【威胁通告】微软发布8月补丁修复63个安全问题

微软于周二发布了8月安全更新补丁,修复了63个从简单的欺骗攻击到远程执行代码的安全问题。

产品涉及.NET Framework、Adobe Flash Player、Device Guard、Internet Explorer、Microsoft Browsers、Microsoft Edge、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft Office、Microsoft Scripting Engine、Microsoft Windows、Microsoft Windows PDF、SQL Server、Windows Authentication Methods、Windows COM、Windows Diagnostic Hub、Windows Installer、Windows Kernel、Windows NDIS、Windows RNDIS以及Windows Shell。

漏洞详情

以下为威胁相对较高的漏洞

产品CVE 编号CVE 标题
Internet ExplorerCVE-2018-8316Internet Explorer 远程代码执行漏洞
Microsoft Exchange ServerCVE-2018-8302Microsoft Exchange 内存破坏漏洞
Microsoft Graphics ComponentCVE-2018-8397GDI+ 远程代码执行漏洞
Microsoft Graphics ComponentCVE-2018-8344Microsoft Graphics 远程代码执行漏洞
Microsoft OfficeCVE-2018-8379Microsoft Excel 远程代码执行漏洞
Microsoft WindowsCVE-2018-8345LNK 远程代码执行漏洞
Microsoft WindowsCVE-2018-8346LNK 远程代码执行漏洞
Microsoft Windows PDFCVE-2018-8350Windows PDF 远程代码执行漏洞
SQL ServerCVE-2018-8273Microsoft SQL Server 远程代码执行漏洞
Windows COMCVE-2018-8349Microsoft COM for Windows 远程代码执行漏洞
Windows ShellCVE-2018-8414Windows Shell 远程代码执行漏洞

 

完整信息如下:

产品CVE 编号CVE 标题
.NET FrameworkCVE-2018-8360.NET Framework 信息泄露漏洞
Adobe Flash PlayerADV180020August 2018 Adobe Flash 安全更新
Device GuardCVE-2018-8204Device Guard Code Integrity Policy 安全功能绕过漏洞
Device GuardCVE-2018-8200Device Guard Code Integrity Policy 安全功能绕过漏洞
Internet ExplorerCVE-2018-8316Internet Explorer 远程代码执行漏洞
Microsoft BrowsersCVE-2018-8403Microsoft Browser 内存破坏漏洞
Microsoft BrowsersCVE-2018-8351Microsoft Browser 信息泄露漏洞
Microsoft BrowsersCVE-2018-8357Microsoft Browser 特权提升漏洞
Microsoft EdgeCVE-2018-8358Microsoft Edge 安全功能绕过漏洞
Microsoft EdgeCVE-2018-8370Microsoft Edge 信息泄露漏洞
Microsoft EdgeCVE-2018-8377Microsoft Edge 内存破坏漏洞
Microsoft EdgeCVE-2018-8383Microsoft Edge 欺骗漏洞
Microsoft EdgeCVE-2018-8388Microsoft Edge 欺骗漏洞
Microsoft EdgeCVE-2018-8387Microsoft Edge 内存破坏漏洞
Microsoft Exchange ServerCVE-2018-8302Microsoft Exchange 内存破坏漏洞
Microsoft Exchange ServerCVE-2018-8374Microsoft Exchange Server Tampering Vulnerability
Microsoft Graphics ComponentCVE-2018-8394Windows GDI 信息泄露漏洞
Microsoft Graphics ComponentCVE-2018-8396Windows GDI 信息泄露漏洞
Microsoft Graphics ComponentCVE-2018-8397GDI+ 远程代码执行漏洞
Microsoft Graphics ComponentCVE-2018-8398Windows GDI 信息泄露漏洞
Microsoft Graphics ComponentCVE-2018-8400DirectX Graphics Kernel 特权提升漏洞
Microsoft Graphics ComponentCVE-2018-8401DirectX Graphics Kernel 特权提升漏洞
Microsoft Graphics ComponentCVE-2018-8405DirectX Graphics Kernel 特权提升漏洞
Microsoft Graphics ComponentCVE-2018-8406DirectX Graphics Kernel 特权提升漏洞
Microsoft Graphics ComponentCVE-2018-8344Microsoft Graphics 远程代码执行漏洞
Microsoft OfficeCVE-2018-8375Microsoft Excel 远程代码执行漏洞
Microsoft OfficeCVE-2018-8376Microsoft PowerPoint 远程代码执行漏洞
Microsoft OfficeADV180021Microsoft Office Defense in Depth Update
Microsoft OfficeCVE-2018-8378Microsoft Office 信息泄露漏洞
Microsoft OfficeCVE-2018-8379Microsoft Excel 远程代码执行漏洞
Microsoft OfficeCVE-2018-8382Microsoft Excel 信息泄露漏洞
Microsoft OfficeCVE-2018-8412Microsoft (MAU) Office 特权提升漏洞
Microsoft Scripting EngineCVE-2018-8266Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8371Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8372Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8373Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8380Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8381Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8384Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8385Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8389Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8390Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8353Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8355Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8359Scripting Engine 内存破坏漏洞
Microsoft WindowsADV180018Microsoft Guidance to mitigate L1TF variant
Microsoft WindowsCVE-2018-8345LNK 远程代码执行漏洞
Microsoft WindowsCVE-2018-8346LNK 远程代码执行漏洞
Microsoft Windows PDFCVE-2018-8350Windows PDF 远程代码执行漏洞
SQL ServerCVE-2018-8273Microsoft SQL Server 远程代码执行漏洞
Windows Authentication MethodsCVE-2018-8340AD FS 安全功能绕过漏洞
Windows COMCVE-2018-8349Microsoft COM for Windows 远程代码执行漏洞
Windows Diagnostic HubCVE-2018-0952Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability
Windows InstallerCVE-2018-8339Windows Installer 特权提升漏洞
Windows KernelCVE-2018-8399Win32k 特权提升漏洞
Windows KernelCVE-2018-8404Win32k 特权提升漏洞
Windows KernelCVE-2018-8341Windows Kernel 信息泄露漏洞
Windows KernelCVE-2018-8347Windows Kernel 特权提升漏洞
Windows KernelCVE-2018-8348Windows Kernel 信息泄露漏洞
Windows NDISCVE-2018-8343Windows NDIS 特权提升漏洞
Windows RNDISCVE-2018-8342Windows NDIS 特权提升漏洞
Windows ShellCVE-2018-8253Microsoft Cortana 特权提升漏洞
Windows ShellCVE-2018-8414Windows Shell 远程代码执行漏洞

 

修复建议

微软官方已经发布更新补丁,请及时进行补丁更新。

附件下载

微软发布8月补丁修复63个安全问题

Spread the word. Share this post!

Meet The Author

Leave Comment