【威胁通告】微软发布12月补丁修复39个安全问题

微软于周二发布了12月安全更新补丁,修复了39个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Framework、Adobe Flash Player、Internet Explorer、Microsoft Dynamics、Mi2crosoft Exchange Server、Microsoft Graphics Component、Microsoft Office、Microsoft Office SharePoint、Microsoft Scripting Engine、Microsoft Windows、Microsoft Windows DNS、Visual Studio、Windows Authentication Methods、Windows Azure Pack、Windows Kernel以及Windows Kernel-Mode Drivers。

漏洞概述

相关信息如下(红色部分威胁相对比较高):

产品CVE 编号CVE 标题
.NET FrameworkCVE-2018-8517.NET Framework Denial Of Service Vulnerability
.NET FrameworkCVE-2018-8540.NET Framework Remote Code Injection Vulnerability
Adobe Flash PlayerADV180031December 2018 Adobe Flash 安全更新
Internet ExplorerCVE-2018-8619Internet Explorer 远程代码执行漏洞
Internet ExplorerCVE-2018-8631Internet Explorer 内存破坏漏洞
Microsoft DynamicsCVE-2018-8651Microsoft Dynamics NAV Cross Site Scripting Vulnerability
Microsoft Exchange ServerCVE-2018-8604Microsoft Exchange Server Tampering Vulnerability
Microsoft Graphics ComponentCVE-2018-8595Windows GDI 信息泄露漏洞
Microsoft Graphics ComponentCVE-2018-8596Windows GDI 信息泄露漏洞
Microsoft Graphics ComponentCVE-2018-8638DirectX 信息泄露漏洞
Microsoft Graphics ComponentCVE-2018-8639Win32k 特权提升漏洞
Microsoft OfficeCVE-2018-8587Microsoft Outlook 远程代码执行漏洞
Microsoft OfficeCVE-2018-8597Microsoft Excel 远程代码执行漏洞
Microsoft OfficeCVE-2018-8598Microsoft Excel 信息泄露漏洞
Microsoft OfficeCVE-2018-8627Microsoft Excel 信息泄露漏洞
Microsoft OfficeCVE-2018-8628Microsoft PowerPoint 远程代码执行漏洞
Microsoft OfficeCVE-2018-8636Microsoft Excel 远程代码执行漏洞
Microsoft Office SharePointCVE-2018-8580Microsoft SharePoint 信息泄露漏洞
Microsoft Office SharePointCVE-2018-8635Microsoft SharePoint Server 特权提升漏洞
Microsoft Scripting EngineCVE-2018-8583Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8617Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8618Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8624Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8625Windows VBScript Engine 远程代码执行漏洞
Microsoft Scripting EngineCVE-2018-8629Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8643Scripting Engine 内存破坏漏洞
Microsoft WindowsCVE-2018-8649Windows 拒绝服务漏洞
Microsoft Windows DNSCVE-2018-8514Remote Procedure Call runtime 信息泄露漏洞
Microsoft Windows DNSCVE-2018-8626Windows DNS Server Heap Overflow Vulnerability
Visual StudioCVE-2018-8599Diagnostics Hub Standard Collector Service 特权提升漏洞
Windows Authentication MethodsCVE-2018-8634Microsoft Text-To-Speech 远程代码执行漏洞
Windows Azure PackCVE-2018-8652Windows Azure Pack Cross Site Scripting Vulnerability
Windows KernelCVE-2018-8477Windows Kernel 信息泄露漏洞
Windows KernelCVE-2018-8611Windows Kernel 特权提升漏洞
Windows KernelCVE-2018-8612Connected User Experiences and Telemetry Service 拒绝服务漏洞
Windows KernelCVE-2018-8621Windows Kernel 信息泄露漏洞
Windows KernelCVE-2018-8622Windows Kernel 信息泄露漏洞
Windows KernelCVE-2018-8637Win32k 信息泄露漏洞
Windows Kernel-Mode DriversCVE-2018-8641Win32k 特权提升漏洞

 

修复建议

微软官方已经发布更新补丁,请及时进行补丁更新。

 

附件下载

微软发布12月补丁修复39个安全问题

Spread the word. Share this post!

Meet The Author

Leave Comment