微软于周二发布了8月安全更新补丁,修复了63个从简单的欺骗攻击到远程执行代码的安全问题。
产品涉及.NET Framework、Adobe Flash Player、Device Guard、Internet Explorer、Microsoft Browsers、Microsoft Edge、Microsoft Exchange Server、Microsoft Graphics Component、Microsoft Office、Microsoft Scripting Engine、Microsoft Windows、Microsoft Windows PDF、SQL Server、Windows Authentication Methods、Windows COM、Windows Diagnostic Hub、Windows Installer、Windows Kernel、Windows NDIS、Windows RNDIS以及Windows Shell。
以下为威胁相对较高的漏洞
| 产品 | CVE 编号 | CVE 标题 |
| Internet Explorer | CVE-2018-8316 | Internet Explorer 远程代码执行漏洞 |
| Microsoft Exchange Server | CVE-2018-8302 | Microsoft Exchange 内存破坏漏洞 |
| Microsoft Graphics Component | CVE-2018-8397 | GDI+ 远程代码执行漏洞 |
| Microsoft Graphics Component | CVE-2018-8344 | Microsoft Graphics 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8379 | Microsoft Excel 远程代码执行漏洞 |
| Microsoft Windows | CVE-2018-8345 | LNK 远程代码执行漏洞 |
| Microsoft Windows | CVE-2018-8346 | LNK 远程代码执行漏洞 |
| Microsoft Windows PDF | CVE-2018-8350 | Windows PDF 远程代码执行漏洞 |
| SQL Server | CVE-2018-8273 | Microsoft SQL Server 远程代码执行漏洞 |
| Windows COM | CVE-2018-8349 | Microsoft COM for Windows 远程代码执行漏洞 |
| Windows Shell | CVE-2018-8414 | Windows Shell 远程代码执行漏洞 |
完整信息如下:
| 产品 | CVE 编号 | CVE 标题 |
| .NET Framework | CVE-2018-8360 | .NET Framework 信息泄露漏洞 |
| Adobe Flash Player | ADV180020 | August 2018 Adobe Flash 安全更新 |
| Device Guard | CVE-2018-8204 | Device Guard Code Integrity Policy 安全功能绕过漏洞 |
| Device Guard | CVE-2018-8200 | Device Guard Code Integrity Policy 安全功能绕过漏洞 |
| Internet Explorer | CVE-2018-8316 | Internet Explorer 远程代码执行漏洞 |
| Microsoft Browsers | CVE-2018-8403 | Microsoft Browser 内存破坏漏洞 |
| Microsoft Browsers | CVE-2018-8351 | Microsoft Browser 信息泄露漏洞 |
| Microsoft Browsers | CVE-2018-8357 | Microsoft Browser 特权提升漏洞 |
| Microsoft Edge | CVE-2018-8358 | Microsoft Edge 安全功能绕过漏洞 |
| Microsoft Edge | CVE-2018-8370 | Microsoft Edge 信息泄露漏洞 |
| Microsoft Edge | CVE-2018-8377 | Microsoft Edge 内存破坏漏洞 |
| Microsoft Edge | CVE-2018-8383 | Microsoft Edge 欺骗漏洞 |
| Microsoft Edge | CVE-2018-8388 | Microsoft Edge 欺骗漏洞 |
| Microsoft Edge | CVE-2018-8387 | Microsoft Edge 内存破坏漏洞 |
| Microsoft Exchange Server | CVE-2018-8302 | Microsoft Exchange 内存破坏漏洞 |
| Microsoft Exchange Server | CVE-2018-8374 | Microsoft Exchange Server Tampering Vulnerability |
| Microsoft Graphics Component | CVE-2018-8394 | Windows GDI 信息泄露漏洞 |
| Microsoft Graphics Component | CVE-2018-8396 | Windows GDI 信息泄露漏洞 |
| Microsoft Graphics Component | CVE-2018-8397 | GDI+ 远程代码执行漏洞 |
| Microsoft Graphics Component | CVE-2018-8398 | Windows GDI 信息泄露漏洞 |
| Microsoft Graphics Component | CVE-2018-8400 | DirectX Graphics Kernel 特权提升漏洞 |
| Microsoft Graphics Component | CVE-2018-8401 | DirectX Graphics Kernel 特权提升漏洞 |
| Microsoft Graphics Component | CVE-2018-8405 | DirectX Graphics Kernel 特权提升漏洞 |
| Microsoft Graphics Component | CVE-2018-8406 | DirectX Graphics Kernel 特权提升漏洞 |
| Microsoft Graphics Component | CVE-2018-8344 | Microsoft Graphics 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8375 | Microsoft Excel 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8376 | Microsoft PowerPoint 远程代码执行漏洞 |
| Microsoft Office | ADV180021 | Microsoft Office Defense in Depth Update |
| Microsoft Office | CVE-2018-8378 | Microsoft Office 信息泄露漏洞 |
| Microsoft Office | CVE-2018-8379 | Microsoft Excel 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8382 | Microsoft Excel 信息泄露漏洞 |
| Microsoft Office | CVE-2018-8412 | Microsoft (MAU) Office 特权提升漏洞 |
| Microsoft Scripting Engine | CVE-2018-8266 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8371 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8372 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8373 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8380 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8381 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8384 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8385 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8389 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8390 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8353 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8355 | Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8359 | Scripting Engine 内存破坏漏洞 |
| Microsoft Windows | ADV180018 | Microsoft Guidance to mitigate L1TF variant |
| Microsoft Windows | CVE-2018-8345 | LNK 远程代码执行漏洞 |
| Microsoft Windows | CVE-2018-8346 | LNK 远程代码执行漏洞 |
| Microsoft Windows PDF | CVE-2018-8350 | Windows PDF 远程代码执行漏洞 |
| SQL Server | CVE-2018-8273 | Microsoft SQL Server 远程代码执行漏洞 |
| Windows Authentication Methods | CVE-2018-8340 | AD FS 安全功能绕过漏洞 |
| Windows COM | CVE-2018-8349 | Microsoft COM for Windows 远程代码执行漏洞 |
| Windows Diagnostic Hub | CVE-2018-0952 | Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability |
| Windows Installer | CVE-2018-8339 | Windows Installer 特权提升漏洞 |
| Windows Kernel | CVE-2018-8399 | Win32k 特权提升漏洞 |
| Windows Kernel | CVE-2018-8404 | Win32k 特权提升漏洞 |
| Windows Kernel | CVE-2018-8341 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-8347 | Windows Kernel 特权提升漏洞 |
| Windows Kernel | CVE-2018-8348 | Windows Kernel 信息泄露漏洞 |
| Windows NDIS | CVE-2018-8343 | Windows NDIS 特权提升漏洞 |
| Windows RNDIS | CVE-2018-8342 | Windows NDIS 特权提升漏洞 |
| Windows Shell | CVE-2018-8253 | Microsoft Cortana 特权提升漏洞 |
| Windows Shell | CVE-2018-8414 | Windows Shell 远程代码执行漏洞 |
微软官方已经发布更新补丁,请及时进行补丁更新。