阿里云
发表主题 回复主题
  • 7041阅读
  • 0回复

[安全漏洞公告专区]【漏洞公告】微软“周二补丁日”—2018年02月

级别: 论坛版主
发帖
240
云币
472
美国时间2018年02月13日,微软发布2018年2月的安全公告,本月安全公告解决了54个新漏洞,其中14个被认为是关键的、38个是重要的、2个是中度的。这些漏洞影响Outlook、Edge浏览器、脚本引擎、应用程序容器、窗口等等。 D5D *$IC  
7MLLx#U  
[49Cvde^  
本次公告中涉及到CVE-2018-0850、CVE-2018-0852两个严重漏洞均影响Outlook,攻击者利用这两个漏洞,可以在当前用户的上下文中运行任意代码或发送精准构造的恶意电子邮件,架加载本地或远程信息 MQ-u9=ys  
4JAz{aw'b  
|JxVfX8^  
阿里提示企业用户关注,并根据身业务情况安排补丁升级。 VP~2F E  
iM)K:L7d  
5M0Q'"`F:  
b-sN#'TDg  
具体公告详情如下:                 
漏洞影响范围: 涉及到的微软产品:
  • Outlook
  • Edge
  • 脚本引擎
  • 应用程序容器
  • Windows窗口
O -1O@:}c  
严重漏洞 vSH,fS-n  
  • CVE-2018-0763 - Microsoft Edge Information Disclosure Vulnerability
  • CVE-2018-0825 - StructuredQuery Remote Code Execution Vulnerability
  • CVE-2018-0834 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0835 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0837 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0838 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0840 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0852 - Microsoft Outlook Memory Corruption Vulnerability
  • CVE-2018-0856 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0857 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0858 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0859 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0860 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0861 - Scripting Engine Memory Corruption Vulnerability
"w'pIUQ3,  
高危漏洞 L7-BuW}&  
U]=yCEb8p  
  • CVE-2018-0742 - Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2018-0755 - Windows EOT Font Engine Information Disclosure Vulnerability
  • CVE-2018-0756 - Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2018-0757 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2018-0760 - Windows EOT Font Engine Information Disclosure Vulnerability
  • CVE-2018-0761 - Windows EOT Font Engine Information Disclosure Vulnerability
  • CVE-2018-0809 - Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2018-0810 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2018-0820 - Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2018-0821 - Windows AppContainer Elevation Of Privilege Vulnerability
  • CVE-2018-0822 - Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability
  • CVE-2018-0823 - Named Pipe File System Elevation of Privilege Vulnerability
  • CVE-2018-0826 - Windows Storage Services Elevation of Privilege Vulnerability
  • CVE-2018-0827 - Windows Security Feature Bypass Vulnerability
  • CVE-2018-0828 - Windows Elevation of Privilege Vulnerability
  • CVE-2018-0829 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2018-0830 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2018-0831 - Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2018-0832 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2018-0836 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0839 - Microsoft Edge Information Disclosure Vulnerability
  • CVE-2018-0841 - Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2018-0842 - Windows Remote Code Execution Vulnerability
  • CVE-2018-0843 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2018-0844 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
  • CVE-2018-0845 - Microsoft Office Memory Corruption Vulnerability
  • CVE-2018-0846 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
  • CVE-2018-0847 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0848 - Microsoft Office Memory Corruption Vulnerability
  • CVE-2018-0849 - Microsoft Office Memory Corruption Vulnerability
  • CVE-2018-0850 - Microsoft Outlook Elevation of Privilege Vulnerability
  • CVE-2018-0851 - Microsoft Office Memory Corruption Vulnerability
  • CVE-2018-0853 - Microsoft Office Information Disclosure Vulnerability
  • CVE-2018-0855 - Windows EOT Font Engine Information Disclosure Vulnerability
  • CVE-2018-0862 - Microsoft Office Memory Corruption Vulnerability
  • CVE-2018-0864 - Microsoft SharePoint Elevation of Privilege Vulnerability
  • CVE-2018-0866 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0869 - Microsoft SharePoint Elevation of Privilege Vulnerability
E1eGZ&&Gd  
+[!S[KE  
安全建议
  1. 阿里安全团队建议用户关注,并根据业务情况择机更新补丁,以提高服务安全性;
  2. 建议不要在企业业务系统安装与业务无关的软件,例如:Office、其他办公软件。防止被黑客利用;
  3. 建议用户打开Windows Update功能,然后点击“检查更新”按钮,根据业务情况下载安装相关安全补丁,安装完毕后重启服务器,检查系统运行情况。
,Vhve'=*2  
注意:在更新安装升级前,建议做好测试工作,并务必做好数据备份和快照,防止出现意外。 \yr9j$  
情报来源: Jr2yn{s=S  
  • http://blog.talosintelligence.com/2018/02/ms-tuesday.html
nF<K84  
t0m;tb bg  
[ 此帖被正禾在2018-02-17 19:02重新编辑 ]
发表主题 回复主题
« 返回列表上一主题下一主题

限100 字节
如果您提交过一次失败了,可以用”恢复数据”来恢复帖子内容
 
验证问题: ECS是阿里云提供的什么服务? 正确答案:云服务器
上一个 下一个