【威胁通告】微软发布11月补丁修复64个安全问题

微软于周二发布了11月安全更新补丁,修复了64个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Core、Active Directory、Adobe Flash Player、Azure、BitLocker、Internet Explorer、Microsoft Drivers、Microsoft Dynamics、Microsoft Edge、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft JScript、Microsoft Office、Microsoft Office SharePoint、Microsoft PowerShell、Microsoft RPC、Microsoft Scripting Engine、Microsoft Windows、Microsoft Windows Search Component、Servicing Stack Updates、Skype for Business and Microsoft Lync、Team Foundation Server、Windows Audio Service以及Windows Kernel。

漏洞概述

相关信息如下:

产品 CVE 编号 CVE 标题
.NET Core CVE-2018-8416 .NET Core Tampering Vulnerability
Active Directory CVE-2018-8547 Active Directory Federation Services XSS Vulnerability
Adobe Flash Player ADV180025 November 2018 Adobe Flash 安全更新
Azure CVE-2018-8600 Azure App Service Cross-site Scripting Vulnerability
BitLocker CVE-2018-8566 BitLocker 安全功能绕过漏洞
Internet Explorer CVE-2018-8570 Internet Explorer 内存破坏漏洞
Microsoft Drivers CVE-2018-8471 Microsoft RemoteFX Virtual GPU miniport driver 特权提升漏洞
Microsoft Dynamics CVE-2018-8605 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft Dynamics CVE-2018-8606 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft Dynamics CVE-2018-8607 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft Dynamics CVE-2018-8608 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft Dynamics CVE-2018-8609 Microsoft Dynamics 365 (on-premises) version 8 远程代码执行漏洞
Microsoft Edge CVE-2018-8564 Microsoft Edge 欺骗漏洞
Microsoft Edge CVE-2018-8545 Microsoft Edge 信息泄露漏洞
Microsoft Edge CVE-2018-8567 Microsoft Edge 特权提升漏洞
Microsoft Exchange Server CVE-2018-8581 Microsoft Exchange Server 特权提升漏洞
Microsoft Graphics Component CVE-2018-8485 DirectX 特权提升漏洞
Microsoft Graphics Component CVE-2018-8553 Microsoft Graphics Components 远程代码执行漏洞
Microsoft Graphics Component CVE-2018-8554 DirectX 特权提升漏洞
Microsoft Graphics Component CVE-2018-8561 DirectX 特权提升漏洞
Microsoft Graphics Component CVE-2018-8562 Win32k 特权提升漏洞
Microsoft Graphics Component CVE-2018-8563 DirectX 信息泄露漏洞
Microsoft Graphics Component CVE-2018-8565 Win32k 信息泄露漏洞
Microsoft JScript CVE-2018-8417 Microsoft JScript 安全功能绕过漏洞
Microsoft Office CVE-2018-8522 Microsoft Outlook 远程代码执行漏洞
Microsoft Office CVE-2018-8576 Microsoft Outlook 远程代码执行漏洞
Microsoft Office CVE-2018-8524 Microsoft Outlook 远程代码执行漏洞
Microsoft Office CVE-2018-8539 Microsoft Word 远程代码执行漏洞
Microsoft Office CVE-2018-8558 Microsoft Outlook 信息泄露漏洞
Microsoft Office CVE-2018-8573 Microsoft Word 远程代码执行漏洞
Microsoft Office CVE-2018-8574 Microsoft Excel 远程代码执行漏洞
Microsoft Office CVE-2018-8575 Microsoft Project 远程代码执行漏洞
Microsoft Office CVE-2018-8582 Microsoft Outlook 远程代码执行漏洞
Microsoft Office CVE-2018-8577 Microsoft Excel 远程代码执行漏洞
Microsoft Office CVE-2018-8579 Microsoft Outlook 信息泄露漏洞
Microsoft Office SharePoint CVE-2018-8572 Microsoft SharePoint 特权提升漏洞
Microsoft Office SharePoint CVE-2018-8568 Microsoft SharePoint 特权提升漏洞
Microsoft Office SharePoint CVE-2018-8578 Microsoft SharePoint 信息泄露漏洞
Microsoft PowerShell CVE-2018-8256 Microsoft PowerShell 远程代码执行漏洞
Microsoft PowerShell CVE-2018-8415 Microsoft PowerShell Tampering Vulnerability
Microsoft RPC CVE-2018-8407 MSRPC 信息泄露漏洞
Microsoft Scripting Engine CVE-2018-8588 Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting Engine CVE-2018-8541 Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting Engine CVE-2018-8542 Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting Engine CVE-2018-8543 Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting Engine CVE-2018-8544 Windows VBScript Engine 远程代码执行漏洞
Microsoft Scripting Engine CVE-2018-8551 Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting Engine CVE-2018-8552 Windows Scripting Engine 内存破坏漏洞
Microsoft Scripting Engine CVE-2018-8555 Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting Engine CVE-2018-8556 Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting Engine CVE-2018-8557 Chakra Scripting Engine 内存破坏漏洞
Microsoft Windows CVE-2018-8476 Windows Deployment Services TFTP Server 远程代码执行漏洞
Microsoft Windows CVE-2018-8592 Windows Elevation Of Privilege Vulnerability
Microsoft Windows CVE-2018-8549 Windows 安全功能绕过漏洞
Microsoft Windows CVE-2018-8550 Windows COM 特权提升漏洞
Microsoft Windows CVE-2018-8584 Windows ALPC 特权提升漏洞
Microsoft Windows ADV180028 Guidance for configuring BitLocker to enforce software encryption
Microsoft Windows Search Component CVE-2018-8450 Windows Search 远程代码执行漏洞
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates
Skype for Business and Microsoft Lync CVE-2018-8546 Microsoft Skype for Business 拒绝服务漏洞
Team Foundation Server CVE-2018-8602 Team Foundation Server Cross-site Scripting Vulnerability
Windows Audio Service CVE-2018-8454 Windows Audio Service 信息泄露漏洞
Windows Kernel CVE-2018-8589 Windows Win32k 特权提升漏洞
Windows Kernel CVE-2018-8408 Windows Kernel 信息泄露漏洞

 

修复建议

微软官方已经发布更新补丁,请及时进行补丁更新。

 

附件下载

微软发布11月补丁修复64个安全问题

Spread the word. Share this post!

Meet The Author

Leave Comment