阿里云首页> 安全公告> 【漏洞公告】微软“7月周二补丁日”发布53个漏洞补丁

【漏洞公告】微软“7月周二补丁日”发布53个漏洞补丁

近日,阿里云云盾应急响应中心监测到微软发布7月份的安全公告,本次安全公告显示微软修补了53个漏洞,其中其中包含17个严重漏洞,攻击者可利用漏洞实施权限提升、远程代码执行等攻击。

 

漏洞影响范围:
7月发布的漏洞公告涉及到的微软产品:
ChakraCore
Microsoft Edge
ASP.NET Core
Internet Explorer
Microsoft .NET Framework 
Microsoft Visual Studio 
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
Microsoft Lync 2013 
Skype for Business 

 

严重漏洞如下,共17个:
CVE-2018-8242 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8262 - Microsoft Edge Memory Corruption Vulnerability
CVE-2018-8274 - Microsoft Edge Memory Corruption Vulnerability
CVE-2018-8275 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8279 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8280 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8283 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8286 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8288 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8290 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8291 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8294 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8296 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8298 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8301 - Microsoft Edge Memory Corruption Vulnerability
CVE-2018-8324 - Microsoft Edge Information Disclosure Vulnerability
CVE-2018-8327 - PowerShell Editor Services Remote Code Execution Vulnerability
 


安全建议:
阿里云友情提示阿里云用户关注,并根据业务情况及时更新补丁,以提高服务器安全性。
1.建议用户打开Windows Update功能,然后点击“检查更新”按钮,根据业务情况下载安装相关安全补丁; 
2.安装完毕后重启服务器,检查系统运行情况。 
注意:在更新安装升级前,建议做好测试工作,并务必做好数据备份和快照,防止出现意外。

我们会关注后续进展,请随时关注官方公告。


如有任何问题,可随时通过工单或服务电话95187联系反馈。
阿里云云盾应急响应中心
2018.07.11