
yHrYSEM  
Windows CLFS Elevation of Privilege Vulnerability 2`2S94'  
CVE-2017-8624 J0{;"  
Elevation of Privilege 1|U8DK  
uvbXsO"z]]  
P*9vs%W  
Windows Error Reporting Elevation of Privilege Vulnerability o5k7$0:t/  
CVE-2017-8633 nQy%av$  
Elevation of Privilege t@hE}R  
VV'K$v3'N8  
IYZ$a/{P  
Windows Hyper-V Denial of Service Vulnerability ) ?L  
CVE-2017-8623 ~hx__^]d  
Denial of Service |2ttdc.  
El9D1],  
Z4@%0mFll  
Windows Hyper-V Remote Code Execution Vulnerability B)^uGS W  
CVE-2017-8664 m+Um^:\jX  
Remote Code Execution TOH!vQP  
8ux?K5_  
$0(~ID  
Windows NetBIOS Denial of Service Vulnerability VB(S]N)F^  
CVE-2017-0174 T~&9/%$F  
Denial of Service 7[ 82~jM[  
#.Q8q  
%d%$jF`  
Windows Remote Desktop Protocol Denial of Service Vulnerability 5Xe1a'n5]  
CVE-2017-8673 vC j, aSW  
Denial of Service @'D ,T^I  
ZKk*2EK]2z  
VZ o,AP~  
Windows Subsystem for Linux Denial of Service Vulnerability 0vi)m y;!  
CVE-2017-8627 [*{G,=tF`Y  
Denial of Service z8 n=\xL  
e7# B?  
y,YK Mc  
Moderate CVEs DrY5Q&S  
jE.yT(+lW  
j$%uip{  
Microsoft Edge Security Feature Bypass Vulnerability rhr(uCp/  
CVE-2017-8650 Hea76P5$P+  
Security Feature Bypass udld[f.  
XFS"~{  
W)OoHpdw  
安全建议: GM{J3O=  
阿里安全团队建议用户关注,并根据业务情况择机更新补丁,以提高服务器安全性: $VgazUH% =  
Q,AM<\S  
1.建议用户打开Windows Update功能,然后点击“检查更新”按钮,根据业务情况下载安装相关安全补丁; df'xx)kW  
注意:在更新安装升级前,建议做好测试工作,并务必做好数据备份和快照,防止出现意外。 =xf7lN'  
|o5F%1o  
]TTQ;F  
2.安装完毕后重启服务器,检查系统运行情况。 O]/BNacS  
0/g 0=dW=  
情报来源: qR X:e o  
  • https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-changes-in
  • https://portal.msrc.microsoft.com/en-us/security-guidance
  • https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b3d96835-f651-e711-80dd-000d3a32fc99
}BR@vY'd  
,'FdUq)i  
dM^1O-K:  
vz^w %67&  
Gl@-RLo  
~?BN4ptc  
R, J(]ew  
u#>*"4Q  
/ }tMb  
[ 此帖被正禾在2017-08-09 15:15重新编辑 ]
发表主题 回复主题
« 返回列表上一主题下一主题

限100 字节
如果您在写长篇帖子又不马上发表,建议存为草稿
 
验证问题: ECS是阿里云提供的什么服务? 正确答案:云服务器
上一个 下一个
      ×
      全新阿里云开发者社区, 去探索开发者的新世界吧!
      一站式的体验,更多的精彩!
      通过下面领域大门,一起探索新的技术世界吧~ (点击图标进入)