欢迎您来到腾讯云!积分商城

腾讯云腾讯云论坛

 找回密码
 立即注册
忘了密码?

扫一扫,访问微社区

快捷导航
搜索
查看: 2706|回复: 0

[安全通知] 关于微软11月安全补丁更新说明

[复制链接]

202

主题

0

好友

1万

积分

腾讯云论坛管理组

Rank: 20Rank: 20

云币
31230
威望
12933
发表于 2017-11-15 11:27:53 |显示全部楼层
尊敬的腾讯云客户:
  您好,本周二微软“补丁日微软官方发布了11月安全更新补丁,共修复了53个安全问题,其中包含严重漏洞更新19个,重要漏洞更新31个,中危漏洞更新3个,其中对云服务影响较大的分别为Microsoft Windows Kernel及ASP.NET Core and .NET Core组件的漏洞,攻击者利用这些漏洞可进行提权攻击或导致您的网站业务不可用。
       为避免您的业务受影响,腾讯云安全中心建议您及时开展安全自查,如在受影响范围,请您及时进行更新修复,避免被外部攻击者入侵。

【漏洞详情】
   此次发布的多个更新中,其中分值较高的漏洞为Microsoft Windows Kernel Privilege Escalation Vulnerability(CVE-2017-11847),该漏洞由于内存操作不正确导致,攻击者可能在受影响的应用上执行恶意代码进行提权利用。
   详细漏洞详细如下
CVE编号
漏洞名称
CVSS评分
CVE-2017-8700
Microsoft ASP.NET Core Information Disclosure Vulnerability
4.3
CVE-2017-11768
Microsoft Windows Media Player Information Disclosure Vulnerability
2.5
CVE-2017-11770
Microsoft ASP.NET Core Denial Of Service Vulnerability
5.9
CVE-2017-11788
Microsoft Windows Search Denial of Service Vulnerability
5.9
CVE-2017-11791
Microsoft Edge and Internet Explorer Scripting Engine Information Disclosure Vulnerability
4.3
CVE-2017-11803
Microsoft Edge Information Disclosure Vulnerability
4.3
CVE-2017-11827
Microsoft Edge and Internet Explorer Memory Corruption Vulnerability
7.5
CVE-2017-11830
Microsoft Windows Device Guard Security Feature Bypass Vulnerability
5.3
CVE-2017-11831
Microsoft Windows Kernel Information Disclosure Vulnerability
4.7
CVE-2017-11832
Microsoft Windows Embedded OpenType Font Engine Information Disclosure Vulnerability
4.7
CVE-2017-11833
Microsoft Edge Information Disclosure Vulnerability
4.3
CVE-2017-11834
Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability
4.3
CVE-2017-11835
Microsoft Windows Embedded OpenType Font Engine Information Disclosure Vulnerability
4.7
CVE-2017-11836
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11837
Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11838
Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11839
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11840
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11841
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11842
Microsoft Windows Kernel Information Disclosure Vulnerability
4.7
CVE-2017-11843
Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11844
Microsoft Edge Information Disclosure Vulnerability
4.3
CVE-2017-11845
Microsoft Edge Memory Corruption Vulnerability
4.2
CVE-2017-11846
Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11847
Microsoft Windows Kernel Privilege Escalation Vulnerability
7
CVE-2017-11848
Microsoft Internet Explorer Information Disclosure Vulnerability
4.3
CVE-2017-11849
Microsoft Windows Kernel Information Disclosure Vulnerability
4.7
CVE-2017-11850
Microsoft Windows Graphics Component Information Disclosure Vulnerability
4.7
CVE-2017-11851
Microsoft Windows Kernel Information Disclosure Vulnerability
4.7
CVE-2017-11852
Microsoft Windows Graphics Component Information Disclosure Vulnerability
4.7
CVE-2017-11853
Microsoft Windows Kernel Information Disclosure Vulnerability
4.7
CVE-2017-11854
Microsoft Word Memory Corruption Vulnerability
4.2
CVE-2017-11855
Microsoft Internet Explorer Memory Corruption Vulnerability
7.5
CVE-2017-11856
Microsoft Internet Explorer Memory Corruption Vulnerability
7.5
CVE-2017-11858
Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11861
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11862
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11863
Microsoft Edge Security Feature Bypass Vulnerability
4.2
CVE-2017-11866
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11869
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
7.5
CVE-2017-11870
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11871
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11872
Microsoft Edge Security Feature Bypass Vulnerability
4.3
CVE-2017-11873
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
4.2
CVE-2017-11874
Microsoft Edge Security Feature Bypass Vulnerability
4.2
CVE-2017-11876
Microsoft Project Privilege Escalation Vulnerability
8.8
CVE-2017-11877
Microsoft Excel Security Feature Bypass Vulnerability
4.4
CVE-2017-11878
Microsoft Excel Memory Corruption Vulnerability
4.2
CVE-2017-11879
Microsoft ASP.NET Core URL Redirection Vulnerability
4.3
CVE-2017-11880
Microsoft Windows Kernel Information Disclosure Vulnerability
4.7
CVE-2017-11882
Microsoft Office Memory Corruption Vulnerability
4.2
CVE-2017-11883
Microsoft ASP.NET Core Request Handling Denial Of Service Vulnerability
5.3
CVE-2017-11884
Microsoft Office Memory Corruption Vulnerability
4.2

【风险等级】
   高风险

【漏洞风险】
  远程DoS、信息泄露、权限绕过、内存错误;

【影响版本】
   此次微软发布的更新主要针对以下组件版本;
  1)Internet Explorer
  2)Microsoft Edge
  3)Microsoft Windows
  4)Microsoft Office and Microsoft Office Services and Web Apps
  5)ASP.NET Core and .NET Core
  6)Chakra Core


【修复建议】
  目前微软官方均已发布漏洞修复更新,腾讯云安全团队建议您:
   1)打开Windows Update更新功能,点击“检查更新”,根据业务情况下载安装相应的安全补丁;
   2)补丁更新完毕后,重启系统生效,并观察系统及业务运行状态;
   您也可以直接通过微软官方链接进行下载安装,补丁下载地址:
https://portal.msrc.microsoft.com/en-us/security-guidance
   【备注】:建议您在安装补丁前做好数据备份工作,避免出现意外
;

【漏洞参考】
  1)https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/bae9d0d8-e497-e711-80e5-000d3a32fc99
  2)https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-65453


2017/11/15
您需要登录后才可以回帖 登录 | 立即注册
您需要登录后才可以发帖 QQ登录

联系我们|腾讯云平台|积分商城|腾讯云官方论坛    

GMT+8, 2018-7-19 10:18 , Processed in 1.184040 second(s), 30 queries .

Powered by Discuz! X2.5

© 2001-2012 Comsenz Inc.

回顶部