保安警报 (A16-05-02): Microsoft 产品多个漏洞 (2016年5月)

描述:

Microsoft发布了以下16个安全性公告，以应对多个影响个别 Microsoft 产品或组件的漏洞:

MS16-051 Internet Explorer 累积安全性更新
MS16-052 Microsoft Edge 的累积安全性更新
MS16-053 JScript 和 VBScript 的安全性更新
MS16-054 Microsoft Office 的安全性更新
MS16-055 Microsoft 图形组件的安全性更新
MS16-056 Windows 笔记本的安全性更新
MS16-057 Windows Shell 的安全性更新
MS16-058 Windows IIS 的安全性更新
MS16-059 Windows Media Center 的安全性更新
MS16-060 Windows 核心的安全性更新
MS16-061 Microsoft RPC 的安全性更新
MS16-062 Windows 内核模式驱动程序的安全性更新
MS16-064 Adobe Flash Player 的安全性更新
MS16-065 .NET Framework 的安全性更新
MS16-066 虚拟安全模式的安全性更新
MS16-067 磁盘区管理员驱动程序的安全性更新

受影响的系统:

• Microsoft Edge
• Microsoft Internet Explorer 9, 10, 11
• Microsoft Office 2007, 2010, 2013, 2013 RT, 2016, Office for Mac 2011, 2016
• Microsoft Office Compatibility Pack, Word Viewer
• Microsoft Office Web Apps 2010
• Microsoft SharePoint Server 2010
• Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2
• Microsoft Windows Vista, 7, 8.1, RT 8.1, 10

有关受影响产品的完整列表，请参阅Microsoft安全性公告摘要中的「受影响的软体」部分：

https://technet.microsoft.com/library/security/ms16-may

影响:

成功利用这些漏洞可以执行程序代码、导致服务受阻断、提高权限、绕过保安限制或泄漏信息，视乎攻击者利用哪个漏洞而定。

建议:

受影响产品的修补程序可在 Microsoft Update 网站获取。受影响系统的用户应遵从产品供货商的建议，立即采取行动以降低风险。

• Microsoft Update
  http://update.microsoft.com/microsoftupdate
  
  

进一步信息:

https://technet.microsoft.com/en-us/library/security/ms16-may
https://technet.microsoft.com/library/security/MS16-051
https://technet.microsoft.com/library/security/MS16-052
https://technet.microsoft.com/library/security/MS16-053
https://technet.microsoft.com/library/security/MS16-054
https://technet.microsoft.com/library/security/MS16-055
https://technet.microsoft.com/library/security/MS16-056
https://technet.microsoft.com/library/security/MS16-057
https://technet.microsoft.com/library/security/MS16-058
https://technet.microsoft.com/library/security/MS16-059
https://technet.microsoft.com/library/security/MS16-060
https://technet.microsoft.com/library/security/MS16-061
https://technet.microsoft.com/library/security/MS16-062
https://technet.microsoft.com/library/security/MS16-064
https://technet.microsoft.com/library/security/MS16-065
https://technet.microsoft.com/library/security/MS16-066
https://technet.microsoft.com/library/security/MS16-067
https://www.us-cert.gov/ncas/current-activity/2016/05/10/Microsoft-Releases-May-2016-Security-Bulletin
https://www.hkcert.org/my_url/en/alert/16051101
https://www.hkcert.org/my_url/en/alert/16051102
https://www.hkcert.org/my_url/en/alert/16051103
https://www.hkcert.org/my_url/en/alert/16051104
https://www.hkcert.org/my_url/en/alert/16051105
https://www.hkcert.org/my_url/en/alert/16051106
https://www.hkcert.org/my_url/en/alert/16051107
https://www.hkcert.org/my_url/en/alert/16051108
https://www.hkcert.org/my_url/en/alert/16051109
https://www.hkcert.org/my_url/en/alert/16051110
https://www.hkcert.org/my_url/en/alert/16051111
https://www.hkcert.org/my_url/en/alert/16051112
https://www.hkcert.org/my_url/en/alert/16051113
https://www.hkcert.org/my_url/en/alert/16051114
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0168 (to CVE-2016-0171)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0173 (to CVE-2016-0176)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0178 (to CVE-2016-0198)