欢迎您来到腾讯云!积分商城

腾讯云腾讯云论坛

 找回密码
 立即注册
忘了密码?

扫一扫,访问微社区

快捷导航
搜索
查看: 392|回复: 0

[安全通知] 关于微软10月安全补丁更新说明

[复制链接]

154

主题

0

好友

9743

积分

腾讯云论坛管理组

Rank: 20Rank: 20

云币
22510
威望
9743
发表于 2017-10-11 13:09:55 |显示全部楼层
尊敬的腾讯云客户:
   您好!本周二微软“补丁日”,微软官方发布了10月安全更新补丁,共修复了62个安全问题,产品涉及Internet Explorer、Microsoft Edge、.NET Framework、Microsoft Windows、Microsoft Office、Microsoft Windows PDF、Windows Hyper-V以及Adobe Flash Player。其中对服务器端影响较大的漏洞2个,分别为Windows DNSAPI 远程代码执行漏洞 CVE-2017-11779和Windows SMB 远程代码执行漏洞CVE-2017-11780,攻击者利用成功可远程控制您的服务器。
       为避免您的业务受影响,腾讯云安全中心建议您及时开展安全自查,如在受影响范围,请您及时进行更新修复,避免被外部攻击者入侵。

【漏洞详情】
  Windows DNS Client 的堆溢出漏洞(CVE-2017-11779)对DNS服务影响较大,该漏洞存在于 DNSAPI.dll,特殊构造的 DNS 响应数据包可以触发,成功利用可以实现 SYSTEM 权限的远程代码执行。
  漏洞详情介绍如下:
CVE ID
漏洞名称
CVSS评分
CVE-2017-11762
Microsoft Windows Graphics Arbitrary Code Execution Vulnerability
8.1
CVE-2017-11763
Microsoft Windows Graphics Arbitrary Code Execution Vulnerability
8.1
CVE-2017-11771
Microsoft Windows Search Arbitrary Code Execution Vulnerability
8.1
CVE-2017-11779
Microsoft Windows DNSAPI Arbitrary Code Execution Vulnerability
8.1
CVE-2017-11780
Microsoft Windows Server Message Block Arbitrary Code Execution Vulnerability
8.1
CVE-2017-11782
Microsoft Windows Server Message Block Privilege Escalation Vulnerability
7.5
CVE-2017-11810
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
7.5
CVE-2017-11813
Microsoft Internet Explorer Memory Corruption Vulnerability
7.5
CVE-2017-11819
Microsoft Windows Shell Memory Corruption Vulnerability
7.5
CVE-2017-11822
Microsoft Internet Explorer Memory Corruption Vulnerability
7.5
CVE-2017-8727
Microsoft Windows Shell Memory Corruption Vulnerability
7.5
CVE-2017-8717
Microsoft Windows JET Database Engine Arbitrary Code Execution Vulnerability
7.1
CVE-2017-8718
Microsoft Windows JET Database Engine Arbitrary Code Execution Vulnerability
7.1
CVE-2017-11781
Microsoft Windows Server Message Block Denial of Service Vulnerability
7
CVE-2017-11783
Microsoft Windows Privilege Escalation Vulnerability
7
CVE-2017-11824
Microsoft Windows Graphics Component Privilege Escalation Vulnerability
7
CVE-2017-8689
Microsoft Windows Kernel-Mode Driver Privilege Escalation Vulnerability
7
CVE-2017-8694
Microsoft Windows Kernel-Mode Driver Privilege Escalation Vulnerability
7
CVE-2017-11776
Microsoft Windows Universal Outlook Information Disclosure Vulnerability
6.5
CVE-2017-11815
Microsoft Windows Server Message Block Information Disclosure Vulnerability
6.4
CVE-2017-11823
Microsoft Windows Device Guard Security Feature Bypass Vulnerability
6.3
CVE-2017-11772
Microsoft Windows Search Service Information Disclosure Vulnerability
5.9
CVE-2017-11765
Microsoft Windows Kernel Information Disclosure Vulnerability
5.5
CVE-2017-11814
Microsoft Windows Kernel Information Disclosure Vulnerability
5.5
CVE-2017-11816
Microsoft Windows Graphics Device Interface+ Information Disclosure Vulnerability
5.5
CVE-2017-8693
Microsoft Windows Graphics Information Disclosure Vulnerability
5.5
CVE-2017-11829
Microsoft Windows Update Delivery Optimization Privilege Escalation Vulnerability
5.5
CVE-2017-11775
Microsoft SharePoint Cross-Site Scripting Vulnerability
5.4
CVE-2017-11777
Microsoft SharePoint Cross-Site Scripting Vulnerability
5.4
CVE-2017-11820
Microsoft SharePoint Cross-Site Scripting Vulnerability
5.4
CVE-2017-8715
Microsoft Windows Device Guard Security Feature Bypass Vulnerability
5.3
CVE-2017-8703
Microsoft Windows Subsystem for Linux Denial of Service Vulnerability
5
CVE-2017-11784
Microsoft Windows Kernel Information Disclosure Vulnerability
4.7
CVE-2017-11785
Microsoft Windows Kernel Information Disclosure Vulnerability
4.7
CVE-2017-11817
Microsoft Windows Kernel Information Disclosure Vulnerability
4.7
CVE-2017-11818
Microsoft Windows Storage Security Feature Bypass Vulnerability
4.5
CVE-2017-11786
Microsoft Skype for Business Elevation of Privilege Vulnerability
4.3
CVE-2017-11790
Microsoft Internet Explorer Information Disclosure Vulnerability
4.3
CVE-2017-11794
Microsoft Edge Information Disclosure Vulnerability
4.3
CVE-2017-8726
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.3
CVE-2017-11769
Microsoft Windows TRIE Arbitrary Code Execution Vulnerability
4.2
CVE-2017-11774
Microsoft Outlook Security Feature Bypass Vulnerability
4.2
CVE-2017-11792
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11793
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11796
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11798
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11799
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11800
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11802
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11804
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11805
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11806
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11807
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11808
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11809
Microsoft Edge and Internet Explorer Memory Corruption Vulnerability
4.2
CVE-2017-11811
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11812
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11821
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11826
Microsoft Office Memory Corruption Vulnerability
4.2
CVE-2017-11801
Microsoft ChakraCore Memory Corruption Vulnerability
4.2
CVE-2017-11825
Microsoft Office Memory Corruption Vulnerability
4.2
CVE-2017-11797
Microsoft ChakraCore Memory Corruption Vulnerability
4.2

【风险等级】
   高风险

【漏洞风险】
   可导致远程代码执行、内存破坏及信息泄露等问题;

【影响版本】
目前已知受影响操作系统版本如下:
  1)Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
  2)Microsoft Windows Server 2008 R2 for x64-based Systems SP1
  3)Microsoft Windows Server 2008 for 32-bit Systems SP2
  4)Microsoft Windows Server 2008 for Itanium-based Systems SP2
  5)Microsoft Windows Server 2008 for x64-based Systems SP2
  6)Microsoft Windows Server 2012
  7)Microsoft Windows Server 2012 R2
  8)Microsoft Windows Server 2016

【修复建议】
   目前微软官方均已经提供了漏洞修复更新,腾讯云安全团队建议您:
   1)打开Windows Update更新功能,点击“检查更新”,根据业务情况下载安装相应的安全补丁。
   2)补丁更新完毕后,重启系统生效,并观察系统及业务运行状态。
   您也可以直接通过微软官方链接进行下载安装,补丁下载地址:https://portal.msrc.microsoft.com/en-us/security-guidance
   【备注】:建议您在安装补丁前做好数据备份工作,避免出现意外。

【漏洞参考】
  1)https://blogs.technet.microsoft.com/msrc/tag/security-advisory/
  2)https://portal.msrc.microsoft.com/en-us/security-guidance


2017/10/11
您需要登录后才可以回帖 登录 | 立即注册
您需要登录后才可以发帖 QQ登录

联系我们|腾讯云平台|积分商城|腾讯云官方论坛    

GMT+8, 2017-10-22 10:55 , Processed in 1.181058 second(s), 30 queries .

Powered by Discuz! X2.5

© 2001-2012 Comsenz Inc.

回顶部