閱讀592 返回首頁    go 阿裏雲 go 技術社區[雲棲]

[安全漏洞公告專區]【漏洞公告】微軟“周二補丁日”—2017年8月

d8fccf45a86ae9df2343af420bc93a50c17e7dc9

2017年8月8日,微軟在補丁日為48個CVE漏洞發布了補丁。相對於7月來說, 本次發布的補丁涉及到的漏洞相對較輕微。在48個CVE漏洞中,總共有26個CVE被評為“關鍵”,21評分為“重要”和1評級為“中等”。 在所有這些漏洞中,軟件和服務的安全更新包括:

  • Adobe Flash Player
  • Microsoft Windows
  • Microsoft Scripting Engine
  • Microsoft Edge Browser
  • Internet Explorer
  • Microsoft JET Database Engine
  • Windows Search
  • Windows Hyper-V

26個CVE中的18個評級為“嚴重”影響Microsoft腳本引擎,並可能導致遠程執行代碼。這些漏洞通常會被攻擊者利用,設置惡意網站,並誘使受害者將其打開。我們看到在腳本引擎中修補的關鍵漏洞穩步增長。
除通常的漏洞外,關鍵的CVE存在異議。一個影響Windows輸入法編輯器(IME),通常用於為亞洲語言中的字符集提供支持。 “關鍵”列表中的其他漏洞涵蓋了Windows子係統Linux(WSL),允許用戶直接在Windows係統上運行本機Linux命令行工具,還有Microsoft JET數據庫引擎,以前由Microsoft訪問和Visual Basic。具有自定義應用程序或仍由JET支持的軟件的用戶應立即進行補丁。

“重要”列表中的漏洞包括許多常見的修補軟件,如Office,Edge和Internet Explorer。但是,Microsoft SQL,Sharepoint和Hyper-V中的漏洞也被該列表覆蓋。

Critical CVEs

August 2017 Flash Update
ADV170010
Remote Code Execution

Internet Explorer Memory Corruption Vulnerability
CVE-2017-8651
Remote Code Execution

Microsoft Browser Memory Corruption Vulnerability
CVE-2017-8653
Remote Code Execution

Microsoft Edge Memory Corruption Vulnerability
CVE-2017-8661
Remote Code Execution

Microsoft JET Database Engine Remote Code Execution Vulnerability
CVE-2017-0250
Remote Code Execution

Scripting Engine Memory Corruption Vulnerability
CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8669, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, CVE-2017-8674
Remote Code Execution

Windows IME Remote Code Execution Vulnerability
CVE-2017-8591
Remote Code Execution

Windows PDF Remote Code Execution Vulnerability
CVE-2017-0293
Remote Code Execution

Windows Search Remote Code Execution Vulnerability
CVE-2017-8620
Remote Code Execution

Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2017-8622
Elevation of Privilege

Important CVEs

Express Compressed Fonts Remote Code Execution Vulnerability
CVE-2017-8691
Remote Code Execution

Internet Explorer Security Feature Bypass Vulnerability
CVE-2017-8625
Security Feature Bypass

Microsoft Edge Elevation of Privilege Vulnerability
CVE-2017-8503, CVE-2017-8642
Elevation of Privilege

Microsoft Edge Information Disclosure Vulnerability
CVE-2017-8644, CVE-2017-8652, CVE-2017-8662
Information Disclosure

Microsoft Office SharePoint XSS Vulnerability
CVE-2017-8654
Spoofing

Microsoft SQL Server Analysis Services Information Disclosure Vulnerability
CVE-2017-8516
Information Disclosure

Scripting Engine Information Disclosure Vulnerability
CVE-2017-8659
Information Disclosure

Scripting Engine Security Feature Bypass Vulnerability
CVE-2017-8637
Security Feature Bypass

Volume Manager Extension Driver Information Disclosure Vulnerability
CVE-2017-8668
Information Disclosure

Win32k Elevation of Privilege Vulnerability
CVE-2017-8593
Elevation of Privilege

Win32k Information Disclosure Vulnerability
CVE-2017-8666
Information Disclosure

Windows CLFS Elevation of Privilege Vulnerability
CVE-2017-8624
Elevation of Privilege

Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2017-8633
Elevation of Privilege

Windows Hyper-V Denial of Service Vulnerability
CVE-2017-8623
Denial of Service

Windows Hyper-V Remote Code Execution Vulnerability
CVE-2017-8664
Remote Code Execution

Windows NetBIOS Denial of Service Vulnerability
CVE-2017-0174
Denial of Service

Windows Remote Desktop Protocol Denial of Service Vulnerability
CVE-2017-8673
Denial of Service

Windows Subsystem for Linux Denial of Service Vulnerability
CVE-2017-8627
Denial of Service

Moderate CVEs

Microsoft Edge Security Feature Bypass Vulnerability
CVE-2017-8650
Security Feature Bypass

安全建議:
阿裏雲安全團隊建議用戶關注,並根據業務情況擇機更新補丁,以提高服務器安全性:

1.建議用戶打開Windows Update功能,然後點擊“檢查更新”按鈕,根據業務情況下載安裝相關安全補丁;
注意:在更新安裝升級前,建議做好測試工作,並務必做好數據備份和快照,防止出現意外。

a644ead6a1231f8d31f387d6e0997e231935a599

2.安裝完畢後重啟服務器,檢查係統運行情況。

情報來源:

最後更新:2017-08-13 22:26:12

  上一篇:go  醫改需要正視“社會性失明”智慧醫療作推手!
  下一篇:go  企業成本核算-財務治理的數據基礎