政府电脑保安事故协调中心 - 保安警报(A17-07-03): Microsoft 产品多个漏洞 (2017年7月)

描述:

Microsoft 发布了 59 个安全性更新，以应对多个影响个别 Microsoft 产品或元件的漏洞，其中之一是较早前的安全公告的重大修订。

受影响的系统:

Microsoft Internet Explorer 9, 10, 11
Microsoft Edge
Microsoft Windows 7, 8.1, RT 8.1, 10
Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
Microsoft Office 2007, 2010, 2013, 2013 RT, 2016, 2011 for Mac, 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Web Apps 2010
Microsoft Office Online Server 2016
Microsoft Excel 2007, 2010, 2013, 2016
Microsoft Excel Viewer 2007
Excel Services
Microsoft SharePoint Enterprise Server 2013, 2016
Microsoft Business Productivity Servers 2010
Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, 4.7
Microsoft Exchange Server 2010, 2013, 2016

有关受影响产品的完整列表，请参阅Microsoft资讯安全技术中心:

https://portal.msrc.microsoft.com/en-us/security-guidance

影响:

成功利用这些漏洞可以导致服务受阻断、提高权限、泄漏资讯、远端执行程式码、绕过保安限制或仿冒诈骗，视乎攻击者利用哪个漏洞而定。

建议:

受影响产品的修补程式可在 Windows Update 或 Microsoft Update Catalog 获取。受影响系统的用户应遵从产品供应商的建议，立即采取行动以降低风险。

进一步信息:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/f2b16606-4945-e711-80dc-000d3a32fc99
https://www.hkcert.org/my_url/en/alert/17061401
https://www.us-cert.gov/ncas/current-activity/2017/07/11/Microsoft-Releases-July-2017-Security-Updates
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8559 (to CVE-2017-8566)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8573 (to CVE-2017-8582)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8587 (to CVE-2017-8590)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8594 (to CVE-2017-8596)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8601 (to CVE-2017-8611)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8617 (to CVE-2017-8619)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8621

标签 : Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , Microsoft Office Web Apps , Excel , SharePoint , Microsoft Exchange Server , .NET Framework , Business Productivity Servers