政府電腦保安事故協調中心 - 保安警報 (A18-07-04): Microsoft 產品多個漏洞 (2018年7月)

描述:

Microsoft 發布了安全性更新，以應對多個影響個別 Microsoft 產品或元件的多個漏洞。有關安全性更新的列表，請參考以下網址:

https://support.microsoft.com/en-us/help/20180710/security-update-deployment-information-july-10-2018

受影響的系統:

Microsoft Internet Explorer 9, 10, 11
Microsoft Edge
Microsoft Windows 7, 8.1, RT 8.1, 10
Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
Microsoft Windows Server, version 1709, version 1803
Microsoft Office 2010, 2016, 2016 Click-to-Run, 2016 for Mac
Microsoft Office Compatibility Pack
Microsoft Access 2013, 2016
Microsoft Excel Viewer
Microsoft Office Word Viewer
Microsoft PowerPoint Viewer
Microsoft Word 2010, 2013, 2013 RT, 2016
Microsoft SharePoint Enterprise Server 2013, 2016
Microsoft SharePoint Foundation 2013
ASP.NET Core 1.0, 1.1, 2.0
ASP.NET MVC 5.2
ASP.NET Web Pages 3.2.3
ChakraCore
Expression Blend 4 Service Pack 3
Mail, Calendar, and People in Windows 8.1 App Store
Microsoft .NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2
Microsoft Lync 2013
Microsoft Research JavaScript Cryptography Library
Microsoft Visual Studio 2010, 2012, 2013, 2015, 2017, 2017 Version 15.7.5, 2017 Version 15.8 Preview
Microsoft Wireless Display Adapter V2 Software Version 2.0.8350, 2.0.8365, 2.0.8372
PowerShell Editor Services, Extension for Visual Studio Code
Skype for Business 2016
Web Customizations for Active Directory Federation Services
.NET Core 1.0, 1.1, 2.0
.NET Framework 4.7.2 Developer Pack

有關受影響產品的完整列表，請參考以下網址:

https://portal.msrc.microsoft.com/en-us/security-guidance

影響:

成功利用這些漏洞可以導致遠端執行程式碼、服務受阻斷、權限提升、泄漏資訊、繞過保安功能、仿冒詐騙或篡改，視乎攻擊者利用哪個漏洞而定。

建議:

受影響產品的修補程式可在 Windows Update 或 Microsoft Update Catalog 獲取。受影響系統的用戶應遵從產品供應商的建議，立即採取行動以降低風險。

進一步資訊:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/1c26eff2-573f-e811-a96f-000d3a33c573
https://support.microsoft.com/en-us/help/20180710/security-update-deployment-information-july-10-2018
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180017
https://www.hkcert.org/my_url/zh/alert/18071101
https://www.us-cert.gov/ncas/current-activity/2018/07/10/Microsoft-Releases-July-2018-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8274 (to CVE-2018-8276)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8278 (to CVE-2018-8284)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8286 (to CVE-2018-8291)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8296 (to CVE-2018-8301)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8304 (to CVE-2018-8314)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8323 (to CVE-2018-8327)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8356

標籤 : Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , Access , Excel , Word , PowerPoint , SharePoint , ASP.NET , ChakraCore , Expression Blend , Lync , Research JavaScript Cryptography Library , Visual Studio , Wireless Display Adapter V2 Software , PowerShell , Skype , Web Customizations for Active Directory Federation Services , .NET , Mail , Calendar , People