【漏洞公告】微软“周二补丁日”—2018年03月

美国时间2018年03月13日，微软发布2018年3月的 安全 公告。 本月的咨询发布涉及74个新漏洞，其中14个评级为重要，其中59个评级为重要。 这些漏洞影响Internet Explorer，Edge，Exchange，脚本引擎，Windows Shell等。
其中包括2个重要的远程命令执行漏洞：

• CVE-2018-0883：Shell远程执行代码漏洞

• CVE-2018-0886-CredSSP协议远程执行命令漏洞

• Internet Explorer
• Exchange
• Windows Shell
• Edge
• 脚本引擎

• CVE-2018-0872 - Chakra Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0874 - Chakra Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0876 - Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0889 - Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0893 - Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0925 - Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0930 - Chakra Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0931 - Chakra Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0932 - Microsoft Browser Information Disclosure Vulnerability
• CVE-2018-0933 - Chakra Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0934 - Chakra Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0936 - Chakra Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0937 - Chakra Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0939 - Scripting Engine Information Disclosure Vulnerability

• CVE-2018-0877 - Windows Desktop Bridge VFS Elevation of Privilege Vulnerability
• CVE-2018-0878 - Windows Remote Assistance Information Disclosure Vulnerability
• CVE-2018-0879 - Microsoft Edge Information Disclosure Vulnerability
• CVE-2018-0880 - Windows Desktop Bridge Elevation of Privilege Vulnerability
• CVE-2018-0881 - Microsoft Video Control Elevation of Privilege Vulnerability
• CVE-2018-0882 - Windows Desktop Bridge Elevation of Privilege Vulnerability
• CVE-2018-0883 - Windows Shell Remote Code Execution Vulnerability
• CVE-2018-0787 - ASP.NET Core Elevation Of Privilege Vulnerability
• CVE-2018-0808 - ASP.NET Core Denial Of Service Vulnerability
• CVE-2018-0811 - Windows Kernel Information Disclosure Vulnerability
• CVE-2018-0813 - Windows Kernel Information Disclosure Vulnerability
• CVE-2018-0814 - Windows Kernel Information Disclosure Vulnerability
• CVE-2018-0815 - Windows GDI Elevation of Privilege Vulnerability
• CVE-2018-0816 - Windows GDI Elevation of Privilege Vulnerability
• CVE-2018-0817 - Windows GDI Elevation of Privilege Vulnerability
• CVE-2018-0868 - Windows Installer Elevation of Privilege Vulnerability
• CVE-2018-0873 - Chakra Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0875 - ASP.NET Core Denial of Service Vulnerability
• CVE-2018-0884 - Windows Security Feature Bypass Vulnerability
• CVE-2018-0885 - Windows Hyper-V Denial of Service Vulnerability
• CVE-2018-0886 - CredSSP Remote Code Execution Vulnerability
• CVE-2018-0888 - Hyper-V Information Disclosure Vulnerability
• CVE-2018-0891 - Microsoft Browser Information Disclosure Vulnerability
• CVE-2018-0894 - Windows Kernel Information Disclosure Vulnerability
• CVE-2018-0895 - Windows Kernel Information Disclosure Vulnerability
• CVE-2018-0896 - Windows Kernel Information Disclosure Vulnerability
• CVE-2018-0897 - Windows Kernel Information Disclosure Vulnerability
• CVE-2018-0898 - Windows Kernel Information Disclosure Vulnerability
• CVE-2018-0899 - Windows Kernel Information Disclosure Vulnerability
• CVE-2018-0900 - Windows Kernel Information Disclosure Vulnerability
• CVE-2018-0901 - Windows Kernel Information Disclosure Vulnerability
• CVE-2018-0902 - CNG Security Feature Bypass Vulnerability
• CVE-2018-0903 - Microsoft Access Remote Code Execution Vulnerability
• CVE-2018-0904 - Windows Kernel Information Disclosure Vulnerability
• CVE-2018-0907 - Microsoft Office Excel Security Feature Bypass
• CVE-2018-0909 - Microsoft SharePoint Elevation of Privilege Vulnerability
• CVE-2018-0910 - Microsoft SharePoint Elevation of Privilege Vulnerability
• CVE-2018-0911 - Microsoft SharePoint Elevation of Privilege Vulnerability
• CVE-2018-0912 - Microsoft SharePoint Elevation of Privilege Vulnerability
• CVE-2018-0913 - Microsoft SharePoint Elevation of Privilege Vulnerability
• CVE-2018-0914 - Microsoft SharePoint Elevation of Privilege Vulnerability
• CVE-2018-0915 - Microsoft SharePoint Elevation of Privilege Vulnerability
• CVE-2018-0916 - Microsoft SharePoint Elevation of Privilege Vulnerability
• CVE-2018-0917 - Microsoft SharePoint Elevation of Privilege Vulnerability
• CVE-2018-0919 - Microsoft Office Information Disclosure Vulnerability
• CVE-2018-0921 - Microsoft SharePoint Elevation of Privilege Vulnerability
• CVE-2018-0922 - Microsoft Office Memory Corruption Vulnerability
• CVE-2018-0923 - Microsoft SharePoint Elevation of Privilege Vulnerability
• CVE-2018-0926 - Windows Kernel Information Disclosure Vulnerability
• CVE-2018-0927 - Microsoft Browser Information Disclosure Vulnerability
• CVE-2018-0929 - Internet Explorer Information Disclosure Vulnerability
• CVE-2018-0935 - Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0940 - Microsoft Exchange Elevation of Privilege Vulnerability
• CVE-2018-0941 - Microsoft Exchange Information Disclosure Vulnerability
• CVE-2018-0942 - Internet Explorer Elevation of Privilege Vulnerability
• CVE-2018-0944 - Microsoft SharePoint Elevation of Privilege Vulnerability
• CVE-2018-0947 - Microsoft Sharepoint Elevation of Privilege Vulnerability
• CVE-2018-0977 - Win32k Elevation of Privilege Vulnerability
• CVE-2018-0983 - Windows Storage Services Elevation of Privilege Vulnerability

1. 阿里云安全团队建议用户关注，并根据业务情况择机更新补丁，以提高服务器安全性；
2. 建议不要在企业业务系统上安装与业务无关的软件，例如：Office、其他办公软件。防止被黑客利用；
3. 建议用户打开Windows Update功能，然后点击“检查更新”按钮，根据业务情况下载安装相关安全补丁，安装完毕后重启服务器，检查系统运行情况。

• http://blog.talosintelligence.com/2018/03/ms-tuesday.html