阿里云
阿里云多端小程序中小企业获客首选
发表主题 回复主题
  • 12527阅读
  • 1回复

[安全漏洞公告专区]【漏洞公告】微软“周二补丁日”—2018年05月

级别: 论坛版主
发帖
241
云币
478
美国时间2018年5月8日,微软发布其漏洞安全公告。 本月的安全公告涉及67个新漏洞,其中21个评级为重要,其中42个评级为重要,4个评级为严重性低。 这些漏洞影响Outlook,Office,Exchange,Edge,Internet Explorer等。 m1^dT_7Z  
g28S3 '2  
nU=f<]S=  
其中重点关注13个远程代码执行漏洞  aX>4Tw  
GitHub                    CVE-2018-8115    Windows Host Compute Service Shim 远程代码执行漏洞 b5iIV1g  
Microsoft Office    CVE-2018-8161    Microsoft Office 远程代码执行漏洞 L#t-KLJ  
Microsoft Office    CVE-2018-8162    Microsoft Excel 远程代码执行漏洞 NZfo`iHAN  
Microsoft Office    CVE-2018-8173    Microsoft InfoPath 远程代码执行漏洞 _9}x2uO~  
Microsoft Office    CVE-2018-8147    Microsoft Excel 远程代码执行漏洞 |%M{k A-  
Microsoft Office    CVE-2018-8148    Microsoft Excel 远程代码执行漏洞 377j3dP  
Microsoft Office    CVE-2018-8157    Microsoft Office 远程代码执行漏洞 vR6^n~  
Microsoft Office    CVE-2018-8158    Microsoft Office 远程代码执行漏洞 eEZ|nEU  
Microsoft Windows    CVE-2018-8136    Windows 远程代码执行漏洞 "ay,Lr  
Microsoft Windows    CVE-2018-8174    Windows VBScript Engine 远程代码执行漏洞 ,xAM[h&  
Windows COM    CVE-2018-0824    Microsoft COM for Windows 远程代码执行漏洞 G/LXUhuif  
Windows Hyper-V    CVE-2018-0959    Hyper-V 远程代码执行漏洞 %0ll4"  
Windows Hyper-V    CVE-2018-0961    Hyper-V vSMB 远程代码执行漏洞 8>%jZ%`a  
NPB,q& Th  
;55tf l  
阿里提示企业用户关注,并根据身业务情况安排补丁升级。 具体公告详情如下:    P+*rWJ8gQ  
wzNt c)~i  
[#STR=_f  
漏洞影响范围: ;qMnO_ E  
本次漏洞公告涉及到的微软产品: I:uQB!  
NET Framework、Adobe Flash Player、Azure、Common Log File System Driver、Device Guard、GitHub、Internet Explorer、Microsoft Browsers、Microsoft Edge、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft Office、Microsoft Scripting Engine、Microsoft Windows、Windows COM、Windows Hyper-V以及Windows Kernel。 =0@d|LeZ  
D]G'R5H  
}\`-G+i{W  
严重漏洞: &9RW9u "  
  • CVE-2018-8174 - Windows VBScript Engine Remote Code Execution Vulnerability
  • CVE-2018-0959 - Hyper-V Remote Code Execution Vulnerability
  • CVE-2018-0961 - Hyper-V vSMB Remote Code Execution Vulnerability
  • CVE-2018-8115 - Windows Host Compute Service Shim Remote Code Execution Vulnerability
  • CVE-2018-8178 - Microsoft Browser Memory Corruption Vulnerability
  • CVE-2018-0946 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0951 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0953 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0954 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0955 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-8114 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-8122 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-8137 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0945 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-1022 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-8139 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-8128 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-8133 - Chakra Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0943 - Chakra Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-8130 - Chakra Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-8177 - Chakra Scripting Engine Memory Corruption Vulnerability
6]@|7|N>X  
5Gw!9{ke  
Y1U"HqNl*  
高危漏洞: ])$. "g  
!SO$k%b}!  
  • CVE-2018-8120 - Win32k Elevation of Privilege Vulnerability
  • CVE-2018-8123 - Microsoft Edge Memory Corruption Vulnerability
  • CVE-2018-8124 - Win32k Elevation of Privilege Vulnerability
  • CVE-2018-8147 - Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2018-8148 - Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2018-8157 - Microsoft Office Remote Code Execution Vulnerability
  • CVE-2018-8158 - Microsoft Office Remote Code Execution Vulnerability
  • CVE-2018-8161 - Microsoft Office Remote Code Execution Vulnerability
  • CVE-2018-8162 - Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2018-8164 - Win32k Elevation of Privilege Vulnerability
  • CVE-2018-8165 - DirectX Graphics Kernel Elevation of Privilege Vulnerability
  • CVE-2018-8166 - Win32k Elevation of Privilege Vulnerability
  • CVE-2018-8167 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
  • CVE-2018-8179 - Microsoft Edge Memory Corruption Vulnerability
  • CVE-2018-0765 - .NET and .NET Core Denial of Service Vulnerability
  • CVE-2018-0824 - Microsoft COM for Windows Remote Code Execution Vulnerability
  • CVE-2018-0854 - Windows Security Feature Bypass Vulnerability
  • CVE-2018-0958 - Windows Security Feature Bypass Vulnerability
  • CVE-2018-1021 - Microsoft Edge Information Disclosure Vulnerability
  • CVE-2018-1025 - Microsoft Browser Information Disclosure Vulnerability
  • CVE-2018-1039 - .NET Framework Device Guard Security Feature Bypass Vulnerability
  • CVE-2018-8112 - Microsoft Edge Security Feature Bypass Vulnerability
  • CVE-2018-8119 - Azure IoT SDK Spoofing Vulnerability
  • CVE-2018-8126 - Internet Explorer Security Feature Bypass Vulnerability
  • CVE-2018-8127 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2018-8129 - Windows Security Feature Bypass Vulnerability
  • CVE-2018-8132 - Windows Security Feature Bypass Vulnerability
  • CVE-2018-8134 - Windows Elevation of Privilege Vulnerability
  • CVE-2018-8141 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2018-8145 - Chakra Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-8149 - Microsoft SharePoint Elevation of Privilege Vulnerability
  • CVE-2018-8150 - Microsoft Outlook Security Feature Bypass Vulnerability
  • CVE-2018-8151 - Microsoft Exchange Memory Corruption Vulnerability
  • CVE-2018-8152 - Microsoft Exchange Server Elevation of Privilege Vulnerability
  • CVE-2018-8155 - Microsoft SharePoint Elevation of Privilege Vulnerability
  • CVE-2018-8156 - Microsoft SharePoint Elevation of Privilege Vulnerability
  • CVE-2018-8159 - Microsoft Exchange Elevation of Privilege Vulnerability
  • CVE-2018-8160 - Microsoft Outlook Information Disclosure Vulnerability
  • CVE-2018-8163 - Microsoft Excel Information Disclosure Vulnerability
  • CVE-2018-8170 - Windows Image Elevation of Privilege Vulnerability
  • CVE-2018-8173 - Microsoft InfoPath Remote Code Execution Vulnerability
  • CVE-2018-8897 - Windows Kernel Elevation of Privilege Vulnerability
7tf81*e  
安全建议
  1. 阿里安全团队建议用户关注,并根据业务情况择机更新补丁,以提高服务安全性;
  2. 建议不要在企业业务系统安装与业务无关的软件,例如:Office、其他办公软件。防止被黑客利用;
  3. 建议用户打开Windows Update功能,然后点击“检查更新”按钮,根据业务情况下载安装相关安全补丁,安装完毕后重启服务器,检查系统运行情况。
注意:在更新安装升级前,建议做好测试工作,并务必做好数据备份和快照,防止出现意外。 情报来源: iS:PRa1  
  • https://blog.talosintelligence.com/2018/05/microsoft-patch-tuesday-may-2018.html
LAK-!!0X  
[ 此帖被正禾在2018-05-10 15:06重新编辑 ]
级别: 新人
发帖
1
云币
1
只看该作者 沙发  发表于: 2018-06-14
Re【漏洞公告】微软“周二补丁日”—2018年05月
楼主,你好!   a' >$88tl  
~*cY&  9  
请问一下, D|Ihe%w-  
微软“周二补丁日”—2018年06月的 安全公告一般什么时间发出来?  
发表主题 回复主题
« 返回列表上一主题下一主题

限100 字节
如果您提交过一次失败了,可以用”恢复数据”来恢复帖子内容
 
验证问题: ECS是阿里云提供的什么服务? 正确答案:云服务器
上一个 下一个
      ×
      全新阿里云开发者社区, 去探索开发者的新世界吧!
      一站式的体验,更多的精彩!
      通过下面领域大门,一起探索新的技术世界吧~ (点击图标进入)