全部产品

【漏洞公告】微软“周二补丁日”—2018年06月

更新时间:2018-06-14 10:23:56

美国时间2018年6月13日,微软发布其漏洞安全公告。本月的安全公告涉及50个新漏洞,其中11个评级为严重,其中39个评级为高危。这些漏洞影响Microsoft Edge, Internet Explorer, Chakra Scripting Engine, Windows DNSAPI, Microsoft Office, Windows Kernel等。

重点关注安全漏洞详情:

CVE-2018-1036 - NTFS 本地提权漏洞

NTFS未能正确检查访问权限,成功利用该漏洞的攻击者可以以提升的权限运行进程。利用该漏洞需要攻击者登录到系统并执行特殊构造的恶意程序。

CVE-2018-8224 - Windows 内核提权漏洞

Windows内核未能正确处理内存中的对象,成功利用该漏洞的攻击者可在内核模式下执行任意代码。攻击者可以进一步安装程序,查看,改变或者删除数据,或建立新用户。利用该漏洞需要攻击者登录到系统并执行特殊构造的恶意程序。

CVE-2018-8225 - Windows DNSAPI 远程代码执行漏洞

Windows DNS 的 DNSAPI.dll 中存在一个远程代码执行漏洞,成功利用该漏洞的攻击者可以本地系统帐户权限运行任意代码。利用该漏洞需要攻击者利用恶意DNS服务器向目标机器发送恶意的DNS响应。

阿里云提示企业用户关注,并根据自身业务情况安排补丁升级。具体公告详情如下:

漏洞影响范围:

本次漏洞公告涉及到的微软产品:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • Adobe Flash Player
  • Device Guard
  • Microsoft Scripting Engine
  • Microsoft Windows
  • Windows Hyper-V以及Windows Kernel

严重漏洞:

  • CVE-2018-8225 - Windows DNSAPI Remote Code Execution Vulnerability
  • CVE-2018-8229 - Chakra Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-8267 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-8110 - Microsoft Edge Memory Corruption Vulnerability
  • CVE-2018-8111 - Microsoft Edge Memory Corruption Vulnerability
  • CVE-2018-8213 - Windows Remote Code Execution Vulnerability
  • CVE-2018-8231 - HTTP Protocol Stack Remote Code Execution Vulnerability
  • CVE-2018-8236 - Microsoft Edge Memory Corruption Vulnerability
  • CVE-2018-8243 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-8249 - Internet Explorer Memory Corruption Vulnerability
  • CVE-2018-8251 - Media Foundation Memory Corruption Vulnerability

高危漏洞:

  • CVE-2018-8227 - Chakra Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0871 - Microsoft Edge Information Disclosure Vulnerability
  • CVE-2018-0978 - Internet Explorer Memory Corruption Vulnerability
  • CVE-2018-0982 - Windows Elevation of Privilege Vulnerability
  • CVE-2018-1036 - NTFS Elevation of Privilege Vulnerability
  • CVE-2018-1040 - Windows Code Integrity Module Denial of Service Vulnerability
  • CVE-2018-8113 - Internet Explorer Security Feature Bypass Vulnerability
  • CVE-2018-8121 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2018-8140 - Cortana Elevation of Privilege Vulnerability
  • CVE-2018-8169 - HIDParser Elevation of Privilege Vulnerability
  • CVE-2018-8175 - WEBDAV Denial of Service Vulnerability
  • CVE-2018-8201 - Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  • CVE-2018-8205 - Windows Denial of Service Vulnerability
  • CVE-2018-8207 - Windows Kernel Information Disclosure Vulnerability
  • CVE-2018-8208 - Windows Desktop Bridge Elevation of Privilege Vulnerability
  • CVE-2018-8209 - Windows Wireless Network Profile Information Disclosure Vulnerability
  • CVE-2018-8210 - Windows Remote Code Execution Vulnerability
  • CVE-2018-8211 - Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  • CVE-2018-8212 - Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  • CVE-2018-8214 - Windows Desktop Bridge Elevation of Privilege Vulnerability
  • CVE-2018-8215 - Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  • CVE-2018-8216 - Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  • CVE-2018-8217 - Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  • CVE-2018-8218 - Windows Hyper-V Denial of Service Vulnerability
  • CVE-2018-8219 - Hypervisor Code Integrity Elevation of Privilege Vulnerability
  • CVE-2018-8221 - Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
  • CVE-2018-8224 - Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2018-8226 - HTTP.sys Denial of Service Vulnerability
  • CVE-2018-8233 - Win32k Elevation of Privilege Vulnerability
  • CVE-2018-8234 - Microsoft Edge Information Disclosure Vulnerability
  • CVE-2018-8235 - Microsoft Edge Security Feature Bypass Vulnerability
  • CVE-2018-8239 - Windows GDI Information Disclosure Vulnerability
  • CVE-2018-8244 - Microsoft Outlook Elevation of Privilege Vulnerability
  • CVE-2018-8245 - Microsoft Office Elevation of Privilege Vulnerability
  • CVE-2018-8246 - Microsoft Excel Information Disclosure Vulnerability
  • CVE-2018-8247 - Microsoft Office Elevation of Privilege Vulnerability
  • CVE-2018-8248 - Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2018-8252 - Microsoft SharePoint Elevation of Privilege Vulnerability
  • CVE-2018-8254 - Microsoft SharePoint Elevation of Privilege Vulnerability

安全建议:

  • 阿里云安全团队建议用户关注,并根据业务情况择机更新补丁,以提高服务器安全性;
  • 建议不要在企业业务系统上安装与业务无关的软件,例如:Office、其他办公软件。防止被黑客利用;
  • 建议用户打开Windows Update功能,然后点击“检查更新”按钮,根据业务情况下载安装相关安全补丁,安装完毕后重启服务器,检查系统运行情况。

    注意:在更新安装升级前,建议做好测试工作,并务必做好数据备份和快照,防止出现意外。

    情报来源:

  • https://blog.talosintelligence.com/2018/06/ms-tuesday.html