4 月 10 日是微软四月的修复日。此次微软一共发布了 66 个补丁,涵盖的产品包括Windows 系统、IE浏览器、Edge浏览器、ChakraCire、Office、Office Service 以及 Web 应用、微软恶意软件防护引擎、微软 VisualStudio以及微软 Azure IoT SDK等。此外,Adobe 也相应修复了 6 款产品中的 19 个漏洞,包括 Flash Player 中的 6 个漏洞(其中 3 个为高危)。
其中,修复的漏洞中不包括 0-day,也没有任何一个漏洞在野利用,但微软研究人员在 SharePoint 中发现的一个特权升级漏洞已经向公众公开。影响 VBScript 引擎的远程代码执行漏洞也属于高危漏洞,可被恶意网站或文件利用。趋势科技的 Zero Day Initiative(ZDI)指出,由于可能使用 Office 文档进行利用,因此这个漏洞攻击面更广。
其他严重漏洞包括微软图形组件中的远程代码执行漏洞(包括字体驱动提权漏洞),无线键盘中安全功能绕过漏洞等。详情可查看下表:
标签 CVE ID CVE 标题Adobe Flash Player ADV180007 April 2018 Adobe Flash Security Update 2018 年 4 月 Adobe Flash 安全更新
Internet Explorer CVE-2018-0870 Internet Explorer Memory Corruption Vulnerability IE 浏览器内损坏漏洞
Internet Explorer CVE-2018-1018 Internet Explorer Memory Corruption Vulnerability IE 浏览器内损坏漏洞
Internet Explorer CVE-2018-0997 Internet Explorer Memory Corruption Vulnerability IE 浏览器内损坏漏洞
Internet Explorer CVE-2018-0991 Internet Explorer Memory Corruption Vulnerability IE 浏览器内损坏漏洞
Internet Explorer CVE-2018-1020 Internet Explorer Memory Corruption Vulnerability IE 浏览器内损坏漏洞
Microsoft Browsers CVE-2018-1023 Microsoft Browser Memory Corruption Vulnerability 微软浏览器内存损坏漏洞
Microsoft Devices CVE-2018-8117 Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability 微软无线键盘 850 安全功能绕过漏洞
Microsoft Edge CVE-2018-0892 Microsoft Edge Information Disclosure Vulnerability 微软 Edge 浏览器信息披露漏洞
Microsoft Edge CVE-2018-0998 Microsoft Edge Information Disclosure Vulnerability 微软 Edge 浏览器信息披露漏洞
Microsoft Graphics Component CVE-2018-1009 Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability 微软 DirectX Graphics 内核子系统提权漏洞
Microsoft Graphics Component CVE-2018-1016 Microsoft Graphics Remote Code Execution Vulnerability 微软Graphics 远程代码执行漏洞
Microsoft Graphics Component CVE-2018-1012 Microsoft Graphics Remote Code Execution Vulnerability 微软Graphics 远程代码执行漏洞
Microsoft Graphics Component CVE-2018-1010 Microsoft Graphics Remote Code Execution Vulnerability 微软Graphics 远程代码执行漏洞
Microsoft Graphics Component CVE-2018-1015 Microsoft Graphics Remote Code Execution Vulnerability 微软Graphics 远程代码执行漏洞
Microsoft Graphics Component CVE-2018-1013 Microsoft Graphics Remote Code Execution Vulnerability 微软Graphics 远程代码执行漏洞
Microsoft JET Database Engine CVE-2018-1003 Microsoft JET Database Engine Remote Code Execution Vulnerability 微软JET 数据库引擎远程代码执行漏洞
Microsoft Malware Protection Engine CVE-2018-0986 Microsoft Malware Protection Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2018-1028 Unknown 未知
Microsoft Office CVE-2018-1026 Microsoft Office Remote Code Execution Vulnerability 微软 Office 远程代码执行漏洞
Microsoft Office CVE-2018-1027 Microsoft Excel Remote Code Execution Vulnerability 微软 Excel 远程代码执行漏洞
Microsoft Office CVE-2018-1029 Microsoft Excel Remote Code Execution Vulnerability 微软 Excel 远程代码执行漏洞
Microsoft Office CVE-2018-1005 Microsoft SharePoint Elevation of Privilege Vulnerability 微软 SharePoint 提权漏洞
Microsoft Office CVE-2018-1034 Microsoft SharePoint Elevation of Privilege Vulnerability 微软 SharePoint 提权漏洞
Microsoft Office CVE-2018-1030 Microsoft Office Remote Code Execution Vulnerability 微软 Office 远程代码执行漏洞
Microsoft Office CVE-2018-0950 Microsoft Office Information Disclosure Vulnerability 微软 Office 信息披露漏洞
Microsoft Office CVE-2018-0920 Microsoft Excel Remote Code Execution Vulnerability 微软 Excel 远程代码执行漏洞
Microsoft Office CVE-2018-1007 Microsoft Office Information Disclosure Vulnerability 微软 Office 信息披露漏洞
Microsoft Office CVE-2018-1011 Microsoft Excel Remote Code Execution Vulnerability 微软 Excel 远程代码执行漏洞
Microsoft Office CVE-2018-1032 Microsoft SharePoint Elevation of Privilege Vulnerability 微软 SharePoint 提权漏洞
Microsoft Office CVE-2018-1014 Microsoft SharePoint Elevation of Privilege Vulnerability 微软 SharePoint 提权漏洞
Microsoft Scripting Engine CVE-2018-0981 Scripting Engine Information Disclosure Vulnerability 微软脚本引擎信息披露漏洞
Microsoft Scripting Engine CVE-2018-0979 Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting 引擎内存损坏漏洞
Microsoft Scripting Engine CVE-2018-1019 Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting 引擎内存损坏漏洞
Microsoft Scripting Engine CVE-2018-0980 Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting 引擎内存损坏漏洞
Microsoft Scripting Engine CVE-2018-0993 Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting 引擎内存损坏漏洞
Microsoft Scripting Engine CVE-2018-0994 Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting 引擎内存损坏漏洞
Microsoft Scripting Engine CVE-2018-0990 Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting 引擎内存损坏漏洞
Microsoft Scripting Engine CVE-2018-0987 Scripting Engine Information Disclosure Vulnerability 微软脚本引擎信息披露漏洞
Microsoft Scripting Engine CVE-2018-0988 Scripting Engine Memory Corruption Vulnerability 微软脚本引擎内存损坏漏洞
Microsoft Scripting Engine CVE-2018-0995 Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting 引擎内存损坏漏洞
Microsoft Scripting Engine CVE-2018-1001 Scripting Engine Memory Corruption Vulnerability 微软脚本引擎内存损坏漏洞
Microsoft Scripting Engine CVE-2018-1004 Windows VBScript Engine Remote Code Execution Vulnerability Windows VBScript 引擎远程代码执行漏洞
Microsoft Scripting Engine CVE-2018-0989 Scripting Engine Information Disclosure Vulnerability 微软脚本引擎信息披露漏洞
Microsoft Scripting Engine CVE-2018-1000 Scripting Engine Information Disclosure Vulnerability 微软脚本引擎信息披露漏洞
Microsoft Scripting Engine CVE-2018-0996 Scripting Engine Memory Corruption Vulnerability 微软脚本引擎内存损坏漏洞
Microsoft Windows CVE-2018-0890 Active Directory Security Feature Bypass Vulnerability 活跃目录安全功能绕过漏洞
Microsoft Windows CVE-2018-0966 Device Guard Security Feature Bypass Vulnerability Device Guard 安全功能绕过漏洞
Microsoft Windows CVE-2018-0967 Windows SNMP Service Denial of Service Vulnerability Windows SNMP 服务拒绝服务漏洞
Microsoft Windows CVE-2018-0963 Windows Kernel Elevation of Privilege Vulnerability Windows 内核提权漏洞
Microsoft Windows CVE-2018-0887 Windows Kernel Information Disclosure Vulnerability Windows 内核信息披露漏洞
Microsoft Windows CVE-2018-8116 Microsoft Graphics Component Denial of Service Vulnerability 微软 Graphics 组件拒绝服务漏洞
Visual Studio CVE-2018-1037 Microsoft Visual Studio Information Disclosure Vulnerability 微软 Visual Studio 信息披露漏洞
Windows Hyper-V CVE-2018-0964 Hyper-V Information Disclosure Vulnerability Hyper-V 信息披露漏洞
Windows Hyper-V CVE-2018-0957 Hyper-V Information Disclosure Vulnerability Hyper-V 信息披露漏洞
Windows IIS CVE-2018-0956 HTTP.sys Denial of Service Vulnerability
Windows Kernel CVE-2018-1008 OpenType Font Driver Elevation of Privilege Vulnerability OpenType 字体驱动提权漏洞
Windows Kernel CVE-2018-0960 Windows Kernel Information Disclosure Vulnerability Windows 内核信息披露漏洞
Windows Kernel CVE-2018-0973 Windows Kernel Information Disclosure Vulnerability Windows 内核信息披露漏洞
Windows Kernel CVE-2018-0972 Windows Kernel Information Disclosure Vulnerability Windows 内核信息披露漏洞
Windows Kernel CVE-2018-0975 Windows Kernel Information Disclosure Vulnerability Windows 内核信息披露漏洞
Windows Kernel CVE-2018-0974 Windows Kernel Information Disclosure Vulnerability Windows 内核信息披露漏洞
Windows Kernel CVE-2018-0971 Windows Kernel Information Disclosure Vulnerability Windows 内核信息披露漏洞
Windows Kernel CVE-2018-0969 Windows Kernel Information Disclosure Vulnerability Windows 内核信息披露漏洞
Windows Kernel CVE-2018-0968 Windows Kernel Information Disclosure Vulnerability Windows 内核信息披露漏洞
Windows Kernel CVE-2018-0970 Windows Kernel Information Disclosure Vulnerability Windows 内核信息披露漏洞
Windows RDP CVE-2018-0976 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Windows 远程桌面协议(RDP) 拒绝服务漏洞
*参考来源:bleepingcomputer,转载请注明来自 FreeBuf.COM