保安警報 (A16-06-02): Microsoft 產品多個漏洞 (2016年6月)

描述:

Microsoft發布了以下16個安全性公告，以應對多個影響個別 Microsoft 產品或元件的漏洞:

MS16-063 Internet Explorer 的累積安全性更新
MS16-068 Microsoft Edge 的累積安全性更新
MS16-069 JScript 和 VBScript 的累積安全性更新
MS16-070 Microsoft Office 的安全性更新
MS16-071 Microsoft Windows DNS 伺服器的安全性更新
MS16-072 群組原則的安全性更新
MS16-073 Windows 核心模式驅動程式的安全性更新
MS16-074 Microsoft 圖形元件的安全性更新
MS16-075 Windows SMB Server 的安全性更新
MS16-076 Netlogon 的安全性更新
MS16-077 WPAD 的安全性更新
MS16-078 Windows Diagnostic Hub 的安全性更新
MS16-079 Microsoft Exchange Server 的安全性更新
MS16-080 Microsoft Windows PDF 的安全性更新
MS16-081 Active Directory 的安全性更新
MS16-082 Microsoft Windows 搜尋元件的安全性更新

受影響的系統:

• Microsoft Edge
• Microsoft Exchange Server 2007, 2010, 2013, 2016
• Microsoft Internet Explorer 9, 10, 11
• Microsoft Office 2007, 2010, 2013, 2013 RT, 2016, Office for Mac 2011, 2016
• Microsoft Office Compatibility Pack, Word Viewer, Visio Viewer 2007, Visio Viewer 2010
• Microsoft Office Online Server
• Microsoft Office Web Apps 2010, 2013
• Microsoft SharePoint Server 2010, 2013
• Microsoft Windows Vista, 7, 8.1, RT 8.1, 10
• Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2

有關受影響產品的完整列表，請參閱Microsoft安全性公告摘要中的「受影響的軟體」部分：

https://technet.microsoft.com/library/security/ms16-jun

影響:

成功利用這些漏洞可以執行程式碼、導致服務受阻斷、提高權限、繞過保安限制或泄漏資訊，視乎攻擊者利用哪個漏洞而定。

建議:

受影響產品的修補程式可在 Microsoft Update 網站獲取。受影響系統的用戶應遵從產品供應商的建議，立即採取行動以降低風險。

• Microsoft Update
  http://update.microsoft.com/microsoftupdate

進一步資訊:

https://technet.microsoft.com/en-us/library/security/ms16-jun
https://technet.microsoft.com/library/security/MS16-063
https://technet.microsoft.com/library/security/MS16-068
https://technet.microsoft.com/library/security/MS16-069
https://technet.microsoft.com/library/security/MS16-070
https://technet.microsoft.com/library/security/MS16-071
https://technet.microsoft.com/library/security/MS16-072
https://technet.microsoft.com/library/security/MS16-073
https://technet.microsoft.com/library/security/MS16-074
https://technet.microsoft.com/library/security/MS16-075
https://technet.microsoft.com/library/security/MS16-076
https://technet.microsoft.com/library/security/MS16-077
https://technet.microsoft.com/library/security/MS16-078
https://technet.microsoft.com/library/security/MS16-079
https://technet.microsoft.com/library/security/MS16-080
https://technet.microsoft.com/library/security/MS16-081
https://technet.microsoft.com/library/security/MS16-082
https://www.us-cert.gov/ncas/current-activity/2016/06/14/Microsoft-Releases-June-2016-Security-Bulletin
https://www.hkcert.org/my_url/en/alert/16061501
https://www.hkcert.org/my_url/en/alert/16061502
https://www.hkcert.org/my_url/en/alert/16061503
https://www.hkcert.org/my_url/en/alert/16061504
https://www.hkcert.org/my_url/en/alert/16061505
https://www.hkcert.org/my_url/en/alert/16061506
https://www.hkcert.org/my_url/en/alert/16061507
https://www.hkcert.org/my_url/en/alert/16061508
https://www.hkcert.org/my_url/en/alert/16061509
https://www.hkcert.org/my_url/en/alert/16061510
https://www.hkcert.org/my_url/en/alert/16061511
https://www.hkcert.org/my_url/en/alert/16061512
https://www.hkcert.org/my_url/en/alert/16061513
https://www.hkcert.org/my_url/en/alert/16061514
https://www.hkcert.org/my_url/en/alert/16061515
https://www.hkcert.org/my_url/en/alert/16061516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0199 (to CVE-2016-0200)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3198 (to CVE-2016-3199)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3201 (to CVE-2016-3203)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3205 (to CVE-2016-3207)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3210 (to CVE-2016-3216)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3218 (to CVE-2016-3223)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3225 (to CVE-2016-3228)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3230 (to CVE-2016-3236)