微软于周二发布了9月安全更新补丁,修复了64个从简单的欺骗攻击到远程执行代码的安全问题,涉及20余种产品。
漏洞概述
涉及产品如下:
.NET Core、.NET Framework、Adobe Flash Player、Azure、Device Guard、Internet Explorer、Microsoft Edge、Microsoft Graphics Component、Microsoft Identity Services、Microsoft JET Database Engine、Microsoft Office、Microsoft Scripting Engine、Microsoft Windows、Microsoft XML Core Services、Windows Hyper-V、Windows Kernel、Windows Media、Windows Shell、Windows SMB Server以及Windows Subsystem for Linux。
相关信息如下:
| 产品 | CVE 编号 | CVE 标题 |
| .NET Core | CVE-2018-8409 | System.IO.Pipelines Denial of Service |
| .NET Framework | CVE-2018-8421 | .NET Framework 远程代码执行漏洞 |
| Adobe Flash Player | ADV180023 | September 2018 Adobe Flash 安全更新 |
| Azure | CVE-2018-8479 | Azure IoT SDK 欺骗漏洞 |
| Device Guard | CVE-2018-8449 | Device Guard 安全功能绕过漏洞 |
| Internet Explorer | CVE-2018-8461 | Internet Explorer 内存破坏漏洞 |
| Internet Explorer | CVE-2018-8447 | Internet Explorer 内存破坏漏洞 |
| Internet Explorer | CVE-2018-8470 | Internet Explorer 安全功能绕过漏洞 |
| Microsoft Edge | CVE-2018-8425 | Microsoft Edge 欺骗漏洞 |
| Microsoft Edge | CVE-2018-8366 | Microsoft Edge 信息泄露漏洞 |
| Microsoft Edge | CVE-2018-8463 | Microsoft Edge 特权提升漏洞 |
| Microsoft Edge | CVE-2018-8464 | Microsoft Edge PDF 远程代码执行漏洞 |
| Microsoft Edge | CVE-2018-8469 | Microsoft Edge 特权提升漏洞 |
| Microsoft Graphics Component | CVE-2018-8422 | Windows GDI 信息泄露漏洞 |
| Microsoft Graphics Component | CVE-2018-8424 | Windows GDI 信息泄露漏洞 |
| Microsoft Graphics Component | CVE-2018-8433 | Microsoft Graphics Component 信息泄露漏洞 |
| Microsoft Graphics Component | CVE-2018-8462 | DirectX Graphics Kernel 特权提升漏洞 |
| Microsoft Graphics Component | CVE-2018-8475 | Windows 远程代码执行漏洞 |
| Microsoft Graphics Component | CVE-2018-8332 | Win32k Graphics 远程代码执行漏洞 |
| Microsoft Identity Services | CVE-2018-8269 | OData 拒绝服务漏洞 |
| Microsoft JET Database Engine | CVE-2018-8392 | Microsoft JET Database Engine 远程代码执行漏洞 |
| Microsoft JET Database Engine | CVE-2018-8393 | Microsoft JET Database Engine 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8426 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office | CVE-2018-8428 | Microsoft SharePoint 特权提升漏洞 |
| Microsoft Office | CVE-2018-8429 | Microsoft Excel 信息泄露漏洞 |
| Microsoft Office | CVE-2018-8430 | Word PDF 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8431 | Microsoft SharePoint 特权提升漏洞 |
| Microsoft Office | CVE-2018-8331 | Microsoft Excel 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8474 | Lync for Mac 2011 安全功能绕过漏洞 |
| Microsoft Scripting Engine | CVE-2018-8315 | Microsoft Scripting Engine 信息泄露漏洞 |
| Microsoft Scripting Engine | CVE-2018-8367 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8354 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8391 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8452 | Scripting Engine 信息泄露漏洞 |
| Microsoft Scripting Engine | CVE-2018-8456 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8457 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8459 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8465 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8466 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8467 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Windows | CVE-2018-8271 | Windows 信息泄露漏洞 |
| Microsoft Windows | CVE-2018-8410 | Windows Registry 特权提升漏洞 |
| Microsoft Windows | ADV180022 | Windows 拒绝服务漏洞 |
| Microsoft Windows | CVE-2018-8438 | Windows Hyper-V 拒绝服务漏洞 |
| Microsoft Windows | CVE-2018-8440 | Windows ALPC 特权提升漏洞 |
| Microsoft XML Core Services | CVE-2018-8420 | MS XML 远程代码执行漏洞 |
| Windows Hyper-V | CVE-2018-0965 | Windows Hyper-V 远程代码执行漏洞 |
| Windows Hyper-V | CVE-2018-8434 | Windows Hyper-V 信息泄露漏洞 |
| Windows Hyper-V | CVE-2018-8435 | Windows Hyper-V 安全功能绕过漏洞 |
| Windows Hyper-V | CVE-2018-8436 | Windows Hyper-V 拒绝服务漏洞 |
| Windows Hyper-V | CVE-2018-8437 | Windows Hyper-V 拒绝服务漏洞 |
| Windows Hyper-V | CVE-2018-8439 | Windows Hyper-V 远程代码执行漏洞 |
| Windows Kernel | CVE-2018-8336 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-8442 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-8443 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-8445 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-8446 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-8455 | Windows Kernel 特权提升漏洞 |
| Windows Media | CVE-2018-8419 | Windows Kernel 信息泄露漏洞 |
| Windows Shell | CVE-2018-8468 | Windows 特权提升漏洞 |
| Windows SMB Server | CVE-2018-8335 | Windows SMB 拒绝服务漏洞 |
| Windows SMB Server | CVE-2018-8444 | Windows SMB 信息泄露漏洞 |
| Windows Subsystem for Linux | CVE-2018-8337 | Windows Subsystem for Linux 安全功能绕过漏洞 |
| Windows Subsystem for Linux | CVE-2018-8441 | Windows Subsystem for Linux 特权提升漏洞 |
修复建议
微软官方已经发布更新补丁,请及时进行补丁更新。