保安警报 (A17-06-01): Microsoft 产品多个漏洞 (2017年6月)

描述:

Microsoft 发布了 79 个安全公告，以应对多个影响个别 Microsoft 产品或组件的漏洞。

受影响的系统:

> Microsoft Internet Explorer 9, 10, 11
> Microsoft Edge
> Microsoft Windows XP, Vista, 7, 8, 8.1, RT 8.1, 10
> Microsoft Windows Server 2003, 2003 R2, 2008, 2008 R2, 2012, 2012 R2, 2016
> Microsoft Office 2007, 2010, 2013, 2013 RT, 2016, 2016 Click-to-Run
> Microsoft Office Compatibility Pack
> Microsoft Office Web Apps 2010 Web Apps Server 2010, 2013
> Microsoft Office Online Server 2016
> Microsoft OneNote 2010
> Microsoft Outlook 2007, 2010, 2013, 2016, 2016 for Mac
> Microsoft Excel 2013 RT
> Microsoft PowerPoint 2007, 2013 RT
> Microsoft PowerPoint for Mac 2011, 2016
> Microsoft Project Server 2013
> Microsoft Word 2007, 2010, 2013, 2013 RT, 2016
> Microsoft Word for Mac 2011, 2016
> Microsoft Word Viewer
> Microsoft SharePoint Server 2007, 2013
> Microsoft SharePoint Enterprise Server 2013, 2016
> Microsoft Silverlight 5
> Microsoft Live Meeting 2007
> Microsoft Lync 2010, 2010 Attendee, 2013
> Skype for Business 2016
> Word Automation Services 

有关受影响产品的完整列表，请参阅Microsoft资讯安全技术中心:

https://portal.msrc.microsoft.com/en-us/security-guidance

影响:

成功利用这些漏洞可以导致服务受阻断、提高权限、泄漏资讯、远程执行程序代码、绕过保安限制、仿冒诈骗或篡改，视乎攻击者利用哪个漏洞而定。

建议:

1. 受影响产品的修补程式可在 Windows Update 或 Microsoft Update Catalog 获取。受影响系统的用户应遵从产品供货商的建议，立即采取行动以降低风险。
   
   Microsoft 引述「高风险网络攻击」及发布了多项重要安全公告以阻止黑客活动的散播，请遵从 Microsoft 的指南安排修补程式的优先次序:
   
   支援平台的指南
   https://support.microsoft.com/en-us/help/4025686/microsoft-security-advisory-4025685-guidance-for-supported-platforms
   
   对于已终止支援的平台包括 Windows XP, Vista, 8 及 Server 2003, Microsoft 亦发布了新的安全公告以降低风险。系统管理员需要遵从指南修补受影响的系统:
   
   旧版本平台的指南
   https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms
   
   
2. 即使 Windows 系统支援自动更新，系统管理员亦应核实及确认修补程序是否已成功安装在所有 Windows 系统内。

进一步信息:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/40969d56-1b2a-e711-80db-000d3a32fc99
https://technet.microsoft.com/en-us/library/security/4025685
https://www.hkcert.org/my_url/en/alert/17061401
https://www.us-cert.gov/ncas/current-activity/2017/06/13/Microsoft-Releases-June-2017-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0215 (to CVE-2017-0216)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0218 (to CVE-2017-0219)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0282 (to CVE-2017-0289)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0291 (to CVE-2017-0292)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0294 (to CVE-2017-0300)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8464 (to CVE-2017-8466)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8468 (to CVE-2017-8485)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8488 (to CVE-2017-8494)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8496 (to CVE-2017-8499)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8506 (to CVE-2017-8515)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8519 (to CVE-2017-8524)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8527 (to CVE-2017-8534)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8543 (to CVE-2017-8545)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8547 (to CVE-2017-8553)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8575
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8579
https://helpx.adobe.com/security/products/flash-player/apsb17-17.html