保安警报 (A16-07-01): Microsoft 产品多个漏洞 (2016年7月)

描述:

Microsoft发布了以下11个安全性公告，以应对多个影响个别 Microsoft 产品或组件的漏洞:

MS16-084 Internet Explorer 累积安全更新
MS16-085 Microsoft Edge 累积安全更新
MS16-086 JScript 和 VBScript 的累积安全更新
MS16-087 Windows 打印后台处理程序组件安全更新
MS16-088 Microsoft Office 安全更新
MS16-089 Windows 安全内核模式安全更新
MS16-090 Windows 内核模式驱动程序安全更新
MS16-091 .NET Framework 安全更新
MS16-092 Windows 内核安全更新程序
MS16-093 Adobe Flash Player 安全更新
MS16-094 安全启动安全更新

受影响的系统:

• Microsoft Edge
• Microsoft Internet Explorer 9, 10, 11
• Microsoft Office 2007, 2010, 2013, 2013 RT, 2016, Office for Mac 2011, 2016
• Microsoft Office Compatibility Pack, Word Viewer, Excel Viewer
• Microsoft Office Online Server
• Microsoft Office Web Apps 2010, 2013
• Microsoft SharePoint Server 2010, 2013, 2016
• Microsoft Windows Vista, 7, 8.1, RT 8.1, 10
• Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2

有关受影响产品的完整列表，请参阅Microsoft安全性公告摘要中的「受影响的软体」部分：

https://technet.microsoft.com/library/security/ms16-jul

影响:

成功利用这些漏洞可以执行程序代码、导致服务受阻断、提高权限、绕过保安限制或泄漏信息，视乎攻击者利用哪个漏洞而定。

建议:

受影响产品的修补程序可在 Microsoft Update 网站获取。受影响系统的用户应遵从产品供货商的建议，立即采取行动以降低风险。

• Microsoft Update
  http://update.microsoft.com/microsoftupdate
  
  

进一步信息:

https://technet.microsoft.com/en-us/library/security/ms16-jul
https://technet.microsoft.com/library/security/MS16-084
https://technet.microsoft.com/library/security/MS16-085
https://technet.microsoft.com/library/security/MS16-086
https://technet.microsoft.com/library/security/MS16-087
https://technet.microsoft.com/library/security/MS16-088
https://technet.microsoft.com/library/security/MS16-089
https://technet.microsoft.com/library/security/MS16-090
https://technet.microsoft.com/library/security/MS16-091
https://technet.microsoft.com/library/security/MS16-092
https://technet.microsoft.com/library/security/MS16-093
https://technet.microsoft.com/library/security/MS16-094
https://www.us-cert.gov/ncas/current-activity/2016/07/12/Microsoft-Releases-Security-Updates
https://www.hkcert.org/my_url/en/alert/16071301
https://www.hkcert.org/my_url/en/alert/16071302
https://www.hkcert.org/my_url/en/alert/16071303
https://www.hkcert.org/my_url/en/alert/16071304
https://www.hkcert.org/my_url/en/alert/16071305
https://www.hkcert.org/my_url/en/alert/16071306
https://www.hkcert.org/my_url/en/alert/16071307
https://www.hkcert.org/my_url/en/alert/16071308
https://www.hkcert.org/my_url/en/alert/16071309
https://www.hkcert.org/my_url/en/alert/16071310
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2016-3204
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2016-3238 (to CVE-2016-3246)
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2016-3248 (to CVE-2016-3252)
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2016-3254 (to CVE-2016-3256)
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2016-3258 (to CVE-2016-3261)
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2016-3264 (to CVE-2016-3265)
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2016-3269
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2016-3271 (to CVE-2016-3274)
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2016-3276 (to CVE-2016-3284)
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2016-3286 (to CVE-2016-3287)