微软于周二发布了3月安全更新补丁,修复了75个从简单的欺骗攻击到远程执行代码的安全问题,涉及多个产品。
综述
微软于周二发布了3月安全更新补丁,修复了75个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Core、Adobe Flash Player、ASP .NET、ASP.NET、Device Guard、Internet Explorer、Microsoft Browsers、Microsoft Edge、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft Office、Microsoft Scripting Engine、Microsoft Video Control、Microsoft Windows、Windows Desktop Bridge、Windows Hyper-V、Windows Installer、Windows Kernel以及Windows Shell。
相关信息如下(红色部分威胁相对比较高):
| 产品 | CVE 编号 | CVE 标题 |
| .NET Core | CVE-2018-0875 | .NET Core 拒绝服务漏洞 |
| Adobe Flash Player | ADV180006 | March 2018 Adobe Flash 安全更新 |
| ASP .NET | CVE-2018-0787 | ASP.NET Core 特权提升漏洞 |
| ASP.NET | CVE-2018-0808 | ASP.NET Core 拒绝服务漏洞 |
| Device Guard | CVE-2018-0884 | Windows 安全功能绕过漏洞 |
| Internet Explorer | CVE-2018-0929 | Internet Explorer 信息泄露漏洞 |
| Internet Explorer | CVE-2018-0942 | Internet Explorer 特权提升漏洞 |
| Microsoft Browsers | CVE-2018-0927 | Microsoft Browser 信息泄露漏洞 |
| Microsoft Browsers | CVE-2018-0932 | Microsoft Browser 信息泄露漏洞 |
| Microsoft Edge | CVE-2018-0879 | Microsoft Edge 信息泄露漏洞 |
| Microsoft Exchange Server | CVE-2018-0924 | Microsoft Exchange 信息泄露漏洞 |
| Microsoft Exchange Server | CVE-2018-0940 | Microsoft Exchange 特权提升漏洞 |
| Microsoft Exchange Server | CVE-2018-0941 | Microsoft Exchange 信息泄露漏洞 |
| Microsoft Graphics Component | CVE-2018-0816 | Windows GDI 特权提升漏洞 |
| Microsoft Graphics Component | CVE-2018-0817 | Windows GDI 特权提升漏洞 |
| Microsoft Graphics Component | CVE-2018-0815 | Windows GDI 特权提升漏洞 |
| Microsoft Office | CVE-2018-0947 | Microsoft Sharepoint 特权提升漏洞 |
| Microsoft Office | CVE-2018-0903 | Microsoft Access 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-0909 | Microsoft SharePoint 特权提升漏洞 |
| Microsoft Office | CVE-2018-0910 | Microsoft SharePoint 特权提升漏洞 |
| Microsoft Office | CVE-2018-0907 | Microsoft Office Excel Security Feature Bypass |
| Microsoft Office | CVE-2018-0911 | Microsoft SharePoint 特权提升漏洞 |
| Microsoft Office | CVE-2018-0912 | Microsoft SharePoint 特权提升漏洞 |
| Microsoft Office | CVE-2018-0913 | Microsoft SharePoint 特权提升漏洞 |
| Microsoft Office | CVE-2018-0914 | Microsoft SharePoint 特权提升漏洞 |
| Microsoft Office | CVE-2018-0915 | Microsoft SharePoint 特权提升漏洞 |
| Microsoft Office | CVE-2018-0916 | Microsoft SharePoint 特权提升漏洞 |
| Microsoft Office | CVE-2018-0917 | Microsoft SharePoint 特权提升漏洞 |
| Microsoft Office | CVE-2018-0919 | Microsoft Office 信息泄露漏洞 |
| Microsoft Office | CVE-2018-0921 | Microsoft SharePoint 特权提升漏洞 |
| Microsoft Office | CVE-2018-0922 | Microsoft Office 内存破坏漏洞 |
| Microsoft Office | CVE-2018-0923 | Microsoft SharePoint 特权提升漏洞 |
| Microsoft Office | CVE-2018-0944 | Microsoft SharePoint 特权提升漏洞 |
| Microsoft Scripting Engine | CVE-2018-0889 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-0891 | Scripting Engine 信息泄露漏洞 |
| Microsoft Scripting Engine | CVE-2018-0893 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-0930 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-0931 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-0933 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-0934 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-0935 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-0936 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-0937 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-0939 | Scripting Engine 信息泄露漏洞 |
| Microsoft Scripting Engine | CVE-2018-0872 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-0873 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-0874 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-0876 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-0925 | Scripting Engine 内存破坏漏洞 |
| Microsoft Video Control | CVE-2018-0881 | Microsoft Video Control 特权提升漏洞 |
| Microsoft Windows | CVE-2018-0886 | CredSSP 远程代码执行漏洞 |
| Microsoft Windows | CVE-2018-0902 | CNG 安全功能绕过漏洞 |
| Microsoft Windows | CVE-2018-0983 | Windows Storage Services 特权提升漏洞 |
| Microsoft Windows | CVE-2018-0878 | Windows Remote Assistance 信息泄露漏洞 |
| Windows Desktop Bridge | CVE-2018-0877 | Windows Desktop Bridge VFS 特权提升漏洞 |
| Windows Desktop Bridge | CVE-2018-0880 | Windows Desktop Bridge 特权提升漏洞 |
| Windows Desktop Bridge | CVE-2018-0882 | Windows Desktop Bridge 特权提升漏洞 |
| Windows Hyper-V | CVE-2018-0885 | Windows Hyper-V 拒绝服务漏洞 |
| Windows Hyper-V | CVE-2018-0888 | Hyper-V 信息泄露漏洞 |
| Windows Installer | CVE-2018-0868 | Windows Installer 特权提升漏洞 |
| Windows Kernel | CVE-2018-0811 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-0894 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-0895 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-0896 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-0897 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-0898 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-0899 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-0900 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-0901 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-0926 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-0977 | Win32k 特权提升漏洞 |
| Windows Kernel | CVE-2018-0813 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-0814 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-0904 | Windows Kernel 信息泄露漏洞 |
| Windows Shell | CVE-2018-0883 | Windows Shell 远程代码执行漏洞 |
修复建议
微软官方已经发布更新补丁,请及时进行补丁更新。
附件下载