微软于周二发布了10月安全更新补丁,修复了51个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Core、Azure、Device Guard、Internet Explorer、Microsoft Edge、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft JET Database Engine、Microsoft Office、Microsoft Office SharePoint、Microsoft Scripting Engine、Microsoft Windows、Microsoft Windows DNS、Microsoft XML Core Services、SQL Server、Windows – Linux、Windows Hyper-V、Windows Kernel、Windows Media Player以及Windows Shell。
焦点漏洞
相关信息如下(红色部分威胁相对比较高):
| 产品 | CVE 编号 | CVE 标题 |
| .NET Core | CVE-2018-8292 | .NET Core 信息泄露漏洞 |
| Azure | CVE-2018-8531 | Azure IoT Device Client SDK 内存破坏漏洞 |
| Device Guard | CVE-2018-8492 | Device Guard Code Integrity Policy 安全功能绕过漏洞 |
| Internet Explorer | CVE-2018-8460 | Internet Explorer 内存破坏漏洞 |
| Internet Explorer | CVE-2018-8491 | Internet Explorer 内存破坏漏洞 |
| Microsoft Edge | CVE-2018-8473 | Microsoft Edge 内存破坏漏洞 |
| Microsoft Edge | CVE-2018-8509 | Microsoft Edge 内存破坏漏洞 |
| Microsoft Edge | CVE-2018-8512 | Microsoft Edge 安全功能绕过漏洞 |
| Microsoft Edge | CVE-2018-8530 | Microsoft Edge 安全功能绕过漏洞 |
| Microsoft Exchange Server | CVE-2018-8265 | Microsoft Exchange 远程代码执行漏洞 |
| Microsoft Exchange Server | CVE-2018-8448 | Microsoft Exchange Server 特权提升漏洞 |
| Microsoft Exchange Server | CVE-2010-3190 | MFC Insecure Library Loading Vulnerability |
| Microsoft Graphics Component | CVE-2018-8453 | Win32k 特权提升漏洞 |
| Microsoft Graphics Component | CVE-2018-8484 | DirectX Graphics Kernel 特权提升漏洞 |
| Microsoft Graphics Component | CVE-2018-8486 | DirectX 信息泄露漏洞 |
| Microsoft Graphics Component | CVE-2018-8472 | Windows GDI 信息泄露漏洞 |
| Microsoft JET Database Engine | CVE-2018-8423 | Microsoft JET Database Engine 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8432 | Microsoft Graphics Components 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8427 | Microsoft Graphics Components 信息泄露漏洞 |
| Microsoft Office | CVE-2018-8501 | Microsoft PowerPoint 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8502 | Microsoft Excel 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8504 | Microsoft Word 远程代码执行漏洞 |
| Microsoft Office | ADV180026 | Microsoft Office Defense in Depth Update |
| Microsoft Office SharePoint | CVE-2018-8480 | Microsoft SharePoint 特权提升漏洞 |
| Microsoft Office SharePoint | CVE-2018-8488 | Microsoft SharePoint 特权提升漏洞 |
| Microsoft Office SharePoint | CVE-2018-8518 | Microsoft SharePoint 特权提升漏洞 |
| Microsoft Office SharePoint | CVE-2018-8498 | Microsoft SharePoint 特权提升漏洞 |
| Microsoft Scripting Engine | CVE-2018-8500 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8503 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8505 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8510 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8511 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8513 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Windows | CVE-2018-8333 | Microsoft Filter Manager Elevation Of Privilege Vulnerability |
| Microsoft Windows | CVE-2018-8411 | NTFS 特权提升漏洞 |
| Microsoft Windows | CVE-2018-8506 | Microsoft Windows Codecs Library 信息泄露漏洞 |
| Microsoft Windows | CVE-2018-8493 | Windows TCP/IP 信息泄露漏洞 |
| Microsoft Windows DNS | CVE-2018-8320 | Windows DNS 安全功能绕过漏洞 |
| Microsoft XML Core Services | CVE-2018-8494 | MS XML 远程代码执行漏洞 |
| SQL Server | CVE-2018-8527 | SQL Server Management Studio 信息泄露漏洞 |
| SQL Server | CVE-2018-8532 | SQL Server Management Studio 信息泄露漏洞 |
| SQL Server | CVE-2018-8533 | SQL Server Management Studio 信息泄露漏洞 |
| Windows – Linux | CVE-2018-8329 | Linux On Windows Elevation Of Privilege Vulnerability |
| Windows Hyper-V | CVE-2018-8489 | Windows Hyper-V 远程代码执行漏洞 |
| Windows Hyper-V | CVE-2018-8490 | Windows Hyper-V 远程代码执行漏洞 |
| Windows Kernel | CVE-2018-8330 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-8497 | Windows Kernel 特权提升漏洞 |
| Windows Media Player | CVE-2018-8481 | Windows Media Player 信息泄露漏洞 |
| Windows Media Player | CVE-2018-8482 | Windows Media Player 信息泄露漏洞 |
| Windows Shell | CVE-2018-8413 | Windows Theme API 远程代码执行漏洞 |
| Windows Shell | CVE-2018-8495 | Windows Shell 远程代码执行漏洞 |
修复建议
微软官方已经发布更新补丁,请及时进行补丁更新。