微软发布10月补丁修复51个安全问题

微软于周二发布了10月安全更新补丁,修复了51个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Core、Azure、Device Guard、Internet Explorer、Microsoft Edge、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft JET Database Engine、Microsoft Office、Microsoft Office SharePoint、Microsoft Scripting Engine、Microsoft Windows、Microsoft Windows DNS、Microsoft XML Core Services、SQL Server、Windows – Linux、Windows Hyper-V、Windows Kernel、Windows Media Player以及Windows Shell。

焦点漏洞

相关信息如下(红色部分威胁相对比较高):

产品 CVE 编号 CVE 标题
.NET Core CVE-2018-8292 .NET Core 信息泄露漏洞
Azure CVE-2018-8531 Azure IoT Device Client SDK 内存破坏漏洞
Device Guard CVE-2018-8492 Device Guard Code Integrity Policy 安全功能绕过漏洞
Internet Explorer CVE-2018-8460 Internet Explorer 内存破坏漏洞
Internet Explorer CVE-2018-8491 Internet Explorer 内存破坏漏洞
Microsoft Edge CVE-2018-8473 Microsoft Edge 内存破坏漏洞
Microsoft Edge CVE-2018-8509 Microsoft Edge 内存破坏漏洞
Microsoft Edge CVE-2018-8512 Microsoft Edge 安全功能绕过漏洞
Microsoft Edge CVE-2018-8530 Microsoft Edge 安全功能绕过漏洞
Microsoft Exchange Server CVE-2018-8265 Microsoft Exchange 远程代码执行漏洞
Microsoft Exchange Server CVE-2018-8448 Microsoft Exchange Server 特权提升漏洞
Microsoft Exchange Server CVE-2010-3190 MFC Insecure Library Loading Vulnerability
Microsoft Graphics Component CVE-2018-8453 Win32k 特权提升漏洞
Microsoft Graphics Component CVE-2018-8484 DirectX Graphics Kernel 特权提升漏洞
Microsoft Graphics Component CVE-2018-8486 DirectX 信息泄露漏洞
Microsoft Graphics Component CVE-2018-8472 Windows GDI 信息泄露漏洞
Microsoft JET Database Engine CVE-2018-8423 Microsoft JET Database Engine 远程代码执行漏洞
Microsoft Office CVE-2018-8432 Microsoft Graphics Components 远程代码执行漏洞
Microsoft Office CVE-2018-8427 Microsoft Graphics Components 信息泄露漏洞
Microsoft Office CVE-2018-8501 Microsoft PowerPoint 远程代码执行漏洞
Microsoft Office CVE-2018-8502 Microsoft Excel 远程代码执行漏洞
Microsoft Office CVE-2018-8504 Microsoft Word 远程代码执行漏洞
Microsoft Office ADV180026 Microsoft Office Defense in Depth Update
Microsoft Office SharePoint CVE-2018-8480 Microsoft SharePoint 特权提升漏洞
Microsoft Office SharePoint CVE-2018-8488 Microsoft SharePoint 特权提升漏洞
Microsoft Office SharePoint CVE-2018-8518 Microsoft SharePoint 特权提升漏洞
Microsoft Office SharePoint CVE-2018-8498 Microsoft SharePoint 特权提升漏洞
Microsoft Scripting Engine CVE-2018-8500 Scripting Engine 内存破坏漏洞
Microsoft Scripting Engine CVE-2018-8503 Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting Engine CVE-2018-8505 Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting Engine CVE-2018-8510 Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting Engine CVE-2018-8511 Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting Engine CVE-2018-8513 Chakra Scripting Engine 内存破坏漏洞
Microsoft Windows CVE-2018-8333 Microsoft Filter Manager Elevation Of Privilege Vulnerability
Microsoft Windows CVE-2018-8411 NTFS 特权提升漏洞
Microsoft Windows CVE-2018-8506 Microsoft Windows Codecs Library 信息泄露漏洞
Microsoft Windows CVE-2018-8493 Windows TCP/IP 信息泄露漏洞
Microsoft Windows DNS CVE-2018-8320 Windows DNS 安全功能绕过漏洞
Microsoft XML Core Services CVE-2018-8494 MS XML 远程代码执行漏洞
SQL Server CVE-2018-8527 SQL Server Management Studio 信息泄露漏洞
SQL Server CVE-2018-8532 SQL Server Management Studio 信息泄露漏洞
SQL Server CVE-2018-8533 SQL Server Management Studio 信息泄露漏洞
Windows – Linux CVE-2018-8329 Linux On Windows Elevation Of Privilege Vulnerability
Windows Hyper-V CVE-2018-8489 Windows Hyper-V 远程代码执行漏洞
Windows Hyper-V CVE-2018-8490 Windows Hyper-V 远程代码执行漏洞
Windows Kernel CVE-2018-8330 Windows Kernel 信息泄露漏洞
Windows Kernel CVE-2018-8497 Windows Kernel 特权提升漏洞
Windows Media Player CVE-2018-8481 Windows Media Player 信息泄露漏洞
Windows Media Player CVE-2018-8482 Windows Media Player 信息泄露漏洞
Windows Shell CVE-2018-8413 Windows Theme API 远程代码执行漏洞
Windows Shell CVE-2018-8495 Windows Shell 远程代码执行漏洞

 

修复建议

微软官方已经发布更新补丁,请及时进行补丁更新。

 

附件下载

微软发布10月补丁修复51个安全问题附录

Spread the word. Share this post!

Meet The Author

Leave Comment