微软于周二发布了12月安全更新补丁,修复了39个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及.NET Framework、Adobe Flash Player、Internet Explorer、Microsoft Dynamics、Mi2crosoft Exchange Server、Microsoft Graphics Component、Microsoft Office、Microsoft Office SharePoint、Microsoft Scripting Engine、Microsoft Windows、Microsoft Windows DNS、Visual Studio、Windows Authentication Methods、Windows Azure Pack、Windows Kernel以及Windows Kernel-Mode Drivers。
相关信息如下(红色部分威胁相对比较高):
| 产品 | CVE 编号 | CVE 标题 |
| .NET Framework | CVE-2018-8517 | .NET Framework Denial Of Service Vulnerability |
| .NET Framework | CVE-2018-8540 | .NET Framework Remote Code Injection Vulnerability |
| Adobe Flash Player | ADV180031 | December 2018 Adobe Flash 安全更新 |
| Internet Explorer | CVE-2018-8619 | Internet Explorer 远程代码执行漏洞 |
| Internet Explorer | CVE-2018-8631 | Internet Explorer 内存破坏漏洞 |
| Microsoft Dynamics | CVE-2018-8651 | Microsoft Dynamics NAV Cross Site Scripting Vulnerability |
| Microsoft Exchange Server | CVE-2018-8604 | Microsoft Exchange Server Tampering Vulnerability |
| Microsoft Graphics Component | CVE-2018-8595 | Windows GDI 信息泄露漏洞 |
| Microsoft Graphics Component | CVE-2018-8596 | Windows GDI 信息泄露漏洞 |
| Microsoft Graphics Component | CVE-2018-8638 | DirectX 信息泄露漏洞 |
| Microsoft Graphics Component | CVE-2018-8639 | Win32k 特权提升漏洞 |
| Microsoft Office | CVE-2018-8587 | Microsoft Outlook 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8597 | Microsoft Excel 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8598 | Microsoft Excel 信息泄露漏洞 |
| Microsoft Office | CVE-2018-8627 | Microsoft Excel 信息泄露漏洞 |
| Microsoft Office | CVE-2018-8628 | Microsoft PowerPoint 远程代码执行漏洞 |
| Microsoft Office | CVE-2018-8636 | Microsoft Excel 远程代码执行漏洞 |
| Microsoft Office SharePoint | CVE-2018-8580 | Microsoft SharePoint 信息泄露漏洞 |
| Microsoft Office SharePoint | CVE-2018-8635 | Microsoft SharePoint Server 特权提升漏洞 |
| Microsoft Scripting Engine | CVE-2018-8583 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8617 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8618 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8624 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8625 | Windows VBScript Engine 远程代码执行漏洞 |
| Microsoft Scripting Engine | CVE-2018-8629 | Chakra Scripting Engine 内存破坏漏洞 |
| Microsoft Scripting Engine | CVE-2018-8643 | Scripting Engine 内存破坏漏洞 |
| Microsoft Windows | CVE-2018-8649 | Windows 拒绝服务漏洞 |
| Microsoft Windows DNS | CVE-2018-8514 | Remote Procedure Call runtime 信息泄露漏洞 |
| Microsoft Windows DNS | CVE-2018-8626 | Windows DNS Server Heap Overflow Vulnerability |
| Visual Studio | CVE-2018-8599 | Diagnostics Hub Standard Collector Service 特权提升漏洞 |
| Windows Authentication Methods | CVE-2018-8634 | Microsoft Text-To-Speech 远程代码执行漏洞 |
| Windows Azure Pack | CVE-2018-8652 | Windows Azure Pack Cross Site Scripting Vulnerability |
| Windows Kernel | CVE-2018-8477 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-8611 | Windows Kernel 特权提升漏洞 |
| Windows Kernel | CVE-2018-8612 | Connected User Experiences and Telemetry Service 拒绝服务漏洞 |
| Windows Kernel | CVE-2018-8621 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-8622 | Windows Kernel 信息泄露漏洞 |
| Windows Kernel | CVE-2018-8637 | Win32k 信息泄露漏洞 |
| Windows Kernel-Mode Drivers | CVE-2018-8641 | Win32k 特权提升漏洞 |
微软官方已经发布更新补丁,请及时进行补丁更新。