SSL信息本月Windows用户和系统管理员需要立即处理总共63个安全漏洞,其中12个被评为严重漏洞,49个重要,1个中等,1个严重程度低。
这个技术巨头本月修补的两个漏洞在发布时被公开列出,据报道,一个漏洞被多个网络犯罪团体利用。
安全研究人员首次发现并报告了由CVE-2018-8589跟踪的漏洞,该漏洞由多个高级持久威胁组开发。该漏洞存在于Win32k组件(win32k.sys)中,如果成功利用该漏洞,可能允许恶意程序在内核模式下执行任意代码,并在受影响的Windows 7,Server 2008或Server 2008 R2上提升其权限以控制 它。
另外两个公开的漏洞未被列为主动攻击,它们存在于Windows高级本地过程调用(ALPC)服务和Microsoft的BitLocker安全功能中。
与ALPC相关的缺陷(跟踪为CVE-2018-8584)是一个特权升级漏洞,可以通过运行经特殊设计的应用程序来在本地系统的安全上下文中执行任意代码并控制受影响的系统来利用该漏洞。
高级本地过程调用(ALPC)有助于在用户模式下的一个或多个进程之间进行高速和安全的数据传输。
当Windows不正确地暂停BitLocker设备加密时,存在第二个公开披露的漏洞(跟踪为CVE-2018-8566),这可能允许对断电系统进行物理访问的攻击者绕过安全性并获得对加密数据的访问。
BitLocker本月早些时候成为头条新闻中的一个单独问题,由于其默认加密偏好和自加密SSD上的加密错误,可能会暴露Windows用户加密数据。微软没有完全解决这个问题; 相反该公司只是提供了如何手动更改BitLocker默认加密选择的指南。
在12个关键问题中,由于脚本引擎处理Microsoft Edge Internet浏览器内存中对象的方式,Chakra脚本引擎中存在8个内存损坏漏洞。
所有8个漏洞都可能被利用来破坏内存,允许攻击者在当前用户的上下文中执行代码。要利用这些漏洞,攻击者需要做的就是欺骗受害者在Microsoft Edge上打开一个特制的网站。
其余三个漏洞是Windows部署服务TFTP服务器,Microsoft图形组件和VBScript引擎中的远程代码执行错误。所有这些缺陷都归因于受影响的软件处理内存中对象的方式。
最后一个严重漏洞也是Microsoft Dynamics 365(本地)版本8中的远程代码执行缺陷。当服务器无法正确清理对受影响的Dynamics服务器的Web请求时,存在缺陷。
如果成功利用此漏洞,则该漏洞可能允许经过身份验证的攻击者通过向易受攻击的Dynamics服务器发送特制请求来在SQL服务帐户的上下文中运行任意代码。
| Windows Deployment Services TFTP Server Remote Code Execution Vulnerability | CVE-2018-8476 | Critical |
| Microsoft Graphics Components Remote Code Execution Vulnerability | CVE-2018-8553 | Critical |
| Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8588 | Critical |
| Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8541 | Critical |
| Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8542 | Critical |
| Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8543 | Critical |
| Windows VBScript Engine Remote Code Execution Vulnerability | CVE-2018-8544 | Critical |
| Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8555 | Critical |
| Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8556 | Critical |
| Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8557 | Critical |
| Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2018-8551 | Critical |
| Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability | CVE-2018-8609 | Critical |
| Azure App Service Cross-site Scripting Vulnerability | CVE-2018-8600 | Important |
| Windows Win32k Elevation of Privilege Vulnerability | CVE-2018-8589 | Important |
| BitLocker Security Feature Bypass Vulnerability | CVE-2018-8566 | Important |
| Windows ALPC Elevation of Privilege Vulnerability | CVE-2018-8584 | Important |
| Team Foundation Server Cross-site Scripting Vulnerability | CVE-2018-8602 | Important |
| Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | CVE-2018-8605 | Important |
| Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | CVE-2018-8606 | Important |
| Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | CVE-2018-8607 | Important |
| Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | CVE-2018-8608 | Important |
| Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability | CVE-2018-8471 | Important |
| DirectX Elevation of Privilege Vulnerability | CVE-2018-8485 | Important |
| DirectX Elevation of Privilege Vulnerability | CVE-2018-8554 | Important |
| DirectX Elevation of Privilege Vulnerability | CVE-2018-8561 | Important |
| Win32k Elevation of Privilege Vulnerability | CVE-2018-8562 | Important |
| Microsoft SharePoint Elevation of Privilege Vulnerability | CVE-2018-8572 | Important |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | CVE-2018-8581 | Important |
| Windows COM Elevation of Privilege Vulnerability | CVE-2018-8550 | Important |
| Windows VBScript Engine Remote Code Execution Vulnerability | CVE-2018-8552 | Important |
| Microsoft SharePoint Elevation of Privilege Vulnerability | CVE-2018-8568 | Important |
| Windows Elevation Of Privilege Vulnerability | CVE-2018-8592 | Important |
| Microsoft Edge Elevation of Privilege Vulnerability | CVE-2018-8567 | Important |
| DirectX Information Disclosure Vulnerability | CVE-2018-8563 | Important |
| MSRPC Information Disclosure Vulnerability | CVE-2018-8407 | Important |
| Windows Audio Service Information Disclosure Vulnerability | CVE-2018-8454 | Important |
| Win32k Information Disclosure Vulnerability | CVE-2018-8565 | Important |
| Microsoft Outlook Information Disclosure Vulnerability | CVE-2018-8558 | Important |
| Windows Kernel Information Disclosure Vulnerability | CVE-2018-8408 | Important |
| Microsoft Edge Information Disclosure Vulnerability | CVE-2018-8545 | Important |
| Microsoft SharePoint Information Disclosure Vulnerability | CVE-2018-8578 | Important |
| Microsoft Outlook Information Disclosure Vulnerability | CVE-2018-8579 | Important |
| PowerShell Remote Code Execution Vulnerability | CVE-2018-8256 | Important |
| Microsoft Outlook Remote Code Execution Vulnerability | CVE-2018-8522 | Important |
| Microsoft Outlook Remote Code Execution Vulnerability | CVE-2018-8576 | Important |
| Microsoft Outlook Remote Code Execution Vulnerability | CVE-2018-8524 | Important |
| Microsoft Word Remote Code Execution Vulnerability | CVE-2018-8539 | Important |
| Microsoft Word Remote Code Execution Vulnerability | CVE-2018-8573 | Important |
| Microsoft Excel Remote Code Execution Vulnerability | CVE-2018-8574 | Important |
| Microsoft Project Remote Code Execution Vulnerability | CVE-2018-8575 | Important |
| Microsoft Outlook Remote Code Execution Vulnerability | CVE-2018-8582 | Important |
| Windows Search Remote Code Execution Vulnerability | CVE-2018-8450 | Important |
| Microsoft Excel Remote Code Execution Vulnerability | CVE-2018-8577 | Important |
| Internet Explorer Memory Corruption Vulnerability | CVE-2018-8570 | Important |
| Microsoft JScript Security Feature Bypass Vulnerability | CVE-2018-8417 | Important |
| Windows Security Feature Bypass Vulnerability | CVE-2018-8549 | Important |
| Microsoft Edge Spoofing Vulnerability | CVE-2018-8564 | Important |
| Active Directory Federation Services XSS Vulnerability | CVE-2018-8547 | Important |
| Team Foundation Server Remote Code Execution Vulnerability | CVE-2018-8529 | Important |
| Yammer Desktop Application Remote Code Execution Vulnerability | CVE-2018-8569 | Important |
| Microsoft Powershell Tampering Vulnerability | CVE-2018-8415 | Important |
| .NET Core Tampering Vulnerability | CVE-2018-8416 | Moderate |
| Microsoft Skype for Business Denial of Service Vulnerability | CVE-2018-8546 | Low |
本月的安全更新还涵盖了Windows,PowerShell,MS Excel,Outlook,SharePoint,VBScript Engine,Edge,Windows Search服务,Internet Explorer,Azure App Service,Team Foundation Server和Microsoft Dynamics 365中的46个重要漏洞。
强烈建议用户和系统管理员尽快应用上述安全补丁,以防止黑客和网络犯罪分子控制他们的系统。
要安装安全修补程序更新,请转到设置→更新和安全性→Windows Update→检查更新,或者您可以手动安装更新。