微软发布10月补丁修复51个安全问题

微软于周二发布了10月安全更新补丁,修复了51个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Core、Azure、Device Guard、Internet Explorer、Microsoft Edge、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft JET Database Engine、Microsoft Office、Microsoft Office SharePoint、Microsoft Scripting Engine、Microsoft Windows、Microsoft Windows DNS、Microsoft XML Core Services、SQL Server、Windows – Linux、Windows Hyper-V、Windows Kernel、Windows Media Player以及Windows Shell。

焦点漏洞

相关信息如下(红色部分威胁相对比较高):

产品CVE 编号CVE 标题
.NET CoreCVE-2018-8292.NET Core 信息泄露漏洞
AzureCVE-2018-8531Azure IoT Device Client SDK 内存破坏漏洞
Device GuardCVE-2018-8492Device Guard Code Integrity Policy 安全功能绕过漏洞
Internet ExplorerCVE-2018-8460Internet Explorer 内存破坏漏洞
Internet ExplorerCVE-2018-8491Internet Explorer 内存破坏漏洞
Microsoft EdgeCVE-2018-8473Microsoft Edge 内存破坏漏洞
Microsoft EdgeCVE-2018-8509Microsoft Edge 内存破坏漏洞
Microsoft EdgeCVE-2018-8512Microsoft Edge 安全功能绕过漏洞
Microsoft EdgeCVE-2018-8530Microsoft Edge 安全功能绕过漏洞
Microsoft Exchange ServerCVE-2018-8265Microsoft Exchange 远程代码执行漏洞
Microsoft Exchange ServerCVE-2018-8448Microsoft Exchange Server 特权提升漏洞
Microsoft Exchange ServerCVE-2010-3190MFC Insecure Library Loading Vulnerability
Microsoft Graphics ComponentCVE-2018-8453Win32k 特权提升漏洞
Microsoft Graphics ComponentCVE-2018-8484DirectX Graphics Kernel 特权提升漏洞
Microsoft Graphics ComponentCVE-2018-8486DirectX 信息泄露漏洞
Microsoft Graphics ComponentCVE-2018-8472Windows GDI 信息泄露漏洞
Microsoft JET Database EngineCVE-2018-8423Microsoft JET Database Engine 远程代码执行漏洞
Microsoft OfficeCVE-2018-8432Microsoft Graphics Components 远程代码执行漏洞
Microsoft OfficeCVE-2018-8427Microsoft Graphics Components 信息泄露漏洞
Microsoft OfficeCVE-2018-8501Microsoft PowerPoint 远程代码执行漏洞
Microsoft OfficeCVE-2018-8502Microsoft Excel 远程代码执行漏洞
Microsoft OfficeCVE-2018-8504Microsoft Word 远程代码执行漏洞
Microsoft OfficeADV180026Microsoft Office Defense in Depth Update
Microsoft Office SharePointCVE-2018-8480Microsoft SharePoint 特权提升漏洞
Microsoft Office SharePointCVE-2018-8488Microsoft SharePoint 特权提升漏洞
Microsoft Office SharePointCVE-2018-8518Microsoft SharePoint 特权提升漏洞
Microsoft Office SharePointCVE-2018-8498Microsoft SharePoint 特权提升漏洞
Microsoft Scripting EngineCVE-2018-8500Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8503Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8505Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8510Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8511Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8513Chakra Scripting Engine 内存破坏漏洞
Microsoft WindowsCVE-2018-8333Microsoft Filter Manager Elevation Of Privilege Vulnerability
Microsoft WindowsCVE-2018-8411NTFS 特权提升漏洞
Microsoft WindowsCVE-2018-8506Microsoft Windows Codecs Library 信息泄露漏洞
Microsoft WindowsCVE-2018-8493Windows TCP/IP 信息泄露漏洞
Microsoft Windows DNSCVE-2018-8320Windows DNS 安全功能绕过漏洞
Microsoft XML Core ServicesCVE-2018-8494MS XML 远程代码执行漏洞
SQL ServerCVE-2018-8527SQL Server Management Studio 信息泄露漏洞
SQL ServerCVE-2018-8532SQL Server Management Studio 信息泄露漏洞
SQL ServerCVE-2018-8533SQL Server Management Studio 信息泄露漏洞
Windows – LinuxCVE-2018-8329Linux On Windows Elevation Of Privilege Vulnerability
Windows Hyper-VCVE-2018-8489Windows Hyper-V 远程代码执行漏洞
Windows Hyper-VCVE-2018-8490Windows Hyper-V 远程代码执行漏洞
Windows KernelCVE-2018-8330Windows Kernel 信息泄露漏洞
Windows KernelCVE-2018-8497Windows Kernel 特权提升漏洞
Windows Media PlayerCVE-2018-8481Windows Media Player 信息泄露漏洞
Windows Media PlayerCVE-2018-8482Windows Media Player 信息泄露漏洞
Windows ShellCVE-2018-8413Windows Theme API 远程代码执行漏洞
Windows ShellCVE-2018-8495Windows Shell 远程代码执行漏洞

 

修复建议

微软官方已经发布更新补丁,请及时进行补丁更新。

 

附件下载

微软发布10月补丁修复51个安全问题附录

Spread the word. Share this post!

Meet The Author

Leave Comment