中新網安安全研究院微軟發布56個漏洞更新其中16個為“嚴重”并發布針對Meltdown及Spectre緩解措施報告

2018年1月,“微軟周二補丁日(ms-tuesday)”,微軟發布了針對各種產品已經識別和解決的漏洞涉及56個,其中16個評級為嚴重,39個評級為高危,1個評級為中危。這些漏洞影響ASP.NET,Edge,Internet Explorer,Office,Windows等等。

除了解決的56個漏洞之外,微軟還發布了針對Meltdown和Spectre的更新。在ADV180002中針對Windows發布了針對這兩個漏洞的緩解措施。請注意,由于與防病毒產品不兼容,用戶和組織可能尚未收到此更新。欲了解更多信息,用戶應參考微軟的知識庫涵蓋這個問題的文章。


【Microsoft已將以下漏洞分配給嚴重等級】

  • CVE-2018-0758 - scripting Engine Memory Corruption Vulnerability

  • CVE-2018-0762 - scripting Engine Memory Corruption Vulnerability

  • CVE-2018-0767 - scripting Engine Information Disclosure Vulnerability

  • CVE-2018-0769 - scripting Engine Memory Corruption Vulnerability

  • CVE-2018-0770 - scripting Engine Memory Corruption Vulnerability

  • CVE-2018-0772 - scripting Engine Memory Corruption Vulnerability

  • CVE-2018-0773 - scripting Engine Memory Corruption Vulnerability

  • CVE-2018-0774 - scripting Engine Memory Corruption Vulnerability

  • CVE-2018-0775 - scripting Engine Memory Corruption Vulnerability

  • CVE-2018-0776 - scripting Engine Memory Corruption Vulnerability

  • CVE-2018-0777 - scripting Engine Memory Corruption Vulnerability

  • CVE-2018-0778 - scripting Engine Memory Corruption Vulnerability

  • CVE-2018-0780 - scripting Engine Information Disclosure Vulnerability

  • CVE-2018-0781 - scripting Engine Memory Corruption Vulnerability

  • CVE-2018-0797 - Microsoft Word Memory Corruption Vulnerability

  • CVE-2018-0800 - scripting Engine Information Disclosure Vulnerability


Microsoft已將以下漏洞分配給高危等級】

  • CVE-2018-0741 - Microsoft Color Management Information Disclosure Vulnerability

  • CVE-2018-0743 - Windows Subsystem for Linux Elevation of Privilege Vulnerability

  • CVE-2018-0744 - Windows Elevation of Privilege Vulnerability

  • CVE-2018-0745 - Windows Information Disclosure Vulnerability

  • CVE-2018-0746 - Windows Information Disclosure Vulnerability

  • CVE-2018-0747 - Windows Information Disclosure Vulnerability

  • CVE-2018-0748 - Windows Elevation of Privilege Vulnerability

  • CVE-2018-0749 - SMB Server Elevation of Privilege Vulnerability

  • CVE-2018-0750 - Windows GDI Information Disclosure Vulnerability

  • CVE-2018-0751 - Windows Elevation of Privilege Vulnerability

  • CVE-2018-0752 - Windows Elevation of Privilege Vulnerability

  • CVE-2018-0753 - Windows IPSec Denial of Service Vulnerability

  • CVE-2018-0754 - ATMFD.dll Information Disclosure Vulnerability

  • CVE-2018-0764 - .NET and .NET Core Denial Of Service Vulnerability

  • CVE-2018-0766 - Microsoft Edge Information Disclosure Vulnerability

  • CVE-2018-0768 - scripting Engine Memory Corruption Vulnerability

  • CVE-2018-0784 - ASP.NET CoreElevation Of Privilege Vulnerability

  • CVE-2018-0786 - .NET Security Feature Bypass Vulnerability

  • CVE-2018-0788 - ATMFD.dll Information Disclosure Vulnerability

  • CVE-2018-0789 - Microsoft Office Spoofing Vulnerability

  • CVE-2018-0790 - Microsoft Office Information Disclosure Vulnerability

  • CVE-2018-0791 - Microsoft Outlook Remote Code Execution Vulnerability

  • CVE-2018-0792 - Microsoft Word Remote Code Execution

  • CVE-2018-0793 - Microsoft Outlook Remote Code Execution

  • CVE-2018-0794 - Microsoft Word Remote Code Execution

  • CVE-2018-0795 - Microsoft Office Remote Code Execution

  • CVE-2018-0796 - Microsoft Excel Remote Code Execution

  • CVE-2018-0798 - Microsoft Word Memory Corruption Vulnerability

  • CVE-2018-0799 - Microsoft Access Tampering Vulnerability

  • CVE-2018-0801 - Microsoft Office Remote Code Execution Vulnerability

  • CVE-2018-0802 - Microsoft Office Memory Corruption Vulnerability

  • CVE-2018-0803 - Microsoft Edge Elevation of Privilege Vulnerability

  • CVE-2018-0805 - Microsoft Word Remote Code Execution Vulnerability

  • CVE-2018-0806 - Microsoft Word Remote Code Execution Vulnerability

  • CVE-2018-0807 - Microsoft Word Remote Code Execution Vulnerability

  • CVE-2018-0812 - Microsoft Word Memory Corruption Vulnerability

  • CVE-2018-0818 - scripting Engine Security Feature Bypass

  • CVE-2018-0819 - Spoofing Vulnerability in Microsoft Office for MAC


Microsoft已將以下漏洞分配給中危等級

  • CVE-2018-0785 - ASP.NET Core Cross Site Request Forgery Vulnerability


【安全建議】

  1. 根據業務情況選擇更新補丁

  2. 升級前,務必做好數據備份

信息來源http://blog.talosintelligence.com/2018/01/ms-tuesday.html


四川金7乐开奖走势