微软于周二发布了11月安全更新补丁,修复了64个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Core、Active Directory、Adobe Flash Player、Azure、BitLocker、Internet Explorer、Microsoft Drivers、Microsoft Dynamics、Microsoft Edge、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft JScript、Microsoft Office、Microsoft Office SharePoint、Microsoft PowerShell、Microsoft RPC、Microsoft Scripting Engine、Microsoft Windows、Microsoft Windows Search Component、Servicing Stack Updates、Skype for Business and Microsoft Lync、Team Foundation Server、Windows Audio Service以及Windows Kernel。
漏洞概述
相关信息如下:
| 产品 | CVE 编号 | CVE 标题 |
| .NET Core | CVE-2018-8416 | .NET Core Tampering Vulnerability |
| Active Directory | CVE-2018-8547 | Active Directory Federation Services XSS Vulnerability |
| Adobe Flash Player | ADV180025 | November 2018 Adobe Flash 安全更新 |
| Azure | CVE-2018-8600 | Azure App Service Cross-site Scripting Vulnerability |
| BitLocker | CVE-2018-8566 | BitLocker 安全功能绕过漏洞 |
| Internet Explorer | CVE-2018-8570 | Internet Explorer 内存破坏漏洞 |
| Microsoft Drivers | CVE-2018-8471 | Microsoft RemoteFX Virtual GPU miniport driver 特权提升漏洞 |
| Microsoft Dynamics | CVE-2018-8605 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2018-8606 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2018-8607 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2018-8608 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2018-8609 | Microsoft Dynamics 365 (on-premises) version 8 远程代码执行漏洞 |
| Microsoft Edge | CVE-2018-8564 | Microsoft Edge 欺骗漏洞 |
| Microsoft Edge | CVE-2018-8545 | Microsoft Edge 信息泄露漏洞 |
| Microsoft Edge | CVE-2018-8567 | Microsoft Edge 特权提升漏洞 |
| Microsoft Exchange Server | CVE-2018-8581 | Microsoft Exchange Server 特权提升漏洞 |
| Microsoft Graphics Component | CVE-2018-8485 | DirectX 特权提升漏洞 |
| Microsoft Graphics Component | CVE-2018-8553 | Microsoft Graphics Components 远程代码执行漏洞 |
| Microsoft Graphics Component | CVE-2018-8554 | DirectX 特权提升漏洞 |
| Microsoft Graphics Component | CVE-2018-8561 | DirectX 特权提升漏洞 |
| Microsoft Graphics Component | CVE-2018-8562 | Win32k 特权提升漏洞 |
| Microsoft Graphics Component | CVE-2018-8563 | DirectX 信息泄露漏洞 |
| Microsoft Graphics Component | CVE-2018-8565 | Win32k 信息泄露漏洞 |
| Microsoft JScript | CVE-2018-8417 | Microsoft JScript 安全功能绕过漏洞 |
| Microsoft Office | CVE-2018-8522 | Microsoft Outlook 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8576 | Microsoft Outlook 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8524 | Microsoft Outlook 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8539 | Microsoft Word 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8558 | Microsoft Outlook 信息泄露漏洞 |
| Microsoft Office | CVE-2018-8573 | Microsoft Word 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8574 | Microsoft Excel 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8575 | Microsoft Project 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8582 | Microsoft Outlook 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8577 | Microsoft Excel 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8579 | Microsoft Outlook 信息泄露漏洞 |
| Microsoft Office SharePoint | CVE-2018-8572 | Microsoft SharePoint 特权提升漏洞 |
| Microsoft Office SharePoint | CVE-2018-8568 | Microsoft SharePoint 特权提升漏洞 |
| Microsoft Office SharePoint | CVE-2018-8578 | Microsoft SharePoint 信息泄露漏洞 |
| Microsoft PowerShell | CVE-2018-8256 | Microsoft PowerShell 远程代码执行漏洞 |
| Microsoft PowerShell | CVE-2018-8415 | Microsoft PowerShell Tampering Vulnerability |
| Microsoft RPC | CVE-2018-8407 | MSRPC 信息泄露漏洞 |
| Microsoft Scripting Engine | CVE-2018-8588 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8541 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8542 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8543 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8544 | Windows VBScript Engine 远程代码执行漏洞 |
| Microsoft Scripting Engine | CVE-2018-8551 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8552 | Windows Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8555 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8556 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8557 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Windows | CVE-2018-8476 | Windows Deployment Services TFTP Server 远程代码执行漏洞 |
| Microsoft Windows | CVE-2018-8592 | Windows Elevation Of Privilege Vulnerability |
| Microsoft Windows | CVE-2018-8549 | Windows 安全功能绕过漏洞 |
| Microsoft Windows | CVE-2018-8550 | Windows COM 特权提升漏洞 |
| Microsoft Windows | CVE-2018-8584 | Windows ALPC 特权提升漏洞 |
| Microsoft Windows | ADV180028 | Guidance for configuring BitLocker to enforce software encryption |
| Microsoft Windows Search Component | CVE-2018-8450 | Windows Search 远程代码执行漏洞 |
| Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates |
| Skype for Business and Microsoft Lync | CVE-2018-8546 | Microsoft Skype for Business 拒绝服务漏洞 |
| Team Foundation Server | CVE-2018-8602 | Team Foundation Server Cross-site Scripting Vulnerability |
| Windows Audio Service | CVE-2018-8454 | Windows Audio Service 信息泄露漏洞 |
| Windows Kernel | CVE-2018-8589 | Windows Win32k 特权提升漏洞 |
| Windows Kernel | CVE-2018-8408 | Windows Kernel 信息泄露漏洞 |
修复建议
微软官方已经发布更新补丁,请及时进行补丁更新。