【安全通告】微软发布11月补丁修复64个安全问题

作者:广州非凡信息安全技术有限公司(总部广州) | 国际 2018/12/18 11:51:40 669

【安全通告】微软发布11月补丁修复64个安全问题
26e842c6cef3a5c6a1430e800759dc36.png
微软于周二发布了11月安全更新补丁,修复了64个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Core、Active Directory、Adobe Flash Player、Azure、BitLocker、Internet Explorer、Microsoft Drivers、Microsoft Dynamics、Microsoft Edge、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft JScript、Microsoft Office、Microsoft Office SharePoint、Microsoft PowerShell、Microsoft RPC、Microsoft Scripting Engine、Microsoft Windows、Microsoft Windows Search Component、Servicing Stack Updates、Skype for Business and Microsoft Lync、Team Foundation Server、Windows Audio Service以及Windows Kernel。

漏洞概述

相关信息如下:


产品

 

CVE 编号


CVE 标题

 
 

.NET Core

 

CVE-2018-8416

 

.NET Core Tampering Vulnerability

 

Active Directory

CVE-2018-8547

 

Active Directory Federation Services XSS Vulnerability

Adobe Flash Player

  ADV180025

  November 2018 Adobe Flash 安全更新

 

Azure

 

CVE-2018-8600

 

Azure App Service Cross-site Scripting Vulnerability

 

BitLocker

CVE-2018-8566

  BitLocker 安全功能绕过漏洞

 

Internet Explorer

 

CVE-2018-8570

 

Internet Explorer 内存破坏漏洞

 

Microsoft Drivers

 

CVE-2018-8471

 

Microsoft RemoteFX Virtual GPU miniport driver 特权提升漏洞

 

Microsoft Dynamics

 

CVE-2018-8605

 

Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability

 

Microsoft Dynamics

CVE-2018-8606

 

Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability

Microsoft Dynamics

CVE-2018-8607 

Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability

  Microsoft Dynamics

  CVE-2018-8608

 

Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability

 

Microsoft Dynamics

 

CVE-2018-8609

 

Microsoft Dynamics 365 (on-premises) version 8 远程代码执行漏洞

 

Microsoft Edge

 

CVE-2018-8564

 

Microsoft Edge 欺骗漏洞

 

Microsoft Edge

 

CVE-2018-8545

 

Microsoft Edge 信息泄露漏洞

 

Microsoft Edge

 

CVE-2018-8567

Microsoft Edge 特权提升漏洞

 

Microsoft Exchange Server

 

CVE-2018-8581

Microsoft Exchange Server 特权提升漏洞

 

Microsoft Graphics Component

 

CVE-2018-8485

 

DirectX 特权提升漏洞

 

Microsoft Graphics Component

 

CVE-2018-8553

 

Microsoft Graphics Components 远程代码执行漏洞

 

Microsoft Graphics Component

 

CVE-2018-8554

 

DirectX 特权提升漏洞

 

Microsoft Graphics Component

 

CVE-2018-8561

DirectX 特权提升漏洞

Microsoft Graphics Component

CVE-2018-8562

 

Win32k 特权提升漏洞

 

Microsoft Graphics Component

 

CVE-2018-8563

 

DirectX 信息泄露漏洞

 

Microsoft Graphics Component

 

CVE-2018-8565

 

Win32k 信息泄露漏洞

 

Microsoft JScript

 

CVE-2018-8417

 

Microsoft JScript 安全功能绕过漏洞

 

Microsoft Office

 

CVE-2018-8522

Microsoft Outlook 远程代码执行漏洞

 

Microsoft Office

 

CVE-2018-8576

 

Microsoft Outlook 远程代码执行漏洞

  Microsoft Office

 

CVE-2018-8524

 

Microsoft Outlook 远程代码执行漏洞

Microsoft Office

 

CVE-2018-8539

 

Microsoft Word 远程代码执行漏洞

Microsoft Office

 

CVE-2018-8558

 

Microsoft Outlook 信息泄露漏洞

 

Microsoft Office

CVE-2018-8573

 

Microsoft Word 远程代码执行漏洞

 

Microsoft Office

 

CVE-2018-8574

 

Microsoft Excel 远程代码执行漏洞

 

Microsoft Office

CVE-2018-8575

 

Microsoft Project 远程代码执行漏洞

 

Microsoft Office

 

CVE-2018-8582

 

Microsoft Outlook 远程代码执行漏洞

 

Microsoft Office

CVE-2018-8577

 

Microsoft Excel 远程代码执行漏洞

 

Microsoft Office

 

CVE-2018-8579

 

Microsoft Outlook 信息泄露漏洞

 

Microsoft Office SharePoint

 

CVE-2018-8572

 

Microsoft SharePoint 特权提升漏洞

 

Microsoft Office SharePoint

 

CVE-2018-8568

 

Microsoft SharePoint 特权提升漏洞

Microsoft Office SharePoint

 

CVE-2018-8578

 

Microsoft SharePoint 信息泄露漏洞

Microsoft PowerShell

 

CVE-2018-8256

 

Microsoft PowerShell 远程代码执行漏洞

 

Microsoft PowerShell

 

CVE-2018-8415

 

Microsoft PowerShell Tampering Vulnerability

 

Microsoft RPC

 

CVE-2018-8407

MSRPC 信息泄露漏洞

Microsoft Scripting Engine

 

CVE-2018-8588

Chakra Scripting Engine 内存破坏漏洞

 

Microsoft Scripting Engine

CVE-2018-8541

 

Chakra Scripting Engine 内存破坏漏洞

 

Microsoft Scripting Engine

CVE-2018-8542

 

Chakra Scripting Engine 内存破坏漏洞

 

Microsoft Scripting Engine

 

CVE-2018-8543

 

Chakra Scripting Engine 内存破坏漏洞


 

Microsoft Scripting Engine

 

CVE-2018-8544

  Windows VBScript Engine 远程代码执行漏洞

 

Microsoft Scripting Engine

 

CVE-2018-8551

Chakra Scripting Engine 内存破坏漏洞

 

Microsoft Scripting Engine

 

CVE-2018-8552

  Windows VBScript Engine 远程代码执行漏洞

 

Microsoft Scripting Engine

 

CVE-2018-8555

  Chakra Scripting Engine 内存破坏漏洞

 

Microsoft Scripting Engine

 

CVE-2018-8556

  Chakra Scripting Engine 内存破坏漏洞

 

Microsoft Scripting Engine

CVE-2018-8557

  Chakra Scripting Engine 内存破坏漏洞

修复建议

微软官方已经发布更新补丁,请及时进行补丁更新。


推荐关注

指导单位
广东省公安厅网络警察总队 广东省信息安全等级保护协调小组办公室