阿里云
发表主题 回复主题
  • 1192阅读
  • 0回复

[安全漏洞公告专区]【漏洞公告】微软“周二补丁日”—2017年9月

级别: 论坛版主
发帖
209
云币
390
X$A[~v  
Tebu?bj  
2017年9月12日,微软发布了针对各种产品已被确认和解决的漏洞的每月安全建议。 本月的安全公告解决了81个新漏洞,其中27个评级为严重级别,52个评级为高危,2个等级为中危。 ,DIr&5>p2  
n_9Wrx328  
1sNZl&  
本月微软公告中微软修复了一个.NET 0day漏洞,漏洞ID为CVE-2017-8759, 漏洞影响. NET 框架, 攻击者可以利用该漏洞进行远程代码执行,获取敏感数据服务权限,安全风险为高危,阿里安全提示您关注,根据业务情况更新补丁。 7X{@$>+S  
U-.A+#<IT9  
=WEWs4V5A  
具体详情如下: 8+mu'RZ X  
    
q,>-4Cm  
漏洞影响范围 bbG!Fg=qQ?  
Edge,Hyper-V,Internet Explorer,Office,远程桌面协议,Sharepoint,Windows图形显示界面,Windows内核模式驱动程序等。 此外,微软还发布了嵌入在Edge和Internet Explorer中的Adobe Flash Player的更新。 v"x'rx#  
?m bI6fYv  
fn3DoD+I  
严重漏洞 #,S0uA  
  • CVE-2017-8747 - Internet Explorer Memory Corruption Vulnerability
  • CVE-2017-8749 - Internet Explorer Memory Corruption Vulnerability
  • CVE-2017-8750 - Microsoft Browser Memory Corruption Vulnerability
  • CVE-2017-8731 - Microsoft Edge Memory Corruption Vulnerability
  • CVE-2017-8734 - Microsoft Edge Memory Corruption Vulnerability
  • CVE-2017-8751 - Microsoft Edge Memory Corruption Vulnerability
  • CVE-2017-8755 - Microsoft Edge Memory Corruption Vulnerability
  • CVE-2017-8756 - Microsoft Edge Memory Corruption Vulnerability
  • CVE-2017-11766 - Microsoft Edge Memory Corruption Vulnerability
  • CVE-2017-8757 - Microsoft Edge Remote Code Execution Vulnerability
  • CVE-2017-8696 - Microsoft Graphics Component Remote Code Execution
  • CVE-2017-8728 - Microsoft PDF Remote Code Execution Vulnerability
  • CVE-2017-8737 - Microsoft PDF Remote Code Execution Vulnerability
  • CVE-2017-0161 - NetBIOS Remote Code Execution Vulnerability
  • CVE-2017-8649 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8660 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8729 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8738 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8740 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8741 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8748 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8752 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8753 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11764 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8682 - Win32k Graphics Remote Code Execution Vulnerability
  • CVE-2017-8686 - Windows DHCP Server Remote Code Execution Vulnerability
  • CVE-2017-8676 - Windows GDI+ Information Disclosure Vulnerability
高危漏洞 l\6.f_  
  • CVE-2017-8759 - .NET Framework Remote Code Execution Vulnerability
  • CVE-2017-9417 - Broadcom BCM43xx Remote Code Execution Vulnerability
  • CVE-2017-8746 - Device Guard Security Feature Bypass Vulnerability
  • CVE-2017-8695 - Graphics Component Information Disclosure Vulnerability
  • CVE-2017-8704 - Hyper-V Denial of Service Vulnerability
  • CVE-2017-8706 - Hyper-V Information Disclosure Vulnerability
  • CVE-2017-8707 - Hyper-V Information Disclosure Vulnerability
  • CVE-2017-8711 - Hyper-V Information Disclosure Vulnerability
  • CVE-2017-8712 - Hyper-V Information Disclosure Vulnerability
  • CVE-2017-8713 - Hyper-V Information Disclosure Vulnerability
  • CVE-2017-8733 - Internet Explorer Spoofing Vulnerability
  • CVE-2017-8628 - Microsoft Bluetooth Driver Spoofing Vulnerability
  • CVE-2017-8736 - Microsoft Browser Information Disclosure Vulnerability
  • CVE-2017-8597 - Microsoft Edge Information Disclosure Vulnerability
  • CVE-2017-8643 - Microsoft Edge Information Disclosure Vulnerability
  • CVE-2017-8648 - Microsoft Edge Information Disclosure Vulnerability
  • CVE-2017-8754 - Microsoft Edge Security Feature Bypass Vulnerability
  • CVE-2017-8724 - Microsoft Edge Spoofing Vulnerability
  • CVE-2017-8758 - Microsoft Exchange Cross-Site Scripting Vulnerability
  • CVE-2017-11761 - Microsoft Exchange Information Disclosure Vulnerability
  • CVE-2017-8630 - Microsoft Office Memory Corruption Vulnerability
  • CVE-2017-8631 - Microsoft Office Memory Corruption Vulnerability
  • CVE-2017-8632 - Microsoft Office Memory Corruption Vulnerability
  • CVE-2017-8744 - Microsoft Office Memory Corruption Vulnerability
  • CVE-2017-8725 - Microsoft Office Publisher Remote Code Execution
  • CVE-2017-8567 - Microsoft Office Remote Code Execution
  • CVE-2017-8745 - Microsoft SharePoint Cross Site Scripting Vulnerability
  • CVE-2017-8629 - Microsoft SharePoint XSS Vulnerability
  • CVE-2017-8742 - PowerPoint Remote Code Execution Vulnerability
  • CVE-2017-8743 - PowerPoint Remote Code Execution Vulnerability
  • CVE-2017-8714 - Remote Desktop Virtual Host Remote Code Execution Vulnerability
  • CVE-2017-8739 - Scripting Engine Information Disclosure Vulnerability
  • CVE-2017-8692 - Uniscribe Remote Code Execution Vulnerability
  • CVE-2017-8675 - Win32k Elevation of Privilege Vulnerability
  • CVE-2017-8720 - Win32k Elevation of Privilege Vulnerability
  • CVE-2017-8683 - Win32k Graphics Information Disclosure Vulnerability
  • CVE-2017-8677 - Win32k Information Disclosure Vulnerability
  • CVE-2017-8678 - Win32k Information Disclosure Vulnerability
  • CVE-2017-8680 - Win32k Information Disclosure Vulnerability
  • CVE-2017-8681 - Win32k Information Disclosure Vulnerability
  • CVE-2017-8687 - Win32k Information Disclosure Vulnerability
  • CVE-2017-8702 - Windows Elevation of Privilege Vulnerability
  • CVE-2017-8684 - Windows GDI+ Information Disclosure Vulnerability
  • CVE-2017-8685 - Windows GDI+ Information Disclosure Vulnerability
  • CVE-2017-8688 - Windows GDI+ Information Disclosure Vulnerability
  • CVE-2017-8710 - Windows Information Disclosure Vulnerability
  • CVE-2017-8679 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2017-8708 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2017-8709 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2017-8719 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2017-8716 - Windows Security Feature Bypass Vulnerability
  • CVE-2017-8699 - Windows Shell Remote Code Execution Vulnerability
t~V?p'a0ys  
中危漏洞 tGw QUn  
  • CVE-2017-8723 - Microsoft Edge Security Feature Bypass Vulnerability
  • CVE-2017-8735 - Internet Explorer Memory Corruption Vulnerability
h[& \ OD,P  
安全建议: zgPUW z X=  
阿里安全团队建议用户关注,并根据业务情况择机更新补丁,以提高服务器安全性: ekPn`U  
  • 建议用户打开Windows Update功能,然后点击“检查更新”按钮,根据业务情况下载安装相关安全补丁;
          注意:在更新安装升级前,建议做好测试工作,并务必做好数据备份和快照,防止出现意外。 H=@S+4_bK  
  • 安装完毕后重启服务器,检查系统运行情况。
[pzo[0G 'v  
情报来源: F3=iyiz6  
  • https://portal.msrc.microsoft.com/en-us/security-guidance
  • http://blog.talosintelligence.com/2017/09/ms-tuesday.html
-&0HAtc  
?{(Jy*  
D.,~I^W  
."h>I @MH  
P~@.(hed  
4>Y\Y$3  
- -ZSl  
[ 此帖被正禾在2017-09-14 11:41重新编辑 ]
发表主题 回复主题
« 返回列表上一主题下一主题

限100 字节
如果您在写长篇帖子又不马上发表,建议存为草稿
 
验证问题: 阿里云官网域名是什么? 正确答案:www.aliyun.com
上一个 下一个