微软于周二发布了12月安全更新补丁,修复了39个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Framework、Adobe Flash Player、Internet Explorer、Microsoft Dynamics、Mi2crosoft Exchange Server、Microsoft Graphics Component、Microsoft Office、Microsoft Office SharePoint、Microsoft Scripting Engine、Microsoft Windows、Microsoft Windows DNS、Visual Studio、Windows Authentication Methods、Windows Azure Pack、Windows Kernel以及Windows Kernel-Mode Drivers。

漏洞概述

相关信息如下(红色部分威胁相对比较高):

产品 CVE 编号 CVE 标题
.NET Framework CVE-2018-8517 .NET Framework Denial Of Service Vulnerability
.NET Framework CVE-2018-8540 .NET Framework Remote Code Injection Vulnerability
Adobe Flash Player ADV180031 December 2018 Adobe Flash 安全更新
Internet Explorer CVE-2018-8619 Internet Explorer 远程代码执行漏洞
Internet Explorer CVE-2018-8631 Internet Explorer 内存破坏漏洞
Microsoft Dynamics CVE-2018-8651 Microsoft Dynamics NAV Cross Site Scripting Vulnerability
Microsoft Exchange Server CVE-2018-8604 Microsoft Exchange Server Tampering Vulnerability
Microsoft Graphics Component CVE-2018-8595 Windows GDI 信息泄露漏洞
Microsoft Graphics Component CVE-2018-8596 Windows GDI 信息泄露漏洞
Microsoft Graphics Component CVE-2018-8638 DirectX 信息泄露漏洞
Microsoft Graphics Component CVE-2018-8639 Win32k 特权提升漏洞
Microsoft Office CVE-2018-8587 Microsoft Outlook 远程代码执行漏洞
Microsoft Office CVE-2018-8597 Microsoft Excel 远程代码执行漏洞
Microsoft Office CVE-2018-8598 Microsoft Excel 信息泄露漏洞
Microsoft Office CVE-2018-8627 Microsoft Excel 信息泄露漏洞
Microsoft Office CVE-2018-8628 Microsoft PowerPoint 远程代码执行漏洞
Microsoft Office CVE-2018-8636 Microsoft Excel 远程代码执行漏洞
Microsoft Office SharePoint CVE-2018-8580 Microsoft SharePoint 信息泄露漏洞
Microsoft Office SharePoint CVE-2018-8635 Microsoft SharePoint Server 特权提升漏洞
Microsoft Scripting Engine CVE-2018-8583 Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting Engine CVE-2018-8617 Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting Engine CVE-2018-8618 Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting Engine CVE-2018-8624 Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting Engine CVE-2018-8625 Windows VBScript Engine 远程代码执行漏洞
Microsoft Scripting Engine CVE-2018-8629 Chakra Scripting Engine 内存破坏漏洞
Microsoft Scripting Engine CVE-2018-8643 Scripting Engine 内存破坏漏洞
Microsoft Windows CVE-2018-8649 Windows 拒绝服务漏洞
Microsoft Windows DNS CVE-2018-8514 Remote Procedure Call runtime 信息泄露漏洞
Microsoft Windows DNS CVE-2018-8626 Windows DNS Server Heap Overflow Vulnerability
Visual Studio CVE-2018-8599 Diagnostics Hub Standard Collector Service 特权提升漏洞
Windows Authentication Methods CVE-2018-8634 Microsoft Text-To-Speech 远程代码执行漏洞
Windows Azure Pack CVE-2018-8652 Windows Azure Pack Cross Site Scripting Vulnerability
Windows Kernel CVE-2018-8477 Windows Kernel 信息泄露漏洞
Windows Kernel CVE-2018-8611 Windows Kernel 特权提升漏洞
Windows Kernel CVE-2018-8612 Connected User Experiences and Telemetry Service 拒绝服务漏洞
Windows Kernel CVE-2018-8621 Windows Kernel 信息泄露漏洞
Windows Kernel CVE-2018-8622 Windows Kernel 信息泄露漏洞
Windows Kernel CVE-2018-8637 Win32k 信息泄露漏洞
Windows Kernel-Mode Drivers CVE-2018-8641 Win32k 特权提升漏洞

 

修复建议

微软官方已经发布更新补丁,请及时进行补丁更新。

 

附件下载

微软发布12月补丁修复39个安全问题

源链接

Hacking more

...