打印 上一主题 下一主题

【安全预警】关于微软2018年12月安全补丁更新说明

跳转到指定楼层
楼主
SetYun 发表于 2019-1-21 09:52:36 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
尊敬的腾讯云客户,您好:       近日,腾讯云安全中心监测到微软发布了 12 月安全补丁更新,共披露了 38 个安全漏洞,其中包含 9 个严重漏洞,攻击者可利用漏洞实施远程代码执行等攻击。       为避免您的业务受影响,腾讯云安全中心建议您及时开展安全自查,如在受影响范围,请您及时进行更新修复,避免被外部攻击者入侵。


【漏洞详情】
严重漏洞(9个):
CVE-2018-8583 - Chakra scripting engine memory corruption vulnerability
CVE-2018-8617 - Chakra scripting engine memory corruption vulnerability
CVE-2018-8618 - Chakra scripting engine memory corruption vulnerability
CVE-2018-8624 - Chakra scripting engine memory corruption vulnerability
CVE-2018-8629 - Chakra scripting engine memory corruption vulnerability
CVE-2018-8540 - Microsoft .NET framework remote code injection vulnerability
CVE-2018-8626 - Windows DNS servers remote code execution vulnerability
CVE-2018-8631 - Internet Explorer remote code execution vulnerability
CVE-2018-8634 - Microsoft Edge memory corruption vulnerability


重要漏洞(29个):
CVE-2018-8597 - Microsoft Excel remote code execution vulnerability
CVE-2018-8636 - Microsoft Excel remote code execution vulnerability
CVE-2018-8587 - Microsoft Outlook remote code execution vulnerability
CVE-2018-8590 - Microsoft Word remote code execution vulnerability
CVE-2018-8619 - Internet Explorer VBScript remote code execution vulnerability
CVE-2018-8625 - VBScript engine remote code execution vulnerability
CVE-2018-8628 - Microsoft PowerPoint remote code execution vulnerability
CVE-2018-8643 - Internet Explorer remote code execution vulnerability
CVE-2018-8477 - Windows kernel information disclosure vulnerability
CVE-2018-8514 - Remote Procedure Call information disclosure vulnerability
CVE-2018-8517 - .NET Framework denial of service vulnerability
CVE-2018-8580 - Microsoft SharePoint Server information disclosure vulnerability
CVE-2018-8595 - Windows GDI information disclosure vulnerability
CVE-2018-8596 - Windows GDI information disclosure vulnerability
CVE-2018-8598 - Microsoft Excel information disclosure vulnerability
CVE-2018-8599 - Diagnostics Hub Standard Collector Service elevation of privilege vulnerability
CVE-2018-8604 - Microsoft Exchange Server tampering vulnerability
CVE-2018-8611 - Windows kernel elevation of privilege vulnerability
CVE-2018-8612 - User Experiences and Telemetry Service Denial Of Service vulnerability
CVE-2018-8621 - Windows kernel information disclosure vulnerability
CVE-2018-8622 - Windows kernel information disclosure vulnerability
CVE-2018-8627 - Microsoft Excel information disclosure vulnerability
CVE-2018-8635 - Microsoft SharePoint Server elevation of privilege vulnerability
CVE-2018-8637 - Windows kernel information disclosure vulnerability
CVE-2018-8638 - DirectX information disclosure vulnerability
CVE-2018-8639 - Win32k elevation of privilege vulnerability
CVE-2018-8614 - 暂未披露详细信息
CVE-2018-8616 - 暂未披露详细信息
CVE-2018-8630 - 暂未披露详细信息


【风险等级】
   高风险

【漏洞风险】
  代码执行、权限提升、安全绕过以及信息泄露;

【影响版本】
目前已知受影响产品如下:
Microsoft Edge
Internet Explorer
Chakra Scripting Engine
Windows DNSAPI
Microsoft Office
Windows Kernel


【修复建议】
目前微软官方均已发布漏洞修复更新,腾讯云安全团队建议您:
1)不要打开来历不明的文件或者链接,避免被被攻击者利用在机器上执行恶意代码;
2)打开Windows Update更新功能,点击“检查更新”,根据业务情况开展评估,下载安装相应的安全补丁;
3)补丁更新完毕后,重启系统生效,并观察系统及业务运行状态;
您也可以直接通过微软官方链接进行下载安装,补丁下载地址:https://portal.msrc.microsoft.com/en-us/security-guidance
【备注】建议您在安装补丁前做好数据备份工作,避免出现意外。


【漏洞参考】
1)官方通告:https://portal.msrc.microsoft.com/en-us/security-guidance
2)外部分析:https://blog.talosintelligence.com/2018/12/microsoft-patch-tuesday-december-2018.html



回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver|手机版|小黑屋|SetYun ( 辽ICP备16005250号

GMT+8, 2024-12-23 00:29 , Processed in 0.039081 second(s), 4 queries , File On.

Powered by Discuz! X3.3

© 2001-2017 Comsenz Inc.

快速回复 返回顶部 返回列表