阿里云
服务器地域选择
发表主题 回复主题
  • 3584阅读
  • 0回复

[安全漏洞公告专区]【漏洞公告】微软“周二补丁日”—2017年8月

级别: 论坛版主
发帖
183
云币
339
F|XRh6j  
W`^Zb[  
2017年8月8日,微软在补丁日为48个CVE漏洞发布了补丁。相对于7月来说, 本次发布的补丁涉及到的漏洞相对较轻微。在48个CVE漏洞中,总共有26个CVE被评为“关键”,21评分为“重要”和1评级为“中等”。 在所有这些漏洞中,软件和服务安全更新包括: 5[Yzi> o[  
&pD6Qq{  
  • Adobe Flash Player
  • Microsoft Windows
  • Microsoft Scripting Engine
  • Microsoft Edge Browser
  • Internet Explorer
  • Microsoft JET Database Engine
  • Windows Search
  • Windows Hyper-V
]I#yS=;  
26个CVE中的18个评级为“严重”影响Microsoft脚本引擎,并可能导致远程执行代码。这些漏洞通常会被攻击者利用,设置恶意网站,并诱使受害者将其打开。我们看到在脚本引擎中修补的关键漏洞稳步增长。 Hinz6k6!  
除通常的漏洞外,关键的CVE存在异议。一个影响Windows输入法编辑器(IME),通常用于为亚洲语言中的字符集提供支持。 “关键”列表中的其他漏洞涵盖了Windows子系统Linux(WSL),允许用户直接在Windows系统上运行本机Linux命令行工具,还有Microsoft JET数据库引擎,以前由Microsoft访问和Visual Basic。具有定义应用程序或仍由JET支持的软件的用户应立即进行补丁。 !(soMv  
x\Bl^1&  
afcI5w;>}  
“重要”列表中的漏洞包括许多常见的修补软件,如Office,Edge和Internet Explorer。但是,Microsoft SQL,Sharepoint和Hyper-V中的漏洞也被该列表覆盖。 --S2lN/:T  
VMUK|pC4 K  
详细漏洞清单: microsoft-security-updates-august-2917.xlsx (50 K) 下载次数:62 a 8Jn.!  
1#9Q1@'OS  
]N^a/&} *  
Critical CVEs dw8Ce8W  
R*D0A@  
!K#Q[Ee  
August 2017 Flash Update PG8|w[V1"  
ADV170010 5uu Zt0V\  
Remote Code Execution vl<W`)'  
wvum7K{tI  
aCe<*;b@  
Internet Explorer Memory Corruption Vulnerability %SL'X`j  
CVE-2017-8651 N246RV1W  
Remote Code Execution WUSkN;idVG  
4 e1=b,  
vlAYKtl3]  
Microsoft Browser Memory Corruption Vulnerability #y"E hwF  
CVE-2017-8653 mYf7?I~  
Remote Code Execution UW*[)yw]  
4~8++b1/;  
({g7{tUy^H  
Microsoft Edge Memory Corruption Vulnerability p=vu<xXtD  
CVE-2017-8661 E`3yf9"  
Remote Code Execution U)%gzXTZ%  
)2KQZMtgm]  
L, L>cmpM  
Microsoft JET Database Engine Remote Code Execution Vulnerability ."<mL}Fi(  
CVE-2017-0250 y| *X  
Remote Code Execution ?+)O4?#  
!%<bLD8  
fGDR<t3yiQ  
Scripting Engine Memory Corruption Vulnerability `x2Q:&.H`  
CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8669, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, CVE-2017-8674 |[/[*hDZ9  
Remote Code Execution !sA[A>  
|X/ QSL  
I;]Q}SUsm  
Windows IME Remote Code Execution Vulnerability hm"i\JZ3N  
CVE-2017-8591 #'N"<o[  
Remote Code Execution Zi5d"V[}T  
;*K@8GnU  
7/nnl0u8  
Windows PDF Remote Code Execution Vulnerability jEwfa_Q%  
CVE-2017-0293 bM[!E8dF  
Remote Code Execution Fdsaf[3[v  
>h+[#3vD  
e|)6zh<O:  
Windows Search Remote Code Execution Vulnerability 5 Z+2  
CVE-2017-8620  II;fBcXF  
Remote Code Execution R0dIxG%  
|F _ Z  
o";5@NH  
Windows Subsystem for Linux Elevation of Privilege Vulnerability ^.5`jdk  
CVE-2017-8622 n\8;4]n  
Elevation of Privilege g.![>?2$8  
Ml`tDt|;  
:<$B o  
Important CVEs NV 6kj=r  
TX7B(JZD  
X2>qx^jT  
Express Compressed Fonts Remote Code Execution Vulnerability f>$Ld1  
CVE-2017-8691 z8W@N8IqC  
Remote Code Execution 1<Fh aK  
2 MFGKzO  
WVaIC$Y  
Internet Explorer Security Feature Bypass Vulnerability ^+Ho#]  
CVE-2017-8625 %YjZF[P  
Security Feature Bypass +3B^e%`NPm  
V\k?$}  
Hd)z[6u8eT  
uYW9kw>$  
Microsoft Edge Elevation of Privilege Vulnerability Y@WCp  
CVE-2017-8503, CVE-2017-8642 |~Q`D dkX  
Elevation of Privilege +[l52p@a  
Gt{'` P,&9  
jA ?tDAx`  
Microsoft Edge Information Disclosure Vulnerability K}^Jf ;  
CVE-2017-8644, CVE-2017-8652, CVE-2017-8662 BPAz.K Q  
Information Disclosure DtBIDU]  
nv WTx4oy  
B-63IN  
Microsoft Office SharePoint XSS Vulnerability E8]PV,#xY  
CVE-2017-8654 0:K4,  
Spoofing "X/cG9Lw  
cZ$!_30N+  
I{Pny/d`  
Microsoft SQL Server Analysis Services Information Disclosure Vulnerability " bHeNWZ  
CVE-2017-8516 QW ~-+BD  
Information Disclosure Y,1sNg  
F^iv1b  
{4\hxyw  
Scripting Engine Information Disclosure Vulnerability )IIQ{SwQq  
CVE-2017-8659 :Uu Py|>  
Information Disclosure 79J@`  
lLuAZoH  
k^A Y g!~  
Scripting Engine Security Feature Bypass Vulnerability 9T*%CI  
CVE-2017-8637 5u ED  
Security Feature Bypass :P$I;YY=A  
[ e4)"A"  
H!dUQ  
Volume Manager Extension Driver Information Disclosure Vulnerability _`!@  
CVE-2017-8668 ^iJMUV|  
Information Disclosure k fx<T  
LkFXUt?  
XezO_V  
Win32k Elevation of Privilege Vulnerability ]rM{\En  
CVE-2017-8593 2tvMa%1^  
Elevation of Privilege uh`@qmu)  
d#T8|#O"  
'3uj6Wq2  
Win32k Information Disclosure Vulnerability P9J3Ii!  
CVE-2017-8666 qR<  
Information Disclosure YgaJ*%\  
%+$P<Rw7  
"fLGXbNQ  
Windows CLFS Elevation of Privilege Vulnerability =5&)^  
CVE-2017-8624 ok X\z[X  
Elevation of Privilege XKp%7;  
B$7m@|p!  
my")/e  
Windows Error Reporting Elevation of Privilege Vulnerability a<Pi J?  
CVE-2017-8633 |6B:tw/.  
Elevation of Privilege XzQ=8r>l  
!?tWWU%P)  
8 Oeg"d  
Windows Hyper-V Denial of Service Vulnerability lg;Y}?P  
CVE-2017-8623 c%)uG _  
Denial of Service \{da|n -  
w0~iGr}P  
}Iub{30mp  
Windows Hyper-V Remote Code Execution Vulnerability ~PvW+UMLk  
CVE-2017-8664 'KQ]7  
Remote Code Execution oKt<s+r  
!5`}s9hsF_  
CV4V_G  
Windows NetBIOS Denial of Service Vulnerability zx(j6  
CVE-2017-0174 /db?ltb  
Denial of Service &7Ixf?e!K  
vyV n5s  
w0SzK-&  
Windows Remote Desktop Protocol Denial of Service Vulnerability j %TYyL-  
CVE-2017-8673 bS/`G0!  
Denial of Service R)cns7oW  
{ r&M  
<zZAVGb4I  
Windows Subsystem for Linux Denial of Service Vulnerability (53dl(L?  
CVE-2017-8627 lha )'   
Denial of Service '0 ( Bb  
8<n8joO0  
? |8&!F  
Moderate CVEs {]<D"x ;  
c;U\nC<Y  
?qO,=ms>-  
Microsoft Edge Security Feature Bypass Vulnerability ]Vb#(2<2  
CVE-2017-8650 |~ \K:[T&  
Security Feature Bypass m9G,%]4|  
nNhN:?  
u~s'<c+8_  
安全建议: FG#j0#|*  
阿里安全团队建议用户关注,并根据业务情况择机更新补丁,以提高服务器安全性: Ka_UVKwMro  
CPVKz   
1.建议用户打开Windows Update功能,然后点击“检查更新”按钮,根据业务情况下载安装相关安全补丁; tMAa$XrZj  
注意:在更新安装升级前,建议做好测试工作,并务必做好数据备份和快照,防止出现意外。 {6%uNT>|  
o B6" D  
=R>Sxaq  
2.安装完毕后重启服务器,检查系统运行情况。 pK'WJ 72U  
22BJOh   
情报来源: k2t?e:)3zr  
  • https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-changes-in
  • https://portal.msrc.microsoft.com/en-us/security-guidance
  • https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b3d96835-f651-e711-80dd-000d3a32fc99
K&)a3Z=(.  
,O[vxN1X*  
\B}W(^\wg;  
';ZJuJ.  
fwq|8^S@  
`|/|ej]$P  
:.35pp,0  
?1N0+OW   
|iwTzlt*#  
[ 此帖被正禾在2017-08-09 15:15重新编辑 ]
发表主题 回复主题
« 返回列表上一主题下一主题

限100 字节
批量上传需要先选择文件,再选择上传
 
验证问题: ECS是阿里云提供的什么服务? 正确答案:云服务器
上一个 下一个