阿里云
发表主题 回复主题
  • 1543阅读
  • 3回复

[安全漏洞公告专区]【漏洞公告】微软“周二补丁日”—2017年10月

级别: 论坛版主
发帖
209
云币
390
— 本帖被 正禾 执行加亮操作(2017-10-12) —
./&zO{|0]  
图片来互联网2017年10月10日,微软发布了针对各种产品已被确认和解决的漏洞的每月安全建议。本月的安全公告解决了63个新漏洞,其中28个评级为重要级别,35个评级为重要。 这些漏洞影响图形化功能、Edge、Internet Explorer、Office、Sharepoint、Windows图形显示接口、Windows内核模式驱动程序等,其中对服务端影响较大的漏洞2个,分别为Windows DNSAPI 远程代码执行漏洞:CVE-2017-11779Windows SMB 远程代码执行漏洞:CVE-2017-11780,攻击者利用成功可远程控制您的服务器。 9sU+IT K4  
Gkv~e?Kc~^  
%t~SOkx  
具体详情如下: Y%0d\{@a  
    
U7B/t3,=U  
漏洞影响范围 x* =sRf  
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Skype for Business and Lync
  • Chakra Core
y5/'!L)g  
严重漏洞 5Z9~ &U  
\/*Nf?;  
  • CVE-2017-11813 - Internet Explorer Memory Corruption Vulnerability
  • CVE-2017-11822 - Internet Explorer Memory Corruption Vulnerability
  • CVE-2017-11762 - Microsoft Graphics Remote Code Execution Vulnerability
  • CVE-2017-11763 - Microsoft Graphics Remote Code Execution Vulnerability
  • CVE-2017-11797 - Scripting Engine Information Disclosure Vulnerability
  • CVE-2017-11767 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11792 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11793 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11796 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11798 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11799 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11800 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11801 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11802 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11804 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11805 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11806 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11807 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11808 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11809 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11810 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11811 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11812 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11821 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11779 - Windows DNSAPI Remote Code Execution Vulnerability
  • CVE-2017-11771 - Windows Search Remote Code Execution Vulnerability
  • CVE-2017-8727 - Windows Shell Memory Corruption Vulnerability
  • CVE-2017-11819 - Windows Shell Remote Code Execution Vulnerability
高危漏洞
  • CVE-2017-11790 - Internet Explorer Information Disclosure Vulnerability
  • CVE-2017-11794 - Microsoft Edge Information Disclosure Vulnerability
  • CVE-2017-8726 - Microsoft Edge Memory Corruption Vulnerability
  • CVE-2017-8693 - Microsoft Graphics Information Disclosure Vulnerability
  • CVE-2017-8717 - Microsoft JET Database Engine Remote Code Execution Vulnerability
  • CVE-2017-8718 - Microsoft JET Database Engine Remote Code Execution Vulnerability
  • CVE-2017-11826 - Microsoft Office Memory Corruption Vulnerability
  • CVE-2017-11825 - Microsoft Office Remote Code Execution Vulnerability
  • CVE-2017-11775 - Microsoft Office SharePoint XSS Vulnerability
  • CVE-2017-11777 - Microsoft Office SharePoint XSS Vulnerability
  • CVE-2017-11820 - Microsoft Office SharePoint XSS Vulnerability
  • CVE-2017-11776 - Microsoft Outlook Information Disclosure Vulnerability
  • CVE-2017-11774 - Microsoft Outlook Security Feature Bypass Vulnerability
  • CVE-2017-11772 - Microsoft Search Information Disclosure Vulnerability
  • CVE-2017-11823 - Microsoft Windows Security Feature Bypass
  • CVE-2017-11786 - Skype for Business Elevation of Privilege Vulnerability
  • CVE-2017-11769 - TRIE Remote Code Execution Vulnerability
  • CVE-2017-8689 - Win32k Elevation of Privilege Vulnerability
  • CVE-2017-8694 - Win32k Elevation of Privilege Vulnerability
  • CVE-2017-11783 - Windows Elevation of Privilege Vulnerability
  • CVE-2017-11816 - Windows GDI Information Disclosure Vulnerability
  • CVE-2017-11824 - Windows Graphics Component Elevation of Privilege Vulnerability
  • CVE-2017-11817 - Windows Information Disclosure Vulnerability
  • CVE-2017-11765 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2017-11784 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2017-11785 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2017-11814 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2017-8715 - Windows Security Feature Bypass Vulnerability
  • CVE-2017-11781 - Windows SMB Denial of Service Vulnerability
  • CVE-2017-11782 - Windows SMB Elevation of Privilege Vulnerability
  • CVE-2017-11815 - Windows SMB Information Disclosure Vulnerability
  • CVE-2017-11780 - Windows SMB Remote Code Execution Vulnerability
  • CVE-2017-11818 - Windows Storage Security Feature Bypass Vulnerability
  • CVE-2017-8703 - Windows Subsystem for Linux Denial of Service Vulnerability
  • CVE-2017-11829 - Windows Update Delivery Optimization Elevation of Privilege Vulnerability
安全建议:
  1. 阿里安全团队建议用户关注,并根据业务情况择机更新补丁,以提高服务器安全性:  
  2. 建议用户打开Windows Update功能,然后点击“检查更新”按钮,根据业务情况下载安装相关安全补丁,安装完毕后重启服务器,检查系统运行情况。;
          注意:在更新安装升级前,建议做好测试工作,并务必做好数据备份和快照,防止出现意外。 .;HIEj zq  
情报来源:
  1. https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/313ae481-3088-e711-80e2-000d3a32fc99
  2. http://blog.talosintelligence.com/2017/10/ms-tuesday.html
rXY;m-  
cZgMA8 F  
zRV!(Y  
1 @%B?  
[ 此帖被正禾在2017-11-15 08:41重新编辑 ]
级别: 小白
发帖
21
云币
45
只看该作者 沙发  发表于: 10-28
Re【漏洞公告】微软“周二补丁日”—2017年10月
        (^LS']ybc  
[ 此帖被老婆太丑在2017-10-28 19:06重新编辑 ]
级别: 新人
发帖
2
云币
2
只看该作者 板凳  发表于: 10-31
Re【漏洞公告】微软“周二补丁日”—2017年10月
用控制台修复漏洞失败了,试了好几次都不行
级别: 新人
发帖
2
云币
2
只看该作者 地板  发表于: 11-02
Re【漏洞公告】微软“周二补丁日”—2017年10月
今天又看了下,说是“漏洞已不存在”,只要没问题就好
发表主题 回复主题
« 返回列表上一主题下一主题

限100 字节
如果您在写长篇帖子又不马上发表,建议存为草稿
 
验证问题: ECS是阿里云提供的什么服务? 正确答案:云服务器
上一个 下一个