政府电脑保安事故协调中心 - 保安警报 (A18-03-02): Microsoft 产品多个漏洞 (2018年3月)

描述:

Microsoft 发布了 47 个安全性更新，以应对多个影响个别 Microsoft 产品或元件漏洞。

受影响的系统:

Microsoft Internet Explorer 9, 10, 11
Microsoft Edge
Microsoft Windows 7, 8.1, RT 8.1, 10
Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
Microsoft Windows Server, version 1709
Microsoft Office 2010, 2016 for Mac, 2016 Click-to-Run
Microsoft Office Compatibility Pack
Microsoft Office Online Server 2016
Microsoft Office Web Apps 2010, 2013,
Microsoft Office Web Apps Server 2013
Microsoft Office Word Viewer
Microsoft Access 2010, 2013, 2016
Microsoft Excel 2007, 2010, 2013, 2013 RT, 2016
Microsoft Word 2007, 2010, 2013, 2013 RT, 2016
Microsoft Project Server 2013
Microsoft Exchange Server 2010, 2013, 2016
Microsoft SharePoint Enterprise Server 2013, 2016
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2010
Microsoft Identity Manager 2016
PowerShell Core 6.0.0
.NET Core 1.0, 1.1, 2.0
ASP.NET Core 2.0
ChakraCore

有关受影响产品的完整列表，请参考以下网址:

https://portal.msrc.microsoft.com/en-us/security-guidance

影响:

成功利用这些漏洞可以导致远端执行程式码、服务受阻断、提高权限、泄漏资讯或绕过保安功能，视乎攻击者利用哪个漏洞而定。

建议:

受影响产品的修补程式可在 Windows Update 或 Microsoft Update Catalog 获取。受影响系统的用户应遵从产品供应商的建议，立即采取行动以降低风险。

进一步信息:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/6c8fa125-28f6-e711-a963-000d3a33a34d
https://support.microsoft.com/en-us/help/20180313/security-update-deployment-information
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180006
https://www.hkcert.org/my_url/zh/alert/18031401
https://www.us-cert.gov/ncas/current-activity/2018/03/13/Microsoft-Releases-March-2018-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0813 (to CVE-2018-0817)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0872 (to CVE-2018-0886)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0893 (to CVE-2018-0904)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0907 (to CVE-2018-0917)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0921 (to CVE-2018-0927)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0929 (to CVE-2018-0937)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0939 (to CVE-2018-0942)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0983

标签 : Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , Microsoft Office Web Apps , Access , Excel , Word , Project Server , Exchange Server , SharePoint , Identity Manager , PowerShell Core , .NET Core , ASP.NET Core , ChakraCore