時間:2018-04-12 來源:互聯網 瀏覽量:
4 月 10 日是微軟四月的修複日。此次微軟一共發布了 66 個補丁,涵蓋的產品包括Windows 係統、IE瀏覽器、Edge瀏覽器、ChakraCire、Office、Office Service 以及 Web 應用、微軟惡意軟件防護引擎、微軟 VisualStudio以及微軟 Azure IoT SDK等。此外,Adobe 也相應修複了 6 款產品中的 19 個漏洞,包括 Flash Player 中的 6 個漏洞(其中 3 個為高危)。
其中,修複的漏洞中不包括 0-day,也沒有任何一個漏洞在野利用,但微軟研究人員在 SharePoint 中發現的一個特權升級漏洞已經向公眾公開。影響 VBScript 引擎的遠程代碼執行漏洞也屬於高危漏洞,可被惡意網站或文件利用。趨勢科技的 Zero Day Initiative(ZDI)指出,由於可能使用 Office 文檔進行利用,因此這個漏洞攻擊麵更廣。
其他嚴重漏洞包括微軟圖形組件中的遠程代碼執行漏洞(包括字體驅動提權漏洞),無線鍵盤中安全功能繞過漏洞等。詳情可查看下表:
標簽CVE IDCVE 標題Adobe Flash PlayerADV180007April 2018 Adobe Flash Security Update 2018 年 4 月 Adobe Flash 安全更新Internet ExplorerCVE-2018-0870Internet Explorer Memory Corruption Vulnerability IE 瀏覽器內損壞漏洞Internet ExplorerCVE-2018-1018Internet Explorer Memory Corruption Vulnerability IE 瀏覽器內損壞漏洞Internet ExplorerCVE-2018-0997Internet Explorer Memory Corruption Vulnerability IE 瀏覽器內損壞漏洞Internet ExplorerCVE-2018-0991Internet Explorer Memory Corruption Vulnerability IE 瀏覽器內損壞漏洞Internet ExplorerCVE-2018-1020Internet Explorer Memory Corruption Vulnerability IE 瀏覽器內損壞漏洞Microsoft BrowsersCVE-2018-1023Microsoft Browser Memory Corruption Vulnerability 微軟瀏覽器內存損壞漏洞Microsoft DevicesCVE-2018-8117Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability 微軟無線鍵盤 850 安全功能繞過漏洞Microsoft EdgeCVE-2018-0892Microsoft Edge Information Disclosure Vulnerability 微軟 Edge 瀏覽器信息披露漏洞Microsoft EdgeCVE-2018-0998Microsoft Edge Information Disclosure Vulnerability 微軟 Edge 瀏覽器信息披露漏洞Microsoft Graphics ComponentCVE-2018-1009Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability 微軟 DirectX Graphics 內核子係統提權漏洞 Microsoft Graphics ComponentCVE-2018-1016Microsoft Graphics Remote Code Execution Vulnerability 微軟Graphics 遠程代碼執行漏洞Microsoft Graphics ComponentCVE-2018-1012Microsoft Graphics Remote Code Execution Vulnerability 微軟Graphics 遠程代碼執行漏洞Microsoft Graphics ComponentCVE-2018-1010Microsoft Graphics Remote Code Execution Vulnerability 微軟Graphics 遠程代碼執行漏洞Microsoft Graphics ComponentCVE-2018-1015Microsoft Graphics Remote Code Execution Vulnerability 微軟Graphics 遠程代碼執行漏洞Microsoft Graphics ComponentCVE-2018-1013Microsoft Graphics Remote Code Execution Vulnerability 微軟Graphics 遠程代碼執行漏洞Microsoft JET Database EngineCVE-2018-1003Microsoft JET Database Engine Remote Code Execution Vulnerability 微軟JET 數據庫引擎遠程代碼執行漏洞 Microsoft Malware Protection EngineCVE-2018-0986Microsoft Malware Protection Engine Remote Code Execution VulnerabilityMicrosoft OfficeCVE-2018-1028Unknown 未知Microsoft OfficeCVE-2018-1026Microsoft Office Remote Code Execution Vulnerability 微軟 Office 遠程代碼執行漏洞Microsoft OfficeCVE-2018-1027Microsoft Excel Remote Code Execution Vulnerability 微軟 Excel 遠程代碼執行漏洞Microsoft OfficeCVE-2018-1029Microsoft Excel Remote Code Execution Vulnerability 微軟 Excel 遠程代碼執行漏洞Microsoft OfficeCVE-2018-1005Microsoft SharePoint Elevation of Privilege Vulnerability 微軟 SharePoint 提權漏洞Microsoft OfficeCVE-2018-1034Microsoft SharePoint Elevation of Privilege Vulnerability 微軟 SharePoint 提權漏洞Microsoft OfficeCVE-2018-1030Microsoft Office Remote Code Execution Vulnerability 微軟 Office 遠程代碼執行漏洞Microsoft OfficeCVE-2018-0950Microsoft Office Information Disclosure Vulnerability 微軟 Office 信息披露漏洞Microsoft OfficeCVE-2018-0920Microsoft Excel Remote Code Execution Vulnerability 微軟 Excel 遠程代碼執行漏洞Microsoft OfficeCVE-2018-1007Microsoft Office Information Disclosure Vulnerability 微軟 Office 信息披露漏洞Microsoft OfficeCVE-2018-1011Microsoft Excel Remote Code Execution Vulnerability 微軟 Excel 遠程代碼執行漏洞Microsoft OfficeCVE-2018-1032Microsoft SharePoint Elevation of Privilege Vulnerability 微軟 SharePoint 提權漏洞Microsoft OfficeCVE-2018-1014Microsoft SharePoint Elevation of Privilege Vulnerability 微軟 SharePoint 提權漏洞Microsoft Scripting EngineCVE-2018-0981Scripting Engine Information Disclosure Vulnerability 微軟腳本引擎信息披露漏洞 Microsoft Scripting EngineCVE-2018-0979Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting 引擎內存損壞漏洞Microsoft Scripting EngineCVE-2018-1019Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting 引擎內存損壞漏洞Microsoft Scripting EngineCVE-2018-0980Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting 引擎內存損壞漏洞Microsoft Scripting EngineCVE-2018-0993Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting 引擎內存損壞漏洞Microsoft Scripting EngineCVE-2018-0994Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting 引擎內存損壞漏洞Microsoft Scripting EngineCVE-2018-0990Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting 引擎內存損壞漏洞Microsoft Scripting EngineCVE-2018-0987Scripting Engine Information Disclosure Vulnerability 微軟腳本引擎信息披露漏洞 Microsoft Scripting EngineCVE-2018-0988Scripting Engine Memory Corruption Vulnerability 微軟腳本引擎內存損壞漏洞 Microsoft Scripting EngineCVE-2018-0995Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting 引擎內存損壞漏洞 Microsoft Scripting EngineCVE-2018-1001Scripting Engine Memory Corruption Vulnerability 微軟腳本引擎內存損壞漏洞 Microsoft Scripting EngineCVE-2018-1004Windows VBScript Engine Remote Code Execution Vulnerability Windows VBScript 引擎遠程代碼執行漏洞 Microsoft Scripting EngineCVE-2018-0989Scripting Engine Information Disclosure Vulnerability 微軟腳本引擎信息披露漏洞 Microsoft Scripting EngineCVE-2018-1000Scripting Engine Information Disclosure Vulnerability 微軟腳本引擎信息披露漏洞 Microsoft Scripting EngineCVE-2018-0996Scripting Engine Memory Corruption Vulnerability 微軟腳本引擎內存損壞漏洞 Microsoft WindowsCVE-2018-0890Active Directory Security Feature Bypass Vulnerability 活躍目錄安全功能繞過漏洞Microsoft WindowsCVE-2018-0966Device Guard Security Feature Bypass Vulnerability Device Guard 安全功能繞過漏洞Microsoft WindowsCVE-2018-0967Windows SNMP Service Denial of Service Vulnerability Windows SNMP 服務拒絕服務漏洞Microsoft WindowsCVE-2018-0963Windows Kernel Elevation of Privilege Vulnerability Windows 內核提權漏洞Microsoft WindowsCVE-2018-0887Windows Kernel Information Disclosure Vulnerability Windows 內核信息披露漏洞Microsoft WindowsCVE-2018-8116Microsoft Graphics Component Denial of Service Vulnerability 微軟 Graphics 組件拒絕服務漏洞Visual StudioCVE-2018-1037Microsoft Visual Studio Information Disclosure Vulnerability 微軟 Visual Studio 信息披露漏洞Windows Hyper-VCVE-2018-0964Hyper-V Information Disclosure Vulnerability Hyper-V 信息披露漏洞Windows Hyper-VCVE-2018-0957Hyper-V Information Disclosure Vulnerability Hyper-V 信息披露漏洞Windows IISCVE-2018-0956HTTP.sys Denial of Service VulnerabilityWindows KernelCVE-2018-1008OpenType Font Driver Elevation of Privilege Vulnerability OpenType 字體驅動提權漏洞Windows KernelCVE-2018-0960Windows Kernel Information Disclosure Vulnerability Windows 內核信息披露漏洞Windows KernelCVE-2018-0973Windows Kernel Information Disclosure Vulnerability Windows 內核信息披露漏洞Windows KernelCVE-2018-0972Windows Kernel Information Disclosure Vulnerability Windows 內核信息披露漏洞Windows KernelCVE-2018-0975Windows Kernel Information Disclosure Vulnerability Windows 內核信息披露漏洞Windows KernelCVE-2018-0974Windows Kernel Information Disclosure Vulnerability Windows 內核信息披露漏洞Windows KernelCVE-2018-0971Windows Kernel Information Disclosure Vulnerability Windows 內核信息披露漏洞Windows KernelCVE-2018-0969Windows Kernel Information Disclosure Vulnerability Windows 內核信息披露漏洞Windows KernelCVE-2018-0968Windows Kernel Information Disclosure Vulnerability Windows 內核信息披露漏洞Windows KernelCVE-2018-0970Windows Kernel Information Disclosure Vulnerability Windows 內核信息披露漏洞Windows RDPCVE-2018-0976Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Windows 遠程桌麵協議(RDP) 拒絕服務漏洞