绿盟科技

400-818-6868

安全研究

威胁通告
微软发布12月补丁修复39个安全问题 安全威胁通告


综述  


微软于周二发布了12月安全更新补丁,修复了39个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Framework、Adobe Flash Player、Internet Explorer、Microsoft Dynamics、Mi2crosoft Exchange Server、Microsoft Graphics Component、Microsoft Office、Microsoft Office SharePoint、Microsoft scripting Engine、Microsoft Windows、Microsoft Windows DNS、Visual Studio、Windows Authentication Methods、Windows Azure Pack、Windows Kernel以及Windows Kernel-Mode Drivers。


相关信息如下(红色部分威胁相对比较高):

产品

CVE编号

CVE标题

.NET Framework

CVE-2018-8517

.NET Framework Denial Of Service Vulnerability

.NET Framework

CVE-2018-8540

.NET Framework Remote Code Injection Vulnerability

Adobe Flash Player

ADV180031

December 2018 Adobe Flash安全更新

Internet Explorer

CVE-2018-8619

Internet Explorer远程代码执行漏洞

Internet Explorer

CVE-2018-8631

Internet Explorer内存破坏漏洞

Microsoft Dynamics

CVE-2018-8651

Microsoft Dynamics NAV Cross Site scripting Vulnerability

Microsoft Exchange Server

CVE-2018-8604

Microsoft Exchange Server Tampering Vulnerability

Microsoft Graphics Component

CVE-2018-8595

Windows GDI信息泄露漏洞

Microsoft Graphics Component

CVE-2018-8596

Windows GDI信息泄露漏洞

Microsoft Graphics Component

CVE-2018-8638

DirectX信息泄露漏洞

Microsoft Graphics Component

CVE-2018-8639

Win32k特权提升漏洞

Microsoft Office

CVE-2018-8587

Microsoft Outlook远程代码执行漏洞

Microsoft Office

CVE-2018-8597

Microsoft Excel远程代码执行漏洞

Microsoft Office

CVE-2018-8598

Microsoft Excel信息泄露漏洞

Microsoft Office

CVE-2018-8627

Microsoft Excel信息泄露漏洞

Microsoft Office

CVE-2018-8628

Microsoft PowerPoint远程代码执行漏洞

Microsoft Office

CVE-2018-8636

Microsoft Excel远程代码执行漏洞

Microsoft Office SharePoint

CVE-2018-8580

Microsoft SharePoint信息泄露漏洞

Microsoft Office SharePoint

CVE-2018-8635

Microsoft SharePoint Server特权提升漏洞

Microsoft scripting Engine

CVE-2018-8583

Chakra scripting Engine内存破坏漏洞

Microsoft scripting Engine

CVE-2018-8617

Chakra scripting Engine内存破坏漏洞

Microsoft scripting Engine

CVE-2018-8618

Chakra scripting Engine内存破坏漏洞

Microsoft scripting Engine

CVE-2018-8624

Chakra scripting Engine内存破坏漏洞

Microsoft scripting Engine

CVE-2018-8625

Windows vbscript Engine远程代码执行漏洞

Microsoft scripting Engine

CVE-2018-8629

Chakra scripting Engine内存破坏漏洞

Microsoft scripting Engine

CVE-2018-8643

scripting Engine内存破坏漏洞

Microsoft Windows

CVE-2018-8649

Windows拒绝服务漏洞

Microsoft Windows DNS

CVE-2018-8514

Remote Procedure Call runtime信息泄露漏洞

Microsoft Windows DNS

CVE-2018-8626

Windows DNS Server Heap Overflow Vulnerability

Visual Studio

CVE-2018-8599

Diagnostics Hub Standard Collector Service特权提升漏洞

Windows Authentication Methods

CVE-2018-8634

Microsoft Text-To-Speech远程代码执行漏洞

Windows Azure Pack

CVE-2018-8652

Windows Azure Pack Cross Site scripting Vulnerability

Windows Kernel

CVE-2018-8477

Windows Kernel信息泄露漏洞

Windows Kernel

CVE-2018-8611

Windows Kernel特权提升漏洞

Windows Kernel

CVE-2018-8612

Connected User Experiences and Telemetry Service拒绝服务漏洞

Windows Kernel

CVE-2018-8621

Windows Kernel信息泄露漏洞

Windows Kernel

CVE-2018-8622

Windows Kernel信息泄露漏洞

Windows Kernel

CVE-2018-8637

Win32k信息泄露漏洞

Windows Kernel-Mode Drivers

CVE-2018-8641

Win32k特权提升漏洞


修复建议


微软官方已经发布更新补丁,请及时进行补丁更新。


浏览次数:

关 闭