【漏洞公告】微软“周二补丁日”—2017年9月

2017年9月12日，微软发布了针对各种产品已被确认和解决的漏洞的每月安全建议。 本月的安全公告解决了81个新漏洞，其中27个评级为严重级别，52个评级为高危，2个等级为中危。


本月微软公告中微软修复了一个.NET 0day漏洞，漏洞ID为CVE-2017-8759, 漏洞影响. NET 框架, 攻击者可以利用该漏洞进行远程代码执行，获取敏感数据或服务器权限，安全风险为高危，阿里云安全提示您关注，根据业务情况更新补丁。


具体详情如下：
    

• CVE-2017-8747 - Internet Explorer Memory Corruption Vulnerability
• CVE-2017-8749 - Internet Explorer Memory Corruption Vulnerability
• CVE-2017-8750 - Microsoft Browser Memory Corruption Vulnerability
• CVE-2017-8731 - Microsoft Edge Memory Corruption Vulnerability
• CVE-2017-8734 - Microsoft Edge Memory Corruption Vulnerability
• CVE-2017-8751 - Microsoft Edge Memory Corruption Vulnerability
• CVE-2017-8755 - Microsoft Edge Memory Corruption Vulnerability
• CVE-2017-8756 - Microsoft Edge Memory Corruption Vulnerability
• CVE-2017-11766 - Microsoft Edge Memory Corruption Vulnerability
• CVE-2017-8757 - Microsoft Edge Remote Code Execution Vulnerability
• CVE-2017-8696 - Microsoft Graphics Component Remote Code Execution
• CVE-2017-8728 - Microsoft PDF Remote Code Execution Vulnerability
• CVE-2017-8737 - Microsoft PDF Remote Code Execution Vulnerability
• CVE-2017-0161 - NetBIOS Remote Code Execution Vulnerability
• CVE-2017-8649 - Scripting Engine Memory Corruption Vulnerability
• CVE-2017-8660 - Scripting Engine Memory Corruption Vulnerability
• CVE-2017-8729 - Scripting Engine Memory Corruption Vulnerability
• CVE-2017-8738 - Scripting Engine Memory Corruption Vulnerability
• CVE-2017-8740 - Scripting Engine Memory Corruption Vulnerability
• CVE-2017-8741 - Scripting Engine Memory Corruption Vulnerability
• CVE-2017-8748 - Scripting Engine Memory Corruption Vulnerability
• CVE-2017-8752 - Scripting Engine Memory Corruption Vulnerability
• CVE-2017-8753 - Scripting Engine Memory Corruption Vulnerability
• CVE-2017-11764 - Scripting Engine Memory Corruption Vulnerability
• CVE-2017-8682 - Win32k Graphics Remote Code Execution Vulnerability
• CVE-2017-8686 - Windows DHCP Server Remote Code Execution Vulnerability
• CVE-2017-8676 - Windows GDI+ Information Disclosure Vulnerability

• CVE-2017-8759 - .NET Framework Remote Code Execution Vulnerability
• CVE-2017-9417 - Broadcom BCM43xx Remote Code Execution Vulnerability
• CVE-2017-8746 - Device Guard Security Feature Bypass Vulnerability
• CVE-2017-8695 - Graphics Component Information Disclosure Vulnerability
• CVE-2017-8704 - Hyper-V Denial of Service Vulnerability
• CVE-2017-8706 - Hyper-V Information Disclosure Vulnerability
• CVE-2017-8707 - Hyper-V Information Disclosure Vulnerability
• CVE-2017-8711 - Hyper-V Information Disclosure Vulnerability
• CVE-2017-8712 - Hyper-V Information Disclosure Vulnerability
• CVE-2017-8713 - Hyper-V Information Disclosure Vulnerability
• CVE-2017-8733 - Internet Explorer Spoofing Vulnerability
• CVE-2017-8628 - Microsoft Bluetooth Driver Spoofing Vulnerability
• CVE-2017-8736 - Microsoft Browser Information Disclosure Vulnerability
• CVE-2017-8597 - Microsoft Edge Information Disclosure Vulnerability
• CVE-2017-8643 - Microsoft Edge Information Disclosure Vulnerability
• CVE-2017-8648 - Microsoft Edge Information Disclosure Vulnerability
• CVE-2017-8754 - Microsoft Edge Security Feature Bypass Vulnerability
• CVE-2017-8724 - Microsoft Edge Spoofing Vulnerability
• CVE-2017-8758 - Microsoft Exchange Cross-Site Scripting Vulnerability
• CVE-2017-11761 - Microsoft Exchange Information Disclosure Vulnerability
• CVE-2017-8630 - Microsoft Office Memory Corruption Vulnerability
• CVE-2017-8631 - Microsoft Office Memory Corruption Vulnerability
• CVE-2017-8632 - Microsoft Office Memory Corruption Vulnerability
• CVE-2017-8744 - Microsoft Office Memory Corruption Vulnerability
• CVE-2017-8725 - Microsoft Office Publisher Remote Code Execution
• CVE-2017-8567 - Microsoft Office Remote Code Execution
• CVE-2017-8745 - Microsoft SharePoint Cross Site Scripting Vulnerability
• CVE-2017-8629 - Microsoft SharePoint XSS Vulnerability
• CVE-2017-8742 - PowerPoint Remote Code Execution Vulnerability
• CVE-2017-8743 - PowerPoint Remote Code Execution Vulnerability
• CVE-2017-8714 - Remote Desktop Virtual Host Remote Code Execution Vulnerability
• CVE-2017-8739 - Scripting Engine Information Disclosure Vulnerability
• CVE-2017-8692 - Uniscribe Remote Code Execution Vulnerability
• CVE-2017-8675 - Win32k Elevation of Privilege Vulnerability
• CVE-2017-8720 - Win32k Elevation of Privilege Vulnerability
• CVE-2017-8683 - Win32k Graphics Information Disclosure Vulnerability
• CVE-2017-8677 - Win32k Information Disclosure Vulnerability
• CVE-2017-8678 - Win32k Information Disclosure Vulnerability
• CVE-2017-8680 - Win32k Information Disclosure Vulnerability
• CVE-2017-8681 - Win32k Information Disclosure Vulnerability
• CVE-2017-8687 - Win32k Information Disclosure Vulnerability
• CVE-2017-8702 - Windows Elevation of Privilege Vulnerability
• CVE-2017-8684 - Windows GDI+ Information Disclosure Vulnerability
• CVE-2017-8685 - Windows GDI+ Information Disclosure Vulnerability
• CVE-2017-8688 - Windows GDI+ Information Disclosure Vulnerability
• CVE-2017-8710 - Windows Information Disclosure Vulnerability
• CVE-2017-8679 - Windows Kernel Information Disclosure Vulnerability
• CVE-2017-8708 - Windows Kernel Information Disclosure Vulnerability
• CVE-2017-8709 - Windows Kernel Information Disclosure Vulnerability
• CVE-2017-8719 - Windows Kernel Information Disclosure Vulnerability
• CVE-2017-8716 - Windows Security Feature Bypass Vulnerability
• CVE-2017-8699 - Windows Shell Remote Code Execution Vulnerability

• CVE-2017-8723 - Microsoft Edge Security Feature Bypass Vulnerability
• CVE-2017-8735 - Internet Explorer Memory Corruption Vulnerability

• 建议用户打开Windows Update功能，然后点击“检查更新”按钮，根据业务情况下载安装相关安全补丁;

• 安装完毕后重启服务器，检查系统运行情况。

• https://portal.msrc.microsoft.com/en-us/security-guidance
• http://blog.talosintelligence.com/2017/09/ms-tuesday.html