政府電腦保安事故協調中心 - 保安警報 (A18-03-02): Microsoft 產品多個漏洞 (2018年3月)

描述:

Microsoft 發布了 47 個安全性更新，以應對多個影響個別 Microsoft 產品或元件漏洞。

受影響的系統:

Microsoft Internet Explorer 9, 10, 11
Microsoft Edge
Microsoft Windows 7, 8.1, RT 8.1, 10
Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
Microsoft Windows Server, version 1709
Microsoft Office 2010, 2016 for Mac, 2016 Click-to-Run
Microsoft Office Compatibility Pack
Microsoft Office Online Server 2016
Microsoft Office Web Apps 2010, 2013,
Microsoft Office Web Apps Server 2013
Microsoft Office Word Viewer
Microsoft Access 2010, 2013, 2016
Microsoft Excel 2007, 2010, 2013, 2013 RT, 2016
Microsoft Word 2007, 2010, 2013, 2013 RT, 2016
Microsoft Project Server 2013
Microsoft Exchange Server 2010, 2013, 2016
Microsoft SharePoint Enterprise Server 2013, 2016
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2010
Microsoft Identity Manager 2016
PowerShell Core 6.0.0
.NET Core 1.0, 1.1, 2.0
ASP.NET Core 2.0
ChakraCore

有關受影響產品的完整列表，請參考以下網址:

https://portal.msrc.microsoft.com/en-us/security-guidance

影響:

成功利用這些漏洞可以導致遠端執行程式碼、服務受阻斷、提高權限、泄漏資訊或繞過保安功能，視乎攻擊者利用哪個漏洞而定。

建議:

受影響產品的修補程式可在 Windows Update 或 Microsoft Update Catalog 獲取。受影響系統的用戶應遵從產品供應商的建議，立即採取行動以降低風險。

進一步資訊:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/6c8fa125-28f6-e711-a963-000d3a33a34d
https://support.microsoft.com/en-us/help/20180313/security-update-deployment-information
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180006
https://www.hkcert.org/my_url/zh/alert/18031401
https://www.us-cert.gov/ncas/current-activity/2018/03/13/Microsoft-Releases-March-2018-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0813 (to CVE-2018-0817)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0872 (to CVE-2018-0886)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0893 (to CVE-2018-0904)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0907 (to CVE-2018-0917)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0921 (to CVE-2018-0927)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0929 (to CVE-2018-0937)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0939 (to CVE-2018-0942)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0983

標籤 : Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , Microsoft Office Web Apps , Access , Excel , Word , Project Server , Exchange Server , SharePoint , Identity Manager , PowerShell Core , .NET Core , ASP.NET Core , ChakraCore