开发者社区> 问答> 正文

【漏洞公告】微软“周二补丁日”—2018年02月

美国时间2018年02月13日,微软发布2018年2月的 安全 公告, 本月安全公告解决了54个新漏洞,其中14个被认为是关键的、38个是重要的、2个是中度的。这些漏洞影响Outlook、Edge浏览器、脚本引擎、应用程序容器、窗口等等。


本次公告中涉及到 CVE-2018-0850、 CVE-2018-0852两个严重漏洞均影响 Outlook,攻击者利用这两个漏洞,可以在当前用户的上下文中运行任意代码或发送精准构造的恶意电子邮件,架加载本地或远程信息。


阿里云 提示企业用户关注,并根据 身业务情况安排补丁升级。



具体公告详情如下:                  


漏洞影响范围: 涉及到的微软产品:
  • Outlook
  • Edge
  • 脚本引擎
  • 应用程序容器
  • Windows窗口

严重漏洞
  • CVE-2018-0763 - Microsoft Edge Information Disclosure Vulnerability
  • CVE-2018-0825 - StructuredQuery Remote Code Execution Vulnerability
  • CVE-2018-0834 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0835 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0837 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0838 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0840 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0852 - Microsoft Outlook Memory Corruption Vulnerability
  • CVE-2018-0856 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0857 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0858 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0859 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0860 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0861 - Scripting Engine Memory Corruption Vulnerability

高危漏洞

  • CVE-2018-0742 - Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2018-0755 - Windows EOT Font Engine Information Disclosure Vulnerability
  • CVE-2018-0756 - Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2018-0757 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2018-0760 - Windows EOT Font Engine Information Disclosure Vulnerability
  • CVE-2018-0761 - Windows EOT Font Engine Information Disclosure Vulnerability
  • CVE-2018-0809 - Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2018-0810 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2018-0820 - Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2018-0821 - Windows AppContainer Elevation Of Privilege Vulnerability
  • CVE-2018-0822 - Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability
  • CVE-2018-0823 - Named Pipe File System Elevation of Privilege Vulnerability
  • CVE-2018-0826 - Windows Storage Services Elevation of Privilege Vulnerability
  • CVE-2018-0827 - Windows Security Feature Bypass Vulnerability
  • CVE-2018-0828 - Windows Elevation of Privilege Vulnerability
  • CVE-2018-0829 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2018-0830 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2018-0831 - Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2018-0832 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2018-0836 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0839 - Microsoft Edge Information Disclosure Vulnerability
  • CVE-2018-0841 - Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2018-0842 - Windows Remote Code Execution Vulnerability
  • CVE-2018-0843 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2018-0844 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
  • CVE-2018-0845 - Microsoft Office Memory Corruption Vulnerability
  • CVE-2018-0846 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
  • CVE-2018-0847 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0848 - Microsoft Office Memory Corruption Vulnerability
  • CVE-2018-0849 - Microsoft Office Memory Corruption Vulnerability
  • CVE-2018-0850 - Microsoft Outlook Elevation of Privilege Vulnerability
  • CVE-2018-0851 - Microsoft Office Memory Corruption Vulnerability
  • CVE-2018-0853 - Microsoft Office Information Disclosure Vulnerability
  • CVE-2018-0855 - Windows EOT Font Engine Information Disclosure Vulnerability
  • CVE-2018-0862 - Microsoft Office Memory Corruption Vulnerability
  • CVE-2018-0864 - Microsoft SharePoint Elevation of Privilege Vulnerability
  • CVE-2018-0866 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0869 - Microsoft SharePoint Elevation of Privilege Vulnerability


安全建议:
  1. 阿里云安全团队建议用户关注,并根据业务情况择机更新补丁,以提高服务器安全性;
  2. 建议不要在企业业务系统上安装与业务无关的软件,例如:Office、其他办公软件。防止被黑客利用;
  3. 建议用户打开Windows Update功能,然后点击“检查更新”按钮,根据业务情况下载安装相关安全补丁,安装完毕后重启服务器,检查系统运行情况。

注意:在更新安装升级前,建议做好测试工作,并务必做好数据备份和快照,防止出现意外。
情报来源:
  • http://blog.talosintelligence.com/2018/02/ms-tuesday.html


展开
收起
正禾 2018-02-17 19:01:00 10632 0
0 条回答
写回答
取消 提交回答
问答排行榜
最热
最新

相关电子书

更多
代码未写,漏洞已出 立即下载
低代码开发师(初级)实战教程 立即下载
阿里巴巴DevOps 最佳实践手册 立即下载