一、漏洞描述
本次安全公告涉及56个新的漏洞,其中16个评级为严重,39个评级为高危,1个评级为中危。 这些漏洞影响ASP.NET,Edge,Internet Explorer,Office,Windows等微软产品。除了解决这56个漏洞之外,微软还发布了针对Intel CPU漏洞Meltdown和Spectre的更新。在 ADV180002中,Windows发布了针对这两个漏洞的缓解措施。注意:由于与病毒防护产品不兼容,用户和组织可能尚未收到此更新。
本次公告披露,Windows内核存在多个信息泄漏漏洞,CVE编号为:CVE-2018-0745、CVE-2018-0746、CVE-2018-0747。攻击者可以利用这些漏洞,越过身份验证运行特制的程序,检索内核对象的内存地址,获取敏感信息。这次公告中也披露Windows内核的多个提权漏洞,CVE编号为:CVE-2018-0748、CVE-2018-0751、CVE-2018-0752。这些漏洞是由于Windows内核API未能正确执行权限所致。成功利用这些漏洞的攻击者可以越过身份验证,执行特制程序,并能够模拟进程,注入跨进程通信或中断系统功能。这些漏洞对于企业用户存在一定的安全风险。
本次发布的公告中披露了一个Office高危漏洞,CVE编号为:CVE-2018-0802。攻击者可以利用Office内嵌的公式编辑器发起攻击。终端办公桌面用户和IT技术人员如果被诱骗打开恶意文件,可能会被攻击者远程控制。
严重漏洞
CVE-2018-0758 - Scripting Engine Memory Corruption Vulnerability@b@CVE-2018-0762 - Scripting Engine Memory Corruption Vulnerability@b@CVE-2018-0767 - Scripting Engine Information Disclosure Vulnerability@b@CVE-2018-0769 - Scripting Engine Memory Corruption Vulnerability@b@CVE-2018-0770 - Scripting Engine Memory Corruption Vulnerability@b@CVE-2018-0772 - Scripting Engine Memory Corruption Vulnerability@b@CVE-2018-0773 - Scripting Engine Memory Corruption Vulnerability@b@CVE-2018-0774 - Scripting Engine Memory Corruption Vulnerability@b@CVE-2018-0775 - Scripting Engine Memory Corruption Vulnerability@b@CVE-2018-0776 - Scripting Engine Memory Corruption Vulnerability@b@CVE-2018-0777 - Scripting Engine Memory Corruption Vulnerability@b@CVE-2018-0778 - Scripting Engine Memory Corruption Vulnerability@b@CVE-2018-0780 - Scripting Engine Information Disclosure Vulnerability@b@CVE-2018-0781 - Scripting Engine Memory Corruption Vulnerability@b@CVE-2018-0797 - Microsoft Word Memory Corruption Vulnerability@b@CVE-2018-0800 - Scripting Engine Information Disclosure Vulnerability
高危漏洞
CVE-2018-0741 - Microsoft Color Management Information Disclosure Vulnerability@b@CVE-2018-0743 - Windows Subsystem for Linux Elevation of Privilege Vulnerability@b@CVE-2018-0744 - Windows Elevation of Privilege Vulnerability@b@CVE-2018-0745 - Windows Information Disclosure Vulnerability@b@CVE-2018-0746 - Windows Information Disclosure Vulnerability@b@CVE-2018-0747 - Windows Information Disclosure Vulnerability@b@CVE-2018-0748 - Windows Elevation of Privilege Vulnerability@b@CVE-2018-0749 - SMB Server Elevation of Privilege Vulnerability@b@CVE-2018-0750 - Windows GDI Information Disclosure Vulnerability@b@CVE-2018-0751 - Windows Elevation of Privilege Vulnerability@b@CVE-2018-0752 - Windows Elevation of Privilege Vulnerability@b@CVE-2018-0753 - Windows IPSec Denial of Service Vulnerability@b@CVE-2018-0754 - ATMFD.dll Information Disclosure Vulnerability@b@CVE-2018-0764 - .NET and .NET Core Denial Of Service Vulnerability@b@CVE-2018-0766 - Microsoft Edge Information Disclosure Vulnerability@b@CVE-2018-0768 - Scripting Engine Memory Corruption Vulnerability@b@CVE-2018-0784 - ASP.NET Core Elevation Of Privilege Vulnerability@b@CVE-2018-0786 - .NET Security Feature Bypass Vulnerability@b@CVE-2018-0788 - ATMFD.dll Information Disclosure Vulnerability@b@CVE-2018-0789 - Microsoft Office Spoofing Vulnerability@b@CVE-2018-0790 - Microsoft Office Information Disclosure Vulnerability@b@CVE-2018-0791 - Microsoft Outlook Remote Code Execution Vulnerability@b@CVE-2018-0792 - Microsoft Word Remote Code Execution@b@CVE-2018-0793 - Microsoft Outlook Remote Code Execution@b@CVE-2018-0794 - Microsoft Word Remote Code Execution@b@CVE-2018-0795 - Microsoft Office Remote Code Execution@b@CVE-2018-0796 - Microsoft Excel Remote Code Execution@b@CVE-2018-0798 - Microsoft Word Memory Corruption Vulnerability@b@CVE-2018-0799 - Microsoft Access Tampering Vulnerability@b@CVE-2018-0801 - Microsoft Office Remote Code Execution Vulnerability@b@CVE-2018-0802 - Microsoft Office Memory Corruption Vulnerability@b@CVE-2018-0803 - Microsoft Edge Elevation of Privilege Vulnerability@b@CVE-2018-0805 - Microsoft Word Remote Code Execution Vulnerability@b@CVE-2018-0806 - Microsoft Word Remote Code Execution Vulnerability@b@CVE-2018-0807 - Microsoft Word Remote Code Execution Vulnerability@b@CVE-2018-0812 - Microsoft Word Memory Corruption Vulnerability@b@CVE-2018-0818 - Scripting Engine Security Feature Bypass@b@CVE-2018-0819 - Spoofing Vulnerability in Microsoft Office for MAC
中危漏洞
CVE-2018-0785 - ASP.NET Core Cross Site Request Forgery Vulnerability
二、影响风险
涉及到的微软产品
ASP.NET@b@Edge@b@Internet Explorer@b@Office@b@Windows
修复措施
1.阿里云安全团队建议用户关注这些漏洞,并根据业务情况去更新补丁,提高服务器安全性。@b@2.建议您不要在企业业务系统上安装与业务无关的软件(如Office或其他办公软件),防止被黑客利用。@b@3.建议您开启Windows Update功能,然后单击检查更新按钮,根据业务情况下载安装相关安全补丁。安装完毕后重启服务器,检查系统运行情况。@b@@b@注意:在更新安装升级前,请先进行测试,并务必准备好数据备份和快照,防止发生意外。
三、情报来源