中新網安安全研究院微軟“周二補丁日”總結報告

美國時間2017年11月14日(周二補丁日,指微軟每個月的第二個星期二定期發布系統更新補丁的日子。),微軟發布11月度安全漏洞公告。本月的漏洞公告解決了53個漏洞,其中包括19個嚴重漏洞,31個重要和3個中度級別漏洞。這些漏洞影響:微軟 Edge、IE瀏覽器等其他產品。

你的Windows更新了么?漏洞公告信息如下:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/bae9d0d8-e497-e711-80e5-000d3a32fc99


【嚴重漏洞】

  • CVE-2017-11836 - scripting Engine Memory Corruption Vulnerability

  • CVE-2017-11837- scripting Engine Memory Corruption Vulnerability

  • CVE-2017-11838 - scripting Engine Memory Corruption Vulnerability

  • CVE-2017-11839 - scripting Engine Memory Corruption Vulnerability

  • CVE-2017-11840 - scripting Engine Memory Corruption Vulnerability

  • CVE-2017-11841 - scripting Engine Memory Corruption Vulnerability

  • CVE-2017-11843- scripting Engine Memory Corruption Vulnerability

  • CVE-2017-11845 - Microsoft Edge Memory Corruption Vulnerability

  • CVE-2017-11846 - scripting Engine Memory Corruption Vulnerability

  • CVE-2017-11855 - Internet Explorer Memory Corruption Vulnerability

  • CVE-2017-11856 - Internet Explorer Memory Corruption Vulnerability

  • CVE-2017-11858 - scripting Engine Memory Corruption Vulnerability

  • CVE-2017-11861 - scripting Engine Memory Corruption Vulnerability

  • CVE-2017-11862- scripting Engine Memory Corruption Vulnerability

  • CVE-2017-11866 - scripting Engine Memory Corruption Vulnerability

  • CVE-2017-11869 - scripting Engine Memory Corruption Vulnerability

  • CVE-2017-11870 - scripting Engine Memory Corruption Vulnerability

  • CVE-2017-11871- scripting Engine Memory Corruption Vulnerability

  • CVE-2017-11873- scripting Engine Memory Corruption Vulnerability


【高危漏洞】

  • CVE-2017-11768- Windows Media Player Information Disclosure Vulnerability

  • CVE-2017-11770 - ASP.NET Core Denial Of Service Vulnerability

  • CVE-2017-11788 - Windows Search Denial of Service Vulnerability

  • CVE-2017-11791 - scripting Engine Information Disclosure Vulnerability

  • CVE-2017-11803 - Microsoft Edge Information Disclosure Vulnerability

  • CVE-2017-11827 - Microsoft Browser Memory Corruption Vulnerability

  • CVE-2017-11830 - Device Guard Security Feature Bypass Vulnerability

  • CVE-2017-11831 - Windows Information Disclosure Vulnerability

  • CVE-2017-11832 - Windows EOT Font Engine Information Disclosure Vulnerability

  • CVE-2017-11833 - Microsoft Edge Information Disclosure Vulnerability

  • CVE-2017-11834 - scripting Engine Information Disclosure Vulnerability

  • CVE-2017-11835 - Windows EOT Font Engine Information DisclosureVulnerability

  • CVE-2017-11842 - Windows Kernel Information Disclosure Vulnerability

  • CVE-2017-11844 - Microsoft Edge Information Disclosure Vulnerability

  • CVE-2017-11847 - Windows Kernel Elevation of Privilege Vulnerability

  • CVE-2017-11849 - Windows Kernel Information Disclosure Vulnerability

  • CVE-2017-11850 - Microsoft Graphics Component Information DisclosureVulnerability

  • CVE-2017-11851 - Windows Kernel Information Disclosure Vulnerability

  • CVE-2017-11852 - Windows GDI Information Disclosure Vulnerability

  • CVE-2017-11853- Windows Kernel Information Disclosure Vulnerability

  • CVE-2017-11854 - Microsoft Word Memory Corruption Vulnerability

  • CVE-2017-11863 - Microsoft Edge Security Feature Bypass Vulnerability

  • CVE-2017-11872 - Microsoft Edge Security Feature Bypass Vulnerability

  • CVE-2017-11874- Microsoft Edge Security Feature Bypass Vulnerability

  • CVE-2017-11877 - Microsoft Excel Security Feature Bypass Vulnerability

  • CVE-2017-11878 - Microsoft Excel Memory Corruption Vulnerability

  • CVE-2017-11879 - ASP.NET Core Elevation Of Privilege Vulnerability

  • CVE-2017-11880 - Windows Information Disclosure Vulnerability

  • CVE-2017-11882 - Microsoft Office Memory Corruption Vulnerability

  • CVE-2017-11884 - Microsoft Office Memory Corruption Vulnerability


【中危漏洞】

  • CVE-2017-11848 - Internet Explorer Information Disclosure Vulnerability

  • CVE-2017-11876 - Microsoft Project Server Elevation of PrivilegeVulnerability

  • CVE-2017-8700 - ASP.NET Core Information Disclosure Vulnerability


【影響范圍】

周二補丁日發布的漏洞公告涉及到的微軟產品

  • Internet Explorer

  • MicrosoftEdge

  • MicrosoftWindows

  • MicrosoftOffice and Microsoft Office Services and Web Apps



【安全建議】

  1. 根據業務情況選擇更新補丁

  2. 升級前,務必做好數據備份


泰坦帝国援彩金