【漏洞公告】微软“周二补丁日”—2018年02月
美国时间2018年02月13日,微软发布2018年2月的
安全
公告,
本月安全公告解决了54个新漏洞,其中14个被认为是关键的、38个是重要的、2个是中度的。这些漏洞影响Outlook、Edge浏览器、脚本引擎、应用程序容器、窗口等等。
本次公告中涉及到
CVE-2018-0850、
CVE-2018-0852两个严重漏洞均影响
Outlook,攻击者利用这两个漏洞,可以在当前用户的上下文中运行任意代码或发送精准构造的恶意电子邮件,架加载本地或远程信息。
阿里云
提示企业用户关注,并根据
自
身业务情况安排补丁升级。
具体公告详情如下:
漏洞影响范围: 涉及到的微软产品:
- Outlook
- Edge
- 脚本引擎
- 应用程序容器
- Windows窗口
严重漏洞
- CVE-2018-0763 - Microsoft Edge Information Disclosure Vulnerability
- CVE-2018-0825 - StructuredQuery Remote Code Execution Vulnerability
- CVE-2018-0834 - Scripting Engine Memory Corruption Vulnerability
- CVE-2018-0835 - Scripting Engine Memory Corruption Vulnerability
- CVE-2018-0837 - Scripting Engine Memory Corruption Vulnerability
- CVE-2018-0838 - Scripting Engine Memory Corruption Vulnerability
- CVE-2018-0840 - Scripting Engine Memory Corruption Vulnerability
- CVE-2018-0852 - Microsoft Outlook Memory Corruption Vulnerability
- CVE-2018-0856 - Scripting Engine Memory Corruption Vulnerability
- CVE-2018-0857 - Scripting Engine Memory Corruption Vulnerability
- CVE-2018-0858 - Scripting Engine Memory Corruption Vulnerability
- CVE-2018-0859 - Scripting Engine Memory Corruption Vulnerability
- CVE-2018-0860 - Scripting Engine Memory Corruption Vulnerability
- CVE-2018-0861 - Scripting Engine Memory Corruption Vulnerability
高危漏洞
- CVE-2018-0742 - Windows Kernel Elevation of Privilege Vulnerability
- CVE-2018-0755 - Windows EOT Font Engine Information Disclosure Vulnerability
- CVE-2018-0756 - Windows Kernel Elevation of Privilege Vulnerability
- CVE-2018-0757 - Windows Kernel Information Disclosure Vulnerability
- CVE-2018-0760 - Windows EOT Font Engine Information Disclosure Vulnerability
- CVE-2018-0761 - Windows EOT Font Engine Information Disclosure Vulnerability
- CVE-2018-0809 - Windows Kernel Elevation of Privilege Vulnerability
- CVE-2018-0810 - Windows Kernel Information Disclosure Vulnerability
- CVE-2018-0820 - Windows Kernel Elevation of Privilege Vulnerability
- CVE-2018-0821 - Windows AppContainer Elevation Of Privilege Vulnerability
- CVE-2018-0822 - Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability
- CVE-2018-0823 - Named Pipe File System Elevation of Privilege Vulnerability
- CVE-2018-0826 - Windows Storage Services Elevation of Privilege Vulnerability
- CVE-2018-0827 - Windows Security Feature Bypass Vulnerability
- CVE-2018-0828 - Windows Elevation of Privilege Vulnerability
- CVE-2018-0829 - Windows Kernel Information Disclosure Vulnerability
- CVE-2018-0830 - Windows Kernel Information Disclosure Vulnerability
- CVE-2018-0831 - Windows Kernel Elevation of Privilege Vulnerability
- CVE-2018-0832 - Windows Kernel Information Disclosure Vulnerability
- CVE-2018-0836 - Scripting Engine Memory Corruption Vulnerability
- CVE-2018-0839 - Microsoft Edge Information Disclosure Vulnerability
- CVE-2018-0841 - Microsoft Excel Remote Code Execution Vulnerability
- CVE-2018-0842 - Windows Remote Code Execution Vulnerability
- CVE-2018-0843 - Windows Kernel Information Disclosure Vulnerability
- CVE-2018-0844 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
- CVE-2018-0845 - Microsoft Office Memory Corruption Vulnerability
- CVE-2018-0846 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
- CVE-2018-0847 - Scripting Engine Memory Corruption Vulnerability
- CVE-2018-0848 - Microsoft Office Memory Corruption Vulnerability
- CVE-2018-0849 - Microsoft Office Memory Corruption Vulnerability
- CVE-2018-0850 - Microsoft Outlook Elevation of Privilege Vulnerability
- CVE-2018-0851 - Microsoft Office Memory Corruption Vulnerability
- CVE-2018-0853 - Microsoft Office Information Disclosure Vulnerability
- CVE-2018-0855 - Windows EOT Font Engine Information Disclosure Vulnerability
- CVE-2018-0862 - Microsoft Office Memory Corruption Vulnerability
- CVE-2018-0864 - Microsoft SharePoint Elevation of Privilege Vulnerability
- CVE-2018-0866 - Scripting Engine Memory Corruption Vulnerability
- CVE-2018-0869 - Microsoft SharePoint Elevation of Privilege Vulnerability
安全建议:
- 阿里云安全团队建议用户关注,并根据业务情况择机更新补丁,以提高服务器安全性;
- 建议不要在企业业务系统上安装与业务无关的软件,例如:Office、其他办公软件。防止被黑客利用;
- 建议用户打开Windows Update功能,然后点击“检查更新”按钮,根据业务情况下载安装相关安全补丁,安装完毕后重启服务器,检查系统运行情况。
注意:在更新安装升级前,建议做好测试工作,并务必做好数据备份和快照,防止出现意外。
情报来源:
- http://blog.talosintelligence.com/2018/02/ms-tuesday.html
展开
收起
版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
相关问答
问答排行榜
最热
最新
推荐问答
