阿里云
云栖社区2017年度内容特辑
发表主题 回复主题
  • 2683阅读
  • 0回复

[安全漏洞公告专区]【漏洞公告】微软“周二补丁日”—2017年11月

级别: 论坛版主
发帖
216
云币
402
— 本帖被 正禾 执行加亮操作(2017-11-16) —
美国时间2017年11月14日,微软发布11月度安全漏洞公告。本月的漏洞公告解决了53个漏洞,其中包括19个严重漏洞,31个重要和3个中度级别漏洞。这些漏洞影响:微软 Edge、IE浏览器,微软的脚本引擎等其他产品。 pJrc\`D  
其中浏览器产品(CVE-2017-11848、CVE-2017-11827)、ASP.NET (CVE-2017-8700)存在信息泄露风险、Windows EOT字体引擎信息泄露漏洞(CVE-2017-11832)、Windows内核信息泄露漏洞(CVE-2017-11853),需要重点关注。 \kqa4{7U(  
具体公告详情如下: fzO4S^mTo8  
    
e48`cX\E  
漏洞影响范围: u 'DM?mV:-  
十一月发布的漏洞公告涉及到的微软产品: TC[_Ip&  
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ASP.NET Core and .NET Core
  • Chakra Core
F(>']D9$.  
严重漏洞
  • CVE-2017-11836 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11837 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11838 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11839 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11840 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11841 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11843 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11845 - Microsoft Edge Memory Corruption Vulnerability
  • CVE-2017-11846 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11855 - Internet Explorer Memory Corruption Vulnerability
  • CVE-2017-11856 - Internet Explorer Memory Corruption Vulnerability
  • CVE-2017-11858 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11861 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11862 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11866 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11869 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11870 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11871 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11873 - Scripting Engine Memory Corruption Vulnerability
9w'3d @  
高危漏洞 [SgWUP*  
  • CVE-2017-11768 - Windows Media Player Information Disclosure Vulnerability
  • CVE-2017-11770 - ASP.NET Core Denial Of Service Vulnerability
  • CVE-2017-11788 - Windows Search Denial of Service Vulnerability
  • CVE-2017-11791 - Scripting Engine Information Disclosure Vulnerability
  • CVE-2017-11803 - Microsoft Edge Information Disclosure Vulnerability
  • CVE-2017-11827 - Microsoft Browser Memory Corruption Vulnerability
  • CVE-2017-11830 - Device Guard Security Feature Bypass Vulnerability
  • CVE-2017-11831 - Windows Information Disclosure Vulnerability
  • CVE-2017-11832 - Windows EOT Font Engine Information Disclosure Vulnerability
  • CVE-2017-11833 - Microsoft Edge Information Disclosure Vulnerability
  • CVE-2017-11834 - Scripting Engine Information Disclosure Vulnerability
  • CVE-2017-11835 - Windows EOT Font Engine Information Disclosure Vulnerability
  • CVE-2017-11842 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2017-11844 - Microsoft Edge Information Disclosure Vulnerability
  • CVE-2017-11847 - Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2017-11849 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2017-11850 - Microsoft Graphics Component Information Disclosure Vulnerability
  • CVE-2017-11851 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2017-11852 - Windows GDI Information Disclosure Vulnerability
  • CVE-2017-11853 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2017-11854 - Microsoft Word Memory Corruption Vulnerability
  • CVE-2017-11863 - Microsoft Edge Security Feature Bypass Vulnerability
  • CVE-2017-11872 - Microsoft Edge Security Feature Bypass Vulnerability
  • CVE-2017-11874 - Microsoft Edge Security Feature Bypass Vulnerability
  • CVE-2017-11877 - Microsoft Excel Security Feature Bypass Vulnerability
  • CVE-2017-11878 - Microsoft Excel Memory Corruption Vulnerability
  • CVE-2017-11879 - ASP.NET Core Elevation Of Privilege Vulnerability
  • CVE-2017-11880 - Windows Information Disclosure Vulnerability
  • CVE-2017-11882 - Microsoft Office Memory Corruption Vulnerability
  • CVE-2017-11884 - Microsoft Office Memory Corruption Vulnerability
EF=.L{  
中危漏洞 q$z#+2u  
  • CVE-2017-11848 - Internet Explorer Information Disclosure Vulnerability
  • CVE-2017-11876 - Microsoft Project Server Elevation of Privilege Vulnerability
  • CVE-2017-8700 - ASP.NET Core Information Disclosure Vulnerability
|7n&I`#  
O( G|fs  
安全建议
  1. 阿里安全团队建议用户关注,并根据业务情况择机更新补丁,以提高服务安全性:  
  2. 建议用户打开Windows Update功能,然后点击“检查更新”按钮,根据业务情况下载安装相关安全补丁,安装完毕后重启服务器,检查系统运行情况。;
          注意:在更新安装升级前,建议做好测试工作,并务必做好数据备份和快照,防止出现意外。 ^'.=&@i-  
_+g5;S5  
Y^m2ealC  
情报来源:
  1. https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/bae9d0d8-e497-e711-80e5-000d3a32fc99
  2. http://blog.talosintelligence.com/2017/11/ms-tuesday.html
0-pLCf  
N]R<EBq  
`<kHNcm  
Yr5A,-s  
/AV [g^x2  
[ 此帖被正禾在2017-11-15 14:03重新编辑 ]
发表主题 回复主题
« 返回列表上一主题下一主题

限100 字节
如果您在写长篇帖子又不马上发表,建议存为草稿
 
验证问题: ECS是阿里云提供的什么服务? 正确答案:云服务器
上一个 下一个