微软于周二发布了12月安全更新补丁,修复了37个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及Adobe Flash Player、Device Guard、Microsoft Edge、Microsoft Exchange Server、Microsoft Malware Protection Engine、Microsoft Office、Microsoft Scripting Engine以及Microsoft Windows。
相关信息如下(红色部分威胁相对比较高):
| 产品 | CVE 编号 | CVE 标题 |
| Adobe Flash Player | ADV170022 | December 2017 Flash 安全更新 |
| Device Guard | CVE-2017-11899 | Microsoft Windows 安全功能绕过漏洞 |
| Microsoft Edge | CVE-2017-11888 | Microsoft Edge 内存破坏漏洞 |
| Microsoft Exchange Server | CVE-2017-11932 | Microsoft Exchange 欺骗漏洞 |
| Microsoft Exchange Server | ADV170023 | Microsoft Exchange Defense in Depth Update |
| Microsoft Malware Protection Engine | CVE-2017-11937 | Microsoft Malware Protection Engine 远程代码执行漏洞 |
| Microsoft Malware Protection Engine | CVE-2017-11940 | Microsoft Malware Protection Engine 远程代码执行漏洞 |
| Microsoft Office | ADV170021 | Microsoft Office Defense in Depth Update |
| Microsoft Office | CVE-2017-11934 | Microsoft PowerPoint 信息泄露漏洞 |
| Microsoft Office | CVE-2017-11935 | Microsoft Excel 远程代码执行漏洞 |
| Microsoft Office | CVE-2017-11936 | Microsoft SharePoint 特权提升漏洞 |
| Microsoft Office | CVE-2017-11939 | Microsoft Office 信息泄露漏洞 |
| Microsoft Scripting Engine | CVE-2017-11889 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2017-11890 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2017-11893 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2017-11895 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2017-11901 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2017-11903 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2017-11906 | Scripting Engine 信息泄露漏洞 |
| Microsoft Scripting Engine | CVE-2017-11908 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2017-11909 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2017-11910 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2017-11911 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2017-11912 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2017-11913 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2017-11914 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2017-11918 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2017-11930 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2017-11886 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2017-11887 | Scripting Engine 信息泄露漏洞 |
| Microsoft Scripting Engine | CVE-2017-11894 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2017-11907 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2017-11905 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2017-11916 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2017-11919 | Scripting Engine 信息泄露漏洞 |
| Microsoft Windows | CVE-2017-11885 | Windows RRAS Service 远程代码执行漏洞 |
| Microsoft Windows | CVE-2017-11927 | Microsoft Windows 信息泄露漏洞 |
修复建议
微软官方已经发布更新补丁,请及时进行补丁更新。
附件下载