1. 首页>
  2. 腾讯云代理

【安全预警】关于微软2018年11月安全补丁更新说明

腾讯云 2018年11月16日 浏览211

腾讯云代理 腾讯云直播申请 游戏上云

摘要: 近日,腾讯云安全中心监测到微软近期发布了 11 月安全补丁更新,共披露了 53 个安全漏洞,其中包含 11 个严重漏洞,攻击者可利用漏洞实施权限提升、远程代码执行等攻击。 为避免您的业务受影响,腾讯云安全中心建议您及时开展安全自查,如在受影响范围,请您及时进行更新修复,避免被外部攻击者入侵。

尊敬的腾讯云客户,您好:

       近日,腾讯云安全中心监测到微软近期发布了 11 月安全补丁更新,共披露了 53 个安全漏洞,其中包含 11 个严重漏洞,攻击者可利用漏洞实施权限提升、远程代码执行等攻击。
       为避免您的业务受影响,腾讯云安全中心建议您及时开展安全自查,如在受影响范围,请您及时进行更新修复,避免被外部攻击者入侵。
 
【漏洞详情】
严重漏洞(11个):
CVE-2018-8541 - Chakra scripting engine memory corruption vulnerability
CVE-2018-8542 - Chakra scripting engine memory corruption vulnerability
CVE-2018-8543 - Chakra scripting engine memory corruption vulnerability
CVE-2018-8551 - Chakra scripting engine memory corruption vulnerability
CVE-2018-8555 - Chakra scripting engine memory corruption vulnerability
CVE-2018-8556 - Chakra scripting engine memory corruption vulnerability
CVE-2018-8557 - Chakra scripting engine memory corruption vulnerability
CVE-2018-8588 - Chakra scripting engine memory corruption vulnerability
CVE-2018-8476 - Windows Deployment Services TFTP server remote code execution vulnerability 
CVE-2018-8553 - Microsoft Graphics Components remote code execution vulnerability 
CVE-2018-8544 - VBScript engine remote code execution vulnerability
重要漏洞(40个):
CVE-2018-8256 - PowerShell remote code execution vulnerability 
CVE-2018-8574 - Microsoft Excel remote code execution vulnerability 
CVE-2018-8577 - Microsoft Excel remote code execution vulnerability 
CVE-2018-8582 - Microsoft Outlook remote code execution vulnerability 
CVE-2018-8450 - Windows Search remote code execution vulnerability
CVE-2018-8550 - Windows COM Aggregate Marshaler elevation of privilege vulnerability
CVE-2018-8570 - Internet Explorer remote code execution vulnerability 
CVE-2018-8408 - Windows kernel information disclosure vulnerability
CVE-2018-8415 - PowerShell tampering vulnerability
CVE-2018-8417 - Microsoft JScript security feature bypass vulnerability
CVE-2018-8471 - Microsoft RemoteFX Virtual GPU miniport driver elevation of privilege vulnerability 
CVE-2018-8485 - DirectX elevation of privilege vulnerability 
CVE-2018-8522 - Microsoft Outlook remote code execution vulnerability
CVE-2018-8524 - Microsoft Outlook remote code execution vulnerability
CVE-2018-8539 - Microsoft Word remote code execution vulnerability 
CVE-2018-8545 - An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests
CVE-2018-8547 - Microsoft Edge cross-site-scripting (XSS) vulnerability 
CVE-2018-8549 - Windows security feature bypass vulnerability
CVE-2018-8552 - Internet Explorer remote code execution vulnerability
CVE-2018-8554 - DirectX elevation of privilege vulnerability 
CVE-2018-8558 - Microsoft Outlook information disclosure vulnerability 
CVE-2018-8561 - DirectX elevation of privilege vulnerability 
CVE-2018-8562 - Windows elevation of privilege vulnerability
CVE-2018-8563 - DirectX information disclosure vulnerability 
CVE-2018-8564 - Microsoft Edge spoofing vulnerability 
CVE-2018-8565 - win32k information disclosure vulnerability 
CVE-2018-8566 - Windows security feature bypass vulnerability
CVE-2018-8567 - Microsoft Edge elevation of privilege vulnerability
CVE-2018-8568 - Microsoft SharePoint elevation of privilege vulnerability
CVE-2018-8572 - Microsoft SharePoint elevation of privilege vulnerability
CVE-2018-8573 - Microsoft Word remote code execution vulnerability 
CVE-2018-8575 - Microsoft Project software remote code execution vulnerability 
CVE-2018-8576 - Microsoft Outlook remote code execution vulnerability 
CVE-2018-8578 - Microsoft SharePoint Server elevation of privilege vulnerability 
CVE-2018-8579 - Microsoft Outlook information disclosure vulnerability
CVE-2018-8581 - Microsoft Exchange Server elevation of privilege vulnerability 
CVE-2018-8584 - Windows elevation of privilege vulnerability 
CVE-2018-8589 - Windows elevation of privilege vulnerability
CVE-2018-8592 - Windows 10 version 1809 elevation of privilege vulnerability 
CVE-2018-8407 - "Kernel Remote Procedure Call Provider" driver  information disclosure vulnerability 
【风险等级】
   高风险
 
【漏洞风险】
   代码执行、权限提升、安全绕过以及信息泄露;
 
【影响版本】
目前已知受影响产品如下:
Microsoft Edge
Internet Explorer
Chakra Scripting Engine
Microsoft Office
Windows Kernel
【修复建议】
目前微软官方均已发布漏洞修复更新,腾讯云安全团队建议您:
1)不要打开来历不明的文件或者链接,避免被被攻击者利用在机器上执行恶意代码;
2)打开Windows Update更新功能,点击“检查更新”,根据业务情况开展评估,下载安装相应的安全补丁;
3)补丁更新完毕后,重启系统生效,并观察系统及业务运行状态;
您也可以直接通过微软官方链接进行下载安装,补丁下载地址:https://portal.msrc.microsoft.com/en-us/security-guidance
【备注】建议您在安装补丁前做好数据备份工作,避免出现意外。
 
【漏洞参考】


img

2018-11-15


相关文章

在线客服
淘宝购买
腾讯云直播申请 title=
+成为腾讯云VIP客户 腾讯云直播申请 客服电话

15818558013

0755-33940501-803

0755-33940501-808