全部产品
云市场
云游戏

【漏洞公告】微软“周二补丁日”—2017年9月

更新时间:2018-02-22 09:21:31

2017年9月12日,微软发布了每月安全建议,包含针对其产品已被确认和解决的漏洞。

概述

本月的安全公告解决了81个新漏洞,其中27个评级为严重,52个评级为高危,2个等级为中危。

本月微软公告中微软修复了一个.NET 0day漏洞,漏洞ID为CVE-2017-8759,该漏洞影响. NET 框架。攻击者可以利用该漏洞进行远程代码执行,获取敏感数据或服务器权限,安全风险为高危。

此外,微软还发布了嵌入在Edge和Internet Explorer中的Adobe Flash Player的更新。

阿里云安全提示您关注这些漏洞,根据业务情况更新补丁。

漏洞详情见下文。

漏洞影响范围

Edge,Hyper-V,Internet Explorer,Office,远程桌面协议,Sharepoint,Windows图形显示界面,Windows内核模式驱动程序等。

严重漏洞

  • CVE-2017-8747 - Internet Explorer Memory Corruption Vulnerability
  • CVE-2017-8749 - Internet Explorer Memory Corruption Vulnerability
  • CVE-2017-8750 - Microsoft Browser Memory Corruption Vulnerability
  • CVE-2017-8731 - Microsoft Edge Memory Corruption Vulnerability
  • CVE-2017-8734 - Microsoft Edge Memory Corruption Vulnerability
  • CVE-2017-8751 - Microsoft Edge Memory Corruption Vulnerability
  • CVE-2017-8755 - Microsoft Edge Memory Corruption Vulnerability
  • CVE-2017-8756 - Microsoft Edge Memory Corruption Vulnerability
  • CVE-2017-11766 - Microsoft Edge Memory Corruption Vulnerability
  • CVE-2017-8757 - Microsoft Edge Remote Code Execution Vulnerability
  • CVE-2017-8696 - Microsoft Graphics Component Remote Code Execution
  • CVE-2017-8728 - Microsoft PDF Remote Code Execution Vulnerability
  • CVE-2017-8737 - Microsoft PDF Remote Code Execution Vulnerability
  • CVE-2017-0161 - NetBIOS Remote Code Execution Vulnerability
  • CVE-2017-8649 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8660 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8729 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8738 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8740 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8741 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8748 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8752 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8753 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-11764 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8682 - Win32k Graphics Remote Code Execution Vulnerability
  • CVE-2017-8686 - Windows DHCP Server Remote Code Execution Vulnerability
  • CVE-2017-8676 - Windows GDI+ Information Disclosure Vulnerability

高危漏洞

  • CVE-2017-8759 - .NET Framework Remote Code Execution Vulnerability
  • CVE-2017-9417 - Broadcom BCM43xx Remote Code Execution Vulnerability
  • CVE-2017-8746 - Device Guard Security Feature Bypass Vulnerability
  • CVE-2017-8695 - Graphics Component Information Disclosure Vulnerability
  • CVE-2017-8704 - Hyper-V Denial of Service Vulnerability
  • CVE-2017-8706 - Hyper-V Information Disclosure Vulnerability
  • CVE-2017-8707 - Hyper-V Information Disclosure Vulnerability
  • CVE-2017-8711 - Hyper-V Information Disclosure Vulnerability
  • CVE-2017-8712 - Hyper-V Information Disclosure Vulnerability
  • CVE-2017-8713 - Hyper-V Information Disclosure Vulnerability
  • CVE-2017-8733 - Internet Explorer Spoofing Vulnerability
  • CVE-2017-8628 - Microsoft Bluetooth Driver Spoofing Vulnerability
  • CVE-2017-8736 - Microsoft Browser Information Disclosure Vulnerability
  • CVE-2017-8597 - Microsoft Edge Information Disclosure Vulnerability
  • CVE-2017-8643 - Microsoft Edge Information Disclosure Vulnerability
  • CVE-2017-8648 - Microsoft Edge Information Disclosure Vulnerability
  • CVE-2017-8754 - Microsoft Edge Security Feature Bypass Vulnerability
  • CVE-2017-8724 - Microsoft Edge Spoofing Vulnerability
  • CVE-2017-8758 - Microsoft Exchange Cross-Site Scripting Vulnerability
  • CVE-2017-11761 - Microsoft Exchange Information Disclosure Vulnerability
  • CVE-2017-8630 - Microsoft Office Memory Corruption Vulnerability
  • CVE-2017-8631 - Microsoft Office Memory Corruption Vulnerability
  • CVE-2017-8632 - Microsoft Office Memory Corruption Vulnerability
  • CVE-2017-8744 - Microsoft Office Memory Corruption Vulnerability
  • CVE-2017-8725 - Microsoft Office Publisher Remote Code Execution
  • CVE-2017-8567 - Microsoft Office Remote Code Execution
  • CVE-2017-8745 - Microsoft SharePoint Cross Site Scripting Vulnerability
  • CVE-2017-8629 - Microsoft SharePoint XSS Vulnerability
  • CVE-2017-8742 - PowerPoint Remote Code Execution Vulnerability
  • CVE-2017-8743 - PowerPoint Remote Code Execution Vulnerability
  • CVE-2017-8714 - Remote Desktop Virtual Host Remote Code Execution Vulnerability
  • CVE-2017-8739 - Scripting Engine Information Disclosure Vulnerability
  • CVE-2017-8692 - Uniscribe Remote Code Execution Vulnerability
  • CVE-2017-8675 - Win32k Elevation of Privilege Vulnerability
  • CVE-2017-8720 - Win32k Elevation of Privilege Vulnerability
  • CVE-2017-8683 - Win32k Graphics Information Disclosure Vulnerability
  • CVE-2017-8677 - Win32k Information Disclosure Vulnerability
  • CVE-2017-8678 - Win32k Information Disclosure Vulnerability
  • CVE-2017-8680 - Win32k Information Disclosure Vulnerability
  • CVE-2017-8681 - Win32k Information Disclosure Vulnerability
  • CVE-2017-8687 - Win32k Information Disclosure Vulnerability
  • CVE-2017-8702 - Windows Elevation of Privilege Vulnerability
  • CVE-2017-8684 - Windows GDI+ Information Disclosure Vulnerability
  • CVE-2017-8685 - Windows GDI+ Information Disclosure Vulnerability
  • CVE-2017-8688 - Windows GDI+ Information Disclosure Vulnerability
  • CVE-2017-8710 - Windows Information Disclosure Vulnerability
  • CVE-2017-8679 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2017-8708 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2017-8709 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2017-8719 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2017-8716 - Windows Security Feature Bypass Vulnerability
  • CVE-2017-8699 - Windows Shell Remote Code Execution Vulnerability

中危漏洞

  • CVE-2017-8723 - Microsoft Edge Security Feature Bypass Vulnerability
  • CVE-2017-8735 - Internet Explorer Memory Corruption Vulnerability

安全建议

阿里云安全团队建议您关注这些漏洞,并根据业务情况去更新补丁,提高服务器安全性。

建议您开启Windows Update功能,然后单击检查更新按钮,根据业务情况下载安装相关安全补丁。安装完毕后重启服务器,检查系统运行情况。

注意:在安装更新前,请先进行测试,并务必准备好数据备份和快照,防止发生意外。

情报来源