微软于周二发布了6月安全更新补丁,修复了52个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及Adobe Flash Player、Device Guard、HID Parser Library、Internet Explorer、Microsoft Edge、Microsoft NTFS、Microsoft Office、Microsoft Scripting Engine、Microsoft Windows、Windows Hyper-V、Windows Kernel以及Windows Shell。
焦点漏洞
CVE-2018-8248 | Microsoft Excel 远程代码执行漏洞
CVE-2018-8210 | Windows 远程代码执行漏洞
CVE-2018-8213 | Windows 远程代码执行漏洞
CVE-2018-8225 | Windows DNSAPI 远程代码执行漏洞
CVE-2018-8231 | HTTP Protocol Stack 远程代码执行漏洞
受影响产品列表
产品 | CVE 编号 | CVE 标题 |
Adobe Flash Player | ADV180014 | June 2018 Adobe Flash 安全更新 |
Device Guard | CVE-2018-8201 | Device Guard Code Integrity Policy 安全功能绕过漏洞 |
Device Guard | CVE-2018-8211 | Device Guard Code Integrity Policy 安全功能绕过漏洞 |
Device Guard | CVE-2018-8212 | Device Guard Code Integrity Policy 安全功能绕过漏洞 |
Device Guard | CVE-2018-8215 | Device Guard Code Integrity Policy 安全功能绕过漏洞 |
Device Guard | CVE-2018-8216 | Device Guard Code Integrity Policy 安全功能绕过漏洞 |
Device Guard | CVE-2018-8217 | Device Guard Code Integrity Policy 安全功能绕过漏洞 |
Device Guard | CVE-2018-8221 | Device Guard Code Integrity Policy 安全功能绕过漏洞 |
HID Parser Library | CVE-2018-8169 | HIDParser 特权提升漏洞 |
Internet Explorer | CVE-2018-0978 | Internet Explorer 内存破坏漏洞 |
Internet Explorer | CVE-2018-8113 | Internet Explorer 安全功能绕过漏洞 |
Internet Explorer | CVE-2018-8249 | Internet Explorer 内存破坏漏洞 |
Microsoft Edge | CVE-2018-0871 | Microsoft Edge 信息泄露漏洞 |
Microsoft Edge | CVE-2018-8110 | Microsoft Edge 内存破坏漏洞 |
Microsoft Edge | CVE-2018-8111 | Microsoft Edge 内存破坏漏洞 |
Microsoft Edge | CVE-2018-8234 | Microsoft Edge 信息泄露漏洞 |
Microsoft Edge | CVE-2018-8235 | Microsoft Edge 安全功能绕过漏洞 |
Microsoft Edge | CVE-2018-8236 | Microsoft Edge 内存破坏漏洞 |
Microsoft NTFS | CVE-2018-1036 | NTFS 特权提升漏洞 |
Microsoft Office | CVE-2018-8244 | Microsoft Outlook 特权提升漏洞 |
Microsoft Office | CVE-2018-8245 | Microsoft Office 特权提升漏洞 |
Microsoft Office | CVE-2018-8246 | Microsoft Excel 信息泄露漏洞 |
Microsoft Office | CVE-2018-8247 | Microsoft Office 特权提升漏洞 |
Microsoft Office | CVE-2018-8248 | Microsoft Excel 远程代码执行漏洞 |
Microsoft Office | CVE-2018-8252 | Microsoft SharePoint 特权提升漏洞 |
Microsoft Office | CVE-2018-8254 | Microsoft SharePoint 特权提升漏洞 |
Microsoft Office | ADV180015 | Microsoft Office Defense in Depth Update |
Microsoft Scripting Engine | CVE-2018-8227 | Chakra Scripting Engine 内存破坏漏洞 |
Microsoft Scripting Engine | CVE-2018-8229 | Chakra Scripting Engine 内存破坏漏洞 |
Microsoft Scripting Engine | CVE-2018-8243 | Scripting Engine 内存破坏漏洞 |
Microsoft Scripting Engine | CVE-2018-8267 | Scripting Engine 内存破坏漏洞 |
Microsoft Windows | CVE-2018-8175 | WEBDAV 拒绝服务漏洞 |
Microsoft Windows | CVE-2018-8205 | Windows 拒绝服务漏洞 |
Microsoft Windows | CVE-2018-8208 | Windows Desktop Bridge 特权提升漏洞 |
Microsoft Windows | CVE-2018-8209 | Windows Wireless Network Profile 信息泄露漏洞 |
Microsoft Windows | CVE-2018-8210 | Windows 远程代码执行漏洞 |
Microsoft Windows | CVE-2018-8213 | Windows 远程代码执行漏洞 |
Microsoft Windows | CVE-2018-8214 | Windows Desktop Bridge 特权提升漏洞 |
Microsoft Windows | CVE-2018-8225 | Windows DNSAPI 远程代码执行漏洞 |
Microsoft Windows | CVE-2018-8226 | HTTP.sys 拒绝服务漏洞 |
Microsoft Windows | CVE-2018-8231 | HTTP Protocol Stack 远程代码执行漏洞 |
Microsoft Windows | CVE-2018-8239 | Windows GDI 信息泄露漏洞 |
Microsoft Windows | CVE-2018-0982 | Windows 特权提升漏洞 |
Microsoft Windows | CVE-2018-1040 | Windows Code Integrity Module 拒绝服务漏洞 |
Microsoft Windows | CVE-2018-8251 | Media Foundation 内存破坏漏洞 |
Windows Hyper-V | CVE-2018-8218 | Windows Hyper-V 拒绝服务漏洞 |
Windows Hyper-V | CVE-2018-8219 | Hypervisor Code Integrity 特权提升漏洞 |
Windows Kernel | CVE-2018-8207 | Windows Kernel 信息泄露漏洞 |
Windows Kernel | CVE-2018-8224 | Windows Kernel 特权提升漏洞 |
Windows Kernel | CVE-2018-8233 | Win32k 特权提升漏洞 |
Windows Kernel | CVE-2018-8121 | Windows Kernel 信息泄露漏洞 |
Windows Shell | CVE-2018-8140 | Cortana 特权提升漏洞 |
修复建议
微软官方已经发布更新补丁,请及时进行补丁更新。
https://support.microsoft.com/zh-cn/help/4284855/windows-server-2012-update-kb4284855