政府电脑保安事故协调中心 - 保安警报 (A18-07-04): Microsoft 产品多个漏洞 (2018年7月)

描述:

Microsoft 发布了安全性更新，以应对多个影响个别 Microsoft 产品或元件的多个漏洞。有关安全性更新的列表，请参考以下网址:

https://support.microsoft.com/en-us/help/20180710/security-update-deployment-information-july-10-2018

受影响的系统:

Microsoft Internet Explorer 9, 10, 11
Microsoft Edge
Microsoft Windows 7, 8.1, RT 8.1, 10
Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
Microsoft Windows Server, version 1709, version 1803
Microsoft Office 2010, 2016, 2016 Click-to-Run, 2016 for Mac
Microsoft Office Compatibility Pack
Microsoft Access 2013, 2016
Microsoft Excel Viewer
Microsoft Office Word Viewer
Microsoft PowerPoint Viewer
Microsoft Word 2010, 2013, 2013 RT, 2016
Microsoft SharePoint Enterprise Server 2013, 2016
Microsoft SharePoint Foundation 2013
ASP.NET Core 1.0, 1.1, 2.0
ASP.NET MVC 5.2
ASP.NET Web Pages 3.2.3
ChakraCore
Expression Blend 4 Service Pack 3
Mail, Calendar, and People in Windows 8.1 App Store
Microsoft .NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2
Microsoft Lync 2013
Microsoft Research JavaScript Cryptography Library
Microsoft Visual Studio 2010, 2012, 2013, 2015, 2017, 2017 Version 15.7.5, 2017 Version 15.8 Preview
Microsoft Wireless Display Adapter V2 Software Version 2.0.8350, 2.0.8365, 2.0.8372
PowerShell Editor Services, Extension for Visual Studio Code
Skype for Business 2016
Web Customizations for Active Directory Federation Services
.NET Core 1.0, 1.1, 2.0
.NET Framework 4.7.2 Developer Pack

有关受影响产品的完整列表，请参考以下网址:

https://portal.msrc.microsoft.com/en-us/security-guidance

影响:

成功利用这些漏洞可以导致远端执行程式码、服务受阻断、权限提升、泄漏资讯、绕过保安功能、仿冒诈骗或篡改，视乎攻击者利用哪个漏洞而定。

建议:

受影响产品的修补程式可在 Windows Update 或 Microsoft Update Catalog 获取。受影响系统的用户应遵从产品供应商的建议，立即采取行动以降低风险。

进一步信息:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/1c26eff2-573f-e811-a96f-000d3a33c573
https://support.microsoft.com/en-us/help/20180710/security-update-deployment-information-july-10-2018
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180017
https://www.hkcert.org/my_url/zh/alert/18071101
https://www.us-cert.gov/ncas/current-activity/2018/07/10/Microsoft-Releases-July-2018-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8274 (to CVE-2018-8276)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8278 (to CVE-2018-8284)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8286 (to CVE-2018-8291)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8296 (to CVE-2018-8301)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8304 (to CVE-2018-8314)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8323 (to CVE-2018-8327)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8356

标签 : Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , Access , Excel , Word , PowerPoint , SharePoint , ASP.NET , ChakraCore , Expression Blend , Lync , Research JavaScript Cryptography Library , Visual Studio , Wireless Display Adapter V2 Software , PowerShell , Skype , Web Customizations for Active Directory Federation Services , .NET , Mail , Calendar , People