欢迎您来到腾讯云!积分商城

腾讯云腾讯云论坛

 找回密码
 立即注册
忘了密码?

扫一扫,访问微社区

快捷导航
搜索
查看: 966|回复: 1

[安全通知] 关于微软2018年7月安全补丁更新说明

[复制链接]

219

主题

0

好友

1万

积分

腾讯云论坛管理组

Rank: 20Rank: 20

云币
33930
威望
13983
发表于 2018-7-11 19:57:22 |显示全部楼层
尊敬的腾讯云客户:
   您好,近日,腾讯云安全中心监测到微软近期发布了7月安全补丁更新,共披露了 53 个安全漏洞,其中包含 17 个严重漏洞,攻击者可利用漏洞实施权限提升、远程代码执行等攻击。
       为避免您的业务受影响,腾讯云安全中心建议您及时开展安全自查,如在受影响范围,请您及时进行更新修复,避免被外部攻击者入侵。

【漏洞详情】
严重漏洞如下(17个):
CVE-2018-8242 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8262 - Microsoft Edge Memory Corruption Vulnerability
CVE-2018-8274 - Microsoft Edge Memory Corruption Vulnerability
CVE-2018-8275 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8279 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8280 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8283 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8286 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8288 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8290 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8291 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8294 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8296 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8298 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8301 - Microsoft Edge Memory Corruption Vulnerability
CVE-2018-8324 - Microsoft Edge Information Disclosure Vulnerability
CVE-2018-8327 - PowerShell Editor Services Remote Code Execution Vulnerability

重要漏洞列表(34个):
CVE-2018-0949 - Internet Explorer Security Feature Bypass Vulnerability
CVE-2018-8125 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8171 - ASP.NET Core Security Feature Bypass Vulnerability
CVE-2018-8172 - Visual Studio Remote Code Execution Vulnerability
CVE-2018-8202 - .NET Framework Elevation of Privilege Vulnerability
CVE-2018-8206 - Windows FTP Server Denial of Service Vulnerability
CVE-2018-8222 - Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2018-8238 - Skype for Business and Lync Security Feature Bypass Vulnerability
CVE-2018-8260 - .NET Framework Remote Code Execution Vulnerability
CVE-2018-8276 - Scripting Engine Security Feature Bypass Vulnerability
CVE-2018-8278 - Microsoft Edge Spoofing Vulnerability
CVE-2018-8281 - Microsoft Office Remote Code Execution Vulnerability
CVE-2018-8282 - Win32k Elevation of Privilege Vulnerability
CVE-2018-8284 - .NET Framework Remote Code Injection Vulnerability
CVE-2018-8287 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8289 - Microsoft Edge Information Disclosure Vulnerability
CVE-2018-8297 - Microsoft Edge Information Disclosure Vulnerability
CVE-2018-8299 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-8300 - Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2018-8304 - Windows DNSAPI Denial of Service Vulnerability
CVE-2018-8305 - Windows Mail Client Information Disclosure Vulnerability
CVE-2018-8306 - Microsoft Wireless Display Adapter Command Injection Vulnerability
CVE-2018-8307 - WordPad Security Feature Bypass Vulnerability
CVE-2018-8308 - Windows Kernel Elevation of Privilege Vulnerability
CVE-2018-8309 - Windows Denial of Service Vulnerability
CVE-2018-8311 - Remote Code Execution Vulnerability in Skype For Business and Lync
CVE-2018-8312 - Microsoft Access Remote Code Execution Use After Free Vulnerability
CVE-2018-8313 - Windows Elevation of Privilege Vulnerability
CVE-2018-8314 - Windows Elevation of Privilege Vulnerability
CVE-2018-8319 - MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability
CVE-2018-8323 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-8325 - Microsoft Edge Information Disclosure Vulnerability
CVE-2018-8326 - Open Source Customization for Active Directory Federation Services XSS Vulnerability
CVE-2018-8356 - .NET Framework Security Feature Bypass Vulnerability

【风险等级】
  高风险

【漏洞风险】
   代码执行、权限提升、安全绕过以及信息泄露

【影响版本】
   目前已知受影响产品如下:
   Microsoft Edge
   Internet Explorer
   Chakra Scripting Engine
   Windows DNSAPI
   Microsoft Office
   Windows Kernel

【修复建议】
  目前微软官方均已发布漏洞修复更新,腾讯云安全团队建议您:
   1)不要打开来历不明的文件或者链接,避免被被攻击者利用在机器上执行恶意代码;
   2)打开Windows Update更新功能,点击“检查更新”,根据业务情况开展评估,下载安装相应的安全补丁;
   3)补丁更新完毕后,重启系统生效,并观察系统及业务运行状态;
   您也可以直接通过微软官方链接进行下载安装,补丁下载地址:
https://portal.msrc.microsoft.com/en-us/security-guidance
  【备注】建议您在安装补丁前做好数据备份工作,避免出现意外。

【漏洞参考】
  1)官方通告:https://portal.msrc.microsoft.com/en-us/security-guidance
  2)外部分析:https://blog.talosintelligence.com/2018/07/ms-tuesday.html


2018/7/11

0

主题

0

好友

50

积分

小白[LV1]

Rank: 1

云币
220
威望
50
发表于 2018-7-12 12:42:58 |显示全部楼层
收到
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册
您需要登录后才可以发帖 QQ登录

联系我们|腾讯云平台|积分商城|腾讯云官方论坛    

GMT+8, 2018-11-15 17:24 , Processed in 1.172411 second(s), 29 queries .

Powered by Discuz! X2.5

© 2001-2012 Comsenz Inc.

回顶部