【威胁通告】微软发布11月补丁修复64个安全问题

微软于周二发布了11月安全更新补丁,修复了64个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Core、Active Directory、Adobe Flash Player、Azure、BitLocker、Internet Explorer、Microsoft Drivers、Microsoft Dynamics、Microsoft Edge、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft JScript、Microsoft Office、Microsoft Office SharePoint、Microsoft PowerShell、Microsoft RPC、Microsoft Scripting Engine、Microsoft Windows、Microsoft Windows Search Component、Servicing Stack Updates、Skype for Business and Microsoft Lync、Team Foundation Server、Windows Audio Service以及Windows Kernel。

漏洞概述

相关信息如下:

产品CVE 编号CVE 标题
.NET CoreCVE-2018-8416.NET Core Tampering Vulnerability
Active DirectoryCVE-2018-8547Active Directory Federation Services XSS Vulnerability
Adobe Flash PlayerADV180025November 2018 Adobe Flash 安全更新
AzureCVE-2018-8600Azure App Service Cross-site Scripting Vulnerability
BitLockerCVE-2018-8566BitLocker 安全功能绕过漏洞
Internet ExplorerCVE-2018-8570Internet Explorer 内存破坏漏洞
Microsoft DriversCVE-2018-8471Microsoft RemoteFX Virtual GPU miniport driver 特权提升漏洞
Microsoft DynamicsCVE-2018-8605Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft DynamicsCVE-2018-8606Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft DynamicsCVE-2018-8607Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft DynamicsCVE-2018-8608Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft DynamicsCVE-2018-8609Microsoft Dynamics 365 (on-premises) version 8 远程代码执行漏洞
Microsoft EdgeCVE-2018-8564Microsoft Edge 欺骗漏洞
Microsoft EdgeCVE-2018-8545Microsoft Edge 信息泄露漏洞
Microsoft EdgeCVE-2018-8567Microsoft Edge 特权提升漏洞
Microsoft Exchange ServerCVE-2018-8581Microsoft Exchange Server 特权提升漏洞
Microsoft Graphics ComponentCVE-2018-8485DirectX 特权提升漏洞
Microsoft Graphics ComponentCVE-2018-8553Microsoft Graphics Components 远程代码执行漏洞
Microsoft Graphics ComponentCVE-2018-8554DirectX 特权提升漏洞
Microsoft Graphics ComponentCVE-2018-8561DirectX 特权提升漏洞
Microsoft Graphics ComponentCVE-2018-8562Win32k 特权提升漏洞
Microsoft Graphics ComponentCVE-2018-8563DirectX 信息泄露漏洞
Microsoft Graphics ComponentCVE-2018-8565Win32k 信息泄露漏洞
Microsoft JScriptCVE-2018-8417Microsoft JScript 安全功能绕过漏洞
Microsoft OfficeCVE-2018-8522Microsoft Outlook 远程代码执行漏洞
Microsoft OfficeCVE-2018-8576Microsoft Outlook 远程代码执行漏洞
Microsoft OfficeCVE-2018-8524Microsoft Outlook 远程代码执行漏洞
Microsoft OfficeCVE-2018-8539Microsoft Word 远程代码执行漏洞
Microsoft OfficeCVE-2018-8558Microsoft Outlook 信息泄露漏洞
Microsoft OfficeCVE-2018-8573Microsoft Word 远程代码执行漏洞
Microsoft OfficeCVE-2018-8574Microsoft Excel 远程代码执行漏洞
Microsoft OfficeCVE-2018-8575Microsoft Project 远程代码执行漏洞
Microsoft OfficeCVE-2018-8582Microsoft Outlook 远程代码执行漏洞
Microsoft OfficeCVE-2018-8577Microsoft Excel 远程代码执行漏洞
Microsoft OfficeCVE-2018-8579Microsoft Outlook 信息泄露漏洞
Microsoft Office SharePointCVE-2018-8572Microsoft SharePoint 特权提升漏洞
Microsoft Office SharePointCVE-2018-8568Microsoft SharePoint 特权提升漏洞
Microsoft Office SharePointCVE-2018-8578Microsoft SharePoint 信息泄露漏洞
Microsoft PowerShellCVE-2018-8256Microsoft PowerShell 远程代码执行漏洞
Microsoft PowerShellCVE-2018-8415Microsoft PowerShell Tampering Vulnerability
Microsoft RPCCVE-2018-8407MSRPC 信息泄露漏洞
Microsoft Scripting EngineCVE-2018-8588Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8541Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8542Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8543Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8544Windows VBScript Engine 远程代码执行漏洞
Microsoft Scripting EngineCVE-2018-8551Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8552Windows Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8555Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8556Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting EngineCVE-2018-8557Chakra Scripting Engine 内存破坏漏洞
Microsoft WindowsCVE-2018-8476Windows Deployment Services TFTP Server 远程代码执行漏洞
Microsoft WindowsCVE-2018-8592Windows Elevation Of Privilege Vulnerability
Microsoft WindowsCVE-2018-8549Windows 安全功能绕过漏洞
Microsoft WindowsCVE-2018-8550Windows COM 特权提升漏洞
Microsoft WindowsCVE-2018-8584Windows ALPC 特权提升漏洞
Microsoft WindowsADV180028Guidance for configuring BitLocker to enforce software encryption
Microsoft Windows Search ComponentCVE-2018-8450Windows Search 远程代码执行漏洞
Servicing Stack UpdatesADV990001Latest Servicing Stack Updates
Skype for Business and Microsoft LyncCVE-2018-8546Microsoft Skype for Business 拒绝服务漏洞
Team Foundation ServerCVE-2018-8602Team Foundation Server Cross-site Scripting Vulnerability
Windows Audio ServiceCVE-2018-8454Windows Audio Service 信息泄露漏洞
Windows KernelCVE-2018-8589Windows Win32k 特权提升漏洞
Windows KernelCVE-2018-8408Windows Kernel 信息泄露漏洞

 

修复建议

微软官方已经发布更新补丁,请及时进行补丁更新。

 

附件下载

微软发布11月补丁修复64个安全问题

Spread the word. Share this post!

Meet The Author

Leave Comment