内容简介:微软在昨日例行更新中发布了11月份的安全补丁,修复了62个安全漏洞。其中有13个漏洞被标记为关键漏洞。继上次微软10月份更新像一剂猛毒般破坏了众多用户电脑后,微软于发布更新10天后撤下了更新,并于昨日重新发布,需要10月更新的用户可再次试水。
微软发布11月份安全补丁,修复62个安全漏洞
微软在昨日例行更新中发布了11月份的安全补丁,修复了62个安全漏洞。其中有13个漏洞被标记为关键漏洞。
继上次微软10月份更新像一剂猛毒般破坏了众多用户电脑后,微软于发布更新10天后撤下了更新,并于昨日重新发布,需要10月更新的用户可再次试水。
此次更新修复了众多已经出现在野攻击利用的漏洞,用户应及时应用更新补丁,当然这次最好提前最好数据备份。
漏洞摘要
此次更新涉及到的产品主要是浏览器的脚本引擎和Office,它们这次差不多占了补丁的半边天。同时这次还有一个蛮奇葩的漏洞,还是和刚才“臭名昭著”的10月份更新有关(1809),攻击者可在物理接触的情况下利用10月份更新进行提权,而此次11月份更新则修复了黑客可利用10月份更新进行提权的漏洞。
关于此漏洞的原理之类的官方公告并未细说,只是说通过安装更新后修改内置账户的方式修复此漏洞。
在野攻击0day漏洞修复
此次更新比较重要的一点是修复了之前已被在野利用的0day漏洞:CVE-2018-8589,此漏洞为卡巴斯基实验室发现,据称已被多个APT组织利用。漏洞为提权漏洞,影响系统中的Win32k组件,在APT组织找到方法入侵目标设备后即可实现提权(想必并不复杂)。关于此漏洞的分析文章预计将于近日发出。这也是近月以来修复的第二个提权漏洞了,上个月修复的CVE-2018-8453也被FruityArmor利用。
在野未攻击0day漏洞未修复
虽然刚讲过好消息,但是还有坏消息:推特上披露的0day漏洞还未修复(就是可以任意删除文件的那个,虽然除了删除敏感文件破坏计算机说不定还能删个WAF什么的,但依然没有太大作用)。毕竟10月底才披露的也不能苛责微软太多,不过可见推特治安还是有其局限性。虽然作者(这也是第二次推特披露)之后很快删除了推特,但Github项目并未删除且已被fork多次,虽然现在还未出现在野利用的消息,但接下来的一个月内恐怕可能会出现较为严重的问题。
并非漏洞的漏洞要修复
微软也发布了一个安全通告,详细指导用户该如何正确配置固态硬盘的BitLocker。这也是为了应对前日曝出的硬盘加密绕过漏洞,包括三星EVO等经典型号都会受到影响。
Adobe同样发布安全更新
就像上次说的,PoC是第一生产力。ColdFusion漏洞在例行更新时不温不火,过了月余在前日出现在野利用时便迅速占据了热点,不过不少企业肯定在例行补丁刚出时就已经及时分析并应用更新了。
此次更新也是一样,修复了Flash中的几个漏洞。虽然Flash大限将至,没两个月也快到2019了,但是Adobe对Flash还是尽了一点点心意。但是微软很不领情,除了督促用户尽快更新至最新版Flash外,还建议用户不要在自己的浏览器上开启(安装)Flash。
漏洞列表
| Tag | CVE ID | CVE Title |
|---|---|---|
| .NET Core | CVE-2018-8416 | .NET Core Tampering Vulnerability |
| Active Directory | CVE-2018-8547 | Active Directory Federation Services XSS Vulnerability |
| Adobe Flash Player | ADV180025 | November 2018 Adobe Flash Security Update |
| Azure | CVE-2018-8600 | Azure App Service Cross-site Scripting Vulnerability |
| BitLocker | CVE-2018-8566 | BitLocker Security Feature Bypass Vulnerability |
| Internet Explorer | CVE-2018-8570 | Internet Explorer Memory Corruption Vulnerability |
| Microsoft Drivers | CVE-2018-8471 | Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability |
| Microsoft Dynamics | CVE-2018-8605 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2018-8607 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2018-8606 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2018-8609 | Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability |
| Microsoft Dynamics | CVE-2018-8608 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
| Microsoft Edge | CVE-2018-8564 | Microsoft Edge Spoofing Vulnerability |
| Microsoft Edge | CVE-2018-8545 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Edge | CVE-2018-8567 | Microsoft Edge Elevation of Privilege Vulnerability |
| Microsoft Exchange Server | CVE-2018-8581 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8565 | Win32k Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2018-8485 | DirectX Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8562 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8553 | Microsoft Graphics Components Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2018-8561 | DirectX Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8554 | DirectX Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8563 | DirectX Information Disclosure Vulnerability |
| Microsoft JScript | CVE-2018-8417 | Microsoft JScript Security Feature Bypass Vulnerability |
| Microsoft Office | CVE-2018-8579 | Microsoft Outlook Information Disclosure Vulnerability |
| Microsoft Office | CVE-2018-8577 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8575 | Microsoft Project Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8576 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8522 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8524 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8539 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8558 | Microsoft Outlook Information Disclosure Vulnerability |
| Microsoft Office | CVE-2018-8573 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8574 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8582 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2018-8578 | Microsoft SharePoint Information Disclosure Vulnerability |
| Microsoft Office SharePoint | CVE-2018-8572 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office SharePoint | CVE-2018-8568 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft PowerShell | CVE-2018-8256 | Microsoft PowerShell Remote Code Execution Vulnerability |
| Microsoft PowerShell | CVE-2018-8415 | Microsoft PowerShell Tampering Vulnerability |
| Microsoft RPC | CVE-2018-8407 | MSRPC Information Disclosure Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8557 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8552 | Windows Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8551 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8556 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8555 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8541 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8542 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8588 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8544 | Windows VBScript Engine Remote Code Execution Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8543 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2018-8592 | Windows Elevation Of Privilege Vulnerability |
| Microsoft Windows | ADV180028 | Guidance for configuring BitLocker to enforce software encryption |
| Microsoft Windows | CVE-2018-8476 | Windows Deployment Services TFTP Server Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2018-8584 | Windows ALPC Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2018-8550 | Windows COM Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2018-8549 | Windows Security Feature Bypass Vulnerability |
| Microsoft Windows Search Component | CVE-2018-8450 | Windows Search Remote Code Execution Vulnerability |
| Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates |
| Skype for Business and Microsoft Lync | CVE-2018-8546 | Microsoft Skype for Business Denial of Service Vulnerability |
| Team Foundation Server | CVE-2018-8602 | Team Foundation Server Cross-site Scripting Vulnerability |
| Windows Audio Service | CVE-2018-8454 | Windows Audio Service Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-8589 | Windows Win32k Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2018-8408 | Windows Kernel Information Disclosure Vulnerability |
参考链接
https://www.ghacks.net/2018/11/13/microsoft-windows-security-updates-november-2018-release-overview/
https://www.trustwave.com/Resources/SpiderLabs-Blog/Microsoft-Patch-Tuesday,-November-2018/
https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-november-2018
https://blog.talosintelligence.com/2018/11/microsoft-patch-tuesday-october-2018_13.html
以上所述就是小编给大家介绍的《微软11月补丁日回顾 | 在野与0day的纷纷扰扰》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!
猜你喜欢:
- LimeRAT在野外传播
- CVE-2018-15961在野利用
- [译] Chrome 在野零日漏洞
- 多款光纤路由器设备在野0-day漏洞简报
- 火狐浏览器爆在野利用0day,官方紧急更新修复
- 谷歌安全团队公布内部追踪的“已在野利用0day”列表
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
神一样的产品经理
闫荣 / 电子工业出版社 / 2012-6-1 / 79.00元
这是一本系统阐述移动与互联网产品从无到有、从有到优的产品经理实践案例著作。《神一样的产品经理:基于移动与互联网产品实践》贯穿着“人如产品,产品如人”、“产品的根基和源泉来自现实生活”的写作理念,表达了产品的成功需要神一样的产品经理管理的观点。 《神一样的产品经理:基于移动与互联网产品实践》由浅入深、循序渐进地阐述了产品经理、产品需求、用户体验、项目管理、产品运营和产品团队管理的内容,理论与实......一起来看看 《神一样的产品经理》 这本书的介绍吧!
JSON 在线解析
在线 JSON 格式化工具
HEX HSV 转换工具
HEX HSV 互换工具