保安警报 (A16-06-02): Microsoft 产品多个漏洞 (2016年6月)

描述:

Microsoft发布了以下16个安全性公告，以应对多个影响个别 Microsoft 产品或组件的漏洞:

MS16-063 Internet Explorer 的累积安全性更新
MS16-068 Microsoft Edge 的累积安全性更新
MS16-069 JScript 和 VBScript 的累积安全性更新
MS16-070 Microsoft Office 的安全性更新
MS16-071 Microsoft Windows DNS 服务器的安全性更新
MS16-072 组策略的安全性更新
MS16-073 Windows 内核模式驱动程序的安全性更新
MS16-074 Microsoft 图形组件的安全性更新
MS16-075 Windows SMB Server 的安全性更新
MS16-076 Netlogon 的安全性更新
MS16-077 WPAD 的安全性更新
MS16-078 Windows Diagnostic Hub 的安全性更新
MS16-079 Microsoft Exchange Server 的安全性更新
MS16-080 Microsoft Windows PDF 的安全性更新
MS16-081 Active Directory 的安全性更新
MS16-082 Microsoft Windows 搜寻组件的安全性更新

受影响的系统:

• Microsoft Edge
• Microsoft Exchange Server 2007, 2010, 2013, 2016
• Microsoft Internet Explorer 9, 10, 11
• Microsoft Office 2007, 2010, 2013, 2013 RT, 2016, Office for Mac 2011, 2016
• Microsoft Office Compatibility Pack, Word Viewer, Visio Viewer 2007, Visio Viewer 2010
• Microsoft Office Online Server
• Microsoft Office Web Apps 2010, 2013
• Microsoft SharePoint Server 2010, 2013
• Microsoft Windows Vista, 7, 8.1, RT 8.1, 10
• Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2

有关受影响产品的完整列表，请参阅Microsoft安全性公告摘要中的「受影响的软体」部分：

https://technet.microsoft.com/library/security/ms16-jun

影响:

成功利用这些漏洞可以执行程序代码、导致服务受阻断、提高权限、绕过保安限制或泄漏信息，视乎攻击者利用哪个漏洞而定。

建议:

受影响产品的修补程序可在 Microsoft Update 网站获取。受影响系统的用户应遵从产品供货商的建议，立即采取行动以降低风险。

• Microsoft Update
  http://update.microsoft.com/microsoftupdate

进一步信息:

https://technet.microsoft.com/en-us/library/security/ms16-jun
https://technet.microsoft.com/library/security/MS16-063
https://technet.microsoft.com/library/security/MS16-068
https://technet.microsoft.com/library/security/MS16-069
https://technet.microsoft.com/library/security/MS16-070
https://technet.microsoft.com/library/security/MS16-071
https://technet.microsoft.com/library/security/MS16-072
https://technet.microsoft.com/library/security/MS16-073
https://technet.microsoft.com/library/security/MS16-074
https://technet.microsoft.com/library/security/MS16-075
https://technet.microsoft.com/library/security/MS16-076
https://technet.microsoft.com/library/security/MS16-077
https://technet.microsoft.com/library/security/MS16-078
https://technet.microsoft.com/library/security/MS16-079
https://technet.microsoft.com/library/security/MS16-080
https://technet.microsoft.com/library/security/MS16-081
https://technet.microsoft.com/library/security/MS16-082
https://www.us-cert.gov/ncas/current-activity/2016/06/14/Microsoft-Releases-June-2016-Security-Bulletin
https://www.hkcert.org/my_url/en/alert/16061501
https://www.hkcert.org/my_url/en/alert/16061502
https://www.hkcert.org/my_url/en/alert/16061503
https://www.hkcert.org/my_url/en/alert/16061504
https://www.hkcert.org/my_url/en/alert/16061505
https://www.hkcert.org/my_url/en/alert/16061506
https://www.hkcert.org/my_url/en/alert/16061507
https://www.hkcert.org/my_url/en/alert/16061508
https://www.hkcert.org/my_url/en/alert/16061509
https://www.hkcert.org/my_url/en/alert/16061510
https://www.hkcert.org/my_url/en/alert/16061511
https://www.hkcert.org/my_url/en/alert/16061512
https://www.hkcert.org/my_url/en/alert/16061513
https://www.hkcert.org/my_url/en/alert/16061514
https://www.hkcert.org/my_url/en/alert/16061515
https://www.hkcert.org/my_url/en/alert/16061516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0199 (to CVE-2016-0200)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3198 (to CVE-2016-3199)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3201 (to CVE-2016-3203)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3205 (to CVE-2016-3207)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3210 (to CVE-2016-3216)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3218 (to CVE-2016-3223)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3225 (to CVE-2016-3228)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3230 (to CVE-2016-3236)