微软于周二发布了8月安全更新补丁,修复了63个从简单的欺骗攻击到远程执行代码的安全问题。
产品涉及.NET Framework、Adobe Flash Player、Device Guard、Internet Explorer、Microsoft Browsers、Microsoft Edge、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft Office、Microsoft Scripting Engine、Microsoft Windows、Microsoft Windows PDF、SQL Server、Windows Authentication Methods、Windows COM、Windows Diagnostic Hub、Windows Installer、Windows Kernel、Windows NDIS、Windows RNDIS以及Windows Shell。
漏洞详情
以下为威胁相对较高的漏洞
| 产品 | CVE 编号 | CVE 标题 |
| Internet Explorer | CVE-2018-8316 | Internet Explorer 远程代码执行漏洞 |
| Microsoft Exchange Server | CVE-2018-8302 | Microsoft Exchange 内存破坏漏洞 |
| Microsoft Graphics Component | CVE-2018-8397 | GDI+ 远程代码执行漏洞 |
| Microsoft Graphics Component | CVE-2018-8344 | Microsoft Graphics 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8379 | Microsoft Excel 远程代码执行漏洞 |
| Microsoft Windows | CVE-2018-8345 | LNK 远程代码执行漏洞 |
| Microsoft Windows | CVE-2018-8346 | LNK 远程代码执行漏洞 |
| Microsoft Windows PDF | CVE-2018-8350 | Windows PDF 远程代码执行漏洞 |
| SQL Server | CVE-2018-8273 | Microsoft SQL Server 远程代码执行漏洞 |
| Windows COM | CVE-2018-8349 | Microsoft COM for Windows 远程代码执行漏洞 |
| Windows Shell | CVE-2018-8414 | Windows Shell 远程代码执行漏洞 |
完整信息如下:
| 产品 | CVE 编号 | CVE 标题 |
| .NET Framework | CVE-2018-8360 | .NET Framework 信息泄露漏洞 |
| Adobe Flash Player | ADV180020 | August 2018 Adobe Flash 安全更新 |
| Device Guard | CVE-2018-8204 | Device Guard Code Integrity Policy 安全功能绕过漏洞 |
| Device Guard | CVE-2018-8200 | Device Guard Code Integrity Policy 安全功能绕过漏洞 |
| Internet Explorer | CVE-2018-8316 | Internet Explorer 远程代码执行漏洞 |
| Microsoft Browsers | CVE-2018-8403 | Microsoft Browser 内存破坏漏洞 |
| Microsoft Browsers | CVE-2018-8351 | Microsoft Browser 信息泄露漏洞 |
| Microsoft Browsers | CVE-2018-8357 | Microsoft Browser 特权提升漏洞 |
| Microsoft Edge | CVE-2018-8358 | Microsoft Edge 安全功能绕过漏洞 |
| Microsoft Edge | CVE-2018-8370 | Microsoft Edge 信息泄露漏洞 |
| Microsoft Edge | CVE-2018-8377 | Microsoft Edge 内存破坏漏洞 |
| Microsoft Edge | CVE-2018-8383 | Microsoft Edge 欺骗漏洞 |
| Microsoft Edge | CVE-2018-8388 | Microsoft Edge 欺骗漏洞 |
| Microsoft Edge | CVE-2018-8387 | Microsoft Edge 内存破坏漏洞 |
| Microsoft Exchange Server | CVE-2018-8302 | Microsoft Exchange 内存破坏漏洞 |
| Microsoft Exchange Server | CVE-2018-8374 | Microsoft Exchange Server Tampering Vulnerability |
| Microsoft Graphics Component | CVE-2018-8394 | Windows GDI 信息泄露漏洞 |
| Microsoft Graphics Component | CVE-2018-8396 | Windows GDI 信息泄露漏洞 |
| Microsoft Graphics Component | CVE-2018-8397 | GDI+ 远程代码执行漏洞 |
| Microsoft Graphics Component | CVE-2018-8398 | Windows GDI 信息泄露漏洞 |
| Microsoft Graphics Component | CVE-2018-8400 | DirectX Graphics Kernel 特权提升漏洞 |
| Microsoft Graphics Component | CVE-2018-8401 | DirectX Graphics Kernel 特权提升漏洞 |
| Microsoft Graphics Component | CVE-2018-8405 | DirectX Graphics Kernel 特权提升漏洞 |
| Microsoft Graphics Component | CVE-2018-8406 | DirectX Graphics Kernel 特权提升漏洞 |
| Microsoft Graphics Component | CVE-2018-8344 | Microsoft Graphics 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8375 | Microsoft Excel 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8376 | Microsoft PowerPoint 远程代码执行漏洞 |
| Microsoft Office | ADV180021 | Microsoft Office Defense in Depth Update |
| Microsoft Office | CVE-2018-8378 | Microsoft Office 信息泄露漏洞 |
| Microsoft Office | CVE-2018-8379 | Microsoft Excel 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8382 | Microsoft Excel 信息泄露漏洞 |
| Microsoft Office | CVE-2018-8412 | Microsoft (MAU) Office 特权提升漏洞 |
| Microsoft Scripting Engine | CVE-2018-8266 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8371 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8372 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8373 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8380 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8381 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8384 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8385 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8389 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8390 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8353 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8355 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8359 | Scripting Engine 内存破坏漏洞 |
| Microsoft Windows | ADV180018 | Microsoft Guidance to mitigate L1TF variant |
| Microsoft Windows | CVE-2018-8345 | LNK 远程代码执行漏洞 |
| Microsoft Windows | CVE-2018-8346 | LNK 远程代码执行漏洞 |
| Microsoft Windows PDF | CVE-2018-8350 | Windows PDF 远程代码执行漏洞 |
| SQL Server | CVE-2018-8273 | Microsoft SQL Server 远程代码执行漏洞 |
| Windows Authentication Methods | CVE-2018-8340 | AD FS 安全功能绕过漏洞 |
| Windows COM | CVE-2018-8349 | Microsoft COM for Windows 远程代码执行漏洞 |
| Windows Diagnostic Hub | CVE-2018-0952 | Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability |
| Windows Installer | CVE-2018-8339 | Windows Installer 特权提升漏洞 |
| Windows Kernel | CVE-2018-8399 | Win32k 特权提升漏洞 |
| Windows Kernel | CVE-2018-8404 | Win32k 特权提升漏洞 |
| Windows Kernel | CVE-2018-8341 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-8347 | Windows Kernel 特权提升漏洞 |
| Windows Kernel | CVE-2018-8348 | Windows Kernel 信息泄露漏洞 |
| Windows NDIS | CVE-2018-8343 | Windows NDIS 特权提升漏洞 |
| Windows RNDIS | CVE-2018-8342 | Windows NDIS 特权提升漏洞 |
| Windows Shell | CVE-2018-8253 | Microsoft Cortana 特权提升漏洞 |
| Windows Shell | CVE-2018-8414 | Windows Shell 远程代码执行漏洞 |
修复建议
微软官方已经发布更新补丁,请及时进行补丁更新。