政府电脑保安事故协调中心 - 保安警报 (A17-10-03): Microsoft 产品多个漏洞 (2017年10月)

描述:

Microsoft 发布了 50 个安全性更新，以应对多个影响个别 Microsoft 产品或元件漏洞，其中 7 项更新加强了多层防御措施的保安。

有报告指漏洞正受到攻击。

受影响的系统:

Microsoft Internet Explorer 9, 10, 11
Microsoft Edge
Microsoft Windows 7, 8.1, RT 8.1, 10
Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
Microsoft Office 2010, 2013, 2013 RT, 2016, 2016 for Mac
Microsoft Office Compatibility Pack
Microsoft Office Web Apps Server 2010, 2013
Microsoft Office Word Viewer
Microsoft Word 2007, 2010, 2013, 2013 RT, 2016
Microsoft Office Online Server 2016
Word Automation Services
Microsoft Lync 2013
Microsoft Outlook 2010, 2013, 2013 RT, 2016
Microsoft SharePoint Enterprise Server 2013, 2016
Skype for Business 2016
ChakraCore

有关受影响产品的完整列表，请参阅Microsoft资讯安全技术中心:

https://portal.msrc.microsoft.com/en-us/security-guidance

影响:

成功利用这些漏洞可以导致远端执行程式码、提高权限、泄漏资讯、服务受阻断或绕过保安功能，视乎攻击者利用哪个漏洞而定。

建议:

受影响产品的修补程式可在 Windows Update 或 Microsoft Update Catalog 获取。受影响系统的用户应遵从产品供应商的建议，立即采取行动以降低风险。

进一步信息:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/313ae481-3088-e711-80e2-000d3a32fc99
https://support.microsoft.com/en-us/help/20171010/security-update-deployment-information
https://www.hkcert.org/my_url/zh/alert/17101101
https://www.us-cert.gov/ncas/current-activity/2017/10/10/Microsoft-Releases-October-2017-Security-Updates
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170014
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170016
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8715
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11774 (to CVE-2017-11777)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11779 (to CVE-2017-11786)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11792 (to CVE-2017-11794)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11796 (to CVE-2017-11802)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11804 (to CVE-2017-11826)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11829

标签 : Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , Microsoft Office Web Apps , Lync , Outlook , SharePoint , Skype , ChakraCore