微软发布11月份安全补丁,修复62个安全漏洞
微软在昨日例行更新中发布了11月份的安全补丁,修复了62个安全漏洞。其中有13个漏洞被标记为关键漏洞。
继上次微软10月份更新像一剂猛毒般破坏了众多用户电脑后,微软于发布更新10天后撤下了更新,并于昨日重新发布,需要10月更新的用户可再次试水。
此次更新修复了众多已经出现在野攻击利用的漏洞,用户应及时应用更新补丁,当然这次最好提前最好数据备份。
漏洞摘要
此次更新涉及到的产品主要是浏览器的脚本引擎和Office,它们这次差不多占了补丁的半边天。同时这次还有一个蛮奇葩的漏洞,还是和刚才“臭名昭著”的10月份更新有关(1809),攻击者可在物理接触的情况下利用10月份更新进行提权,而此次11月份更新则修复了黑客可利用10月份更新进行提权的漏洞。
关于此漏洞的原理之类的官方公告并未细说,只是说通过安装更新后修改内置账户的方式修复此漏洞。
在野攻击0day漏洞修复
此次更新比较重要的一点是修复了之前已被在野利用的0day漏洞:CVE-2018-8589,此漏洞为卡巴斯基实验室发现,据称已被多个APT组织利用。漏洞为提权漏洞,影响系统中的Win32k组件,在APT组织找到方法入侵目标设备后即可实现提权(想必并不复杂)。关于此漏洞的分析文章预计将于近日发出。这也是近月以来修复的第二个提权漏洞了,上个月修复的CVE-2018-8453也被FruityArmor利用。
在野未攻击0day漏洞未修复
虽然刚讲过好消息,但是还有坏消息:推特上披露的0day漏洞还未修复(就是可以任意删除文件的那个,虽然除了删除敏感文件破坏计算机说不定还能删个WAF什么的,但依然没有太大作用)。毕竟10月底才披露的也不能苛责微软太多,不过可见推特治安还是有其局限性。虽然作者(这也是第二次推特披露)之后很快删除了推特,但Github项目并未删除且已被fork多次,虽然现在还未出现在野利用的消息,但接下来的一个月内恐怕可能会出现较为严重的问题。
并非漏洞的漏洞要修复
微软也发布了一个安全通告,详细指导用户该如何正确配置固态硬盘的BitLocker。这也是为了应对前日曝出的硬盘加密绕过漏洞,包括三星EVO等经典型号都会受到影响。
Adobe同样发布安全更新
就像上次说的,PoC是第一生产力。ColdFusion漏洞在例行更新时不温不火,过了月余在前日出现在野利用时便迅速占据了热点,不过不少企业肯定在例行补丁刚出时就已经及时分析并应用更新了。
此次更新也是一样,修复了Flash中的几个漏洞。虽然Flash大限将至,没两个月也快到2019了,但是Adobe对Flash还是尽了一点点心意。但是微软很不领情,除了督促用户尽快更新至最新版Flash外,还建议用户不要在自己的浏览器上开启(安装)Flash。
漏洞列表
Tag | CVE ID | CVE Title |
---|---|---|
.NET Core | CVE-2018-8416 | .NET Core Tampering Vulnerability |
Active Directory | CVE-2018-8547 | Active Directory Federation Services XSS Vulnerability |
Adobe Flash Player | ADV180025 | November 2018 Adobe Flash Security Update |
Azure | CVE-2018-8600 | Azure App Service Cross-site Scripting Vulnerability |
BitLocker | CVE-2018-8566 | BitLocker Security Feature Bypass Vulnerability |
Internet Explorer | CVE-2018-8570 | Internet Explorer Memory Corruption Vulnerability |
Microsoft Drivers | CVE-2018-8471 | Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability |
Microsoft Dynamics | CVE-2018-8605 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
Microsoft Dynamics | CVE-2018-8607 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
Microsoft Dynamics | CVE-2018-8606 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
Microsoft Dynamics | CVE-2018-8609 | Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability |
Microsoft Dynamics | CVE-2018-8608 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
Microsoft Edge | CVE-2018-8564 | Microsoft Edge Spoofing Vulnerability |
Microsoft Edge | CVE-2018-8545 | Microsoft Edge Information Disclosure Vulnerability |
Microsoft Edge | CVE-2018-8567 | Microsoft Edge Elevation of Privilege Vulnerability |
Microsoft Exchange Server | CVE-2018-8581 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2018-8565 | Win32k Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2018-8485 | DirectX Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2018-8562 | Win32k Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2018-8553 | Microsoft Graphics Components Remote Code Execution Vulnerability |
Microsoft Graphics Component | CVE-2018-8561 | DirectX Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2018-8554 | DirectX Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2018-8563 | DirectX Information Disclosure Vulnerability |
Microsoft JScript | CVE-2018-8417 | Microsoft JScript Security Feature Bypass Vulnerability |
Microsoft Office | CVE-2018-8579 | Microsoft Outlook Information Disclosure Vulnerability |
Microsoft Office | CVE-2018-8577 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-8575 | Microsoft Project Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-8576 | Microsoft Outlook Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-8522 | Microsoft Outlook Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-8524 | Microsoft Outlook Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-8539 | Microsoft Word Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-8558 | Microsoft Outlook Information Disclosure Vulnerability |
Microsoft Office | CVE-2018-8573 | Microsoft Word Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-8574 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-8582 | Microsoft Outlook Remote Code Execution Vulnerability |
Microsoft Office SharePoint | CVE-2018-8578 | Microsoft SharePoint Information Disclosure Vulnerability |
Microsoft Office SharePoint | CVE-2018-8572 | Microsoft SharePoint Elevation of Privilege Vulnerability |
Microsoft Office SharePoint | CVE-2018-8568 | Microsoft SharePoint Elevation of Privilege Vulnerability |
Microsoft PowerShell | CVE-2018-8256 | Microsoft PowerShell Remote Code Execution Vulnerability |
Microsoft PowerShell | CVE-2018-8415 | Microsoft PowerShell Tampering Vulnerability |
Microsoft RPC | CVE-2018-8407 | MSRPC Information Disclosure Vulnerability |
Microsoft Scripting Engine | CVE-2018-8557 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-8552 | Windows Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-8551 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-8556 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-8555 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-8541 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-8542 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-8588 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-8544 | Windows VBScript Engine Remote Code Execution Vulnerability |
Microsoft Scripting Engine | CVE-2018-8543 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Windows | CVE-2018-8592 | Windows Elevation Of Privilege Vulnerability |
Microsoft Windows | ADV180028 | Guidance for configuring BitLocker to enforce software encryption |
Microsoft Windows | CVE-2018-8476 | Windows Deployment Services TFTP Server Remote Code Execution Vulnerability |
Microsoft Windows | CVE-2018-8584 | Windows ALPC Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2018-8550 | Windows COM Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2018-8549 | Windows Security Feature Bypass Vulnerability |
Microsoft Windows Search Component | CVE-2018-8450 | Windows Search Remote Code Execution Vulnerability |
Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates |
Skype for Business and Microsoft Lync | CVE-2018-8546 | Microsoft Skype for Business Denial of Service Vulnerability |
Team Foundation Server | CVE-2018-8602 | Team Foundation Server Cross-site Scripting Vulnerability |
Windows Audio Service | CVE-2018-8454 | Windows Audio Service Information Disclosure Vulnerability |
Windows Kernel | CVE-2018-8589 | Windows Win32k Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2018-8408 | Windows Kernel Information Disclosure Vulnerability |
参考链接
https://www.ghacks.net/2018/11/13/microsoft-windows-security-updates-november-2018-release-overview/
https://www.trustwave.com/Resources/SpiderLabs-Blog/Microsoft-Patch-Tuesday,-November-2018/
https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-november-2018
https://blog.talosintelligence.com/2018/11/microsoft-patch-tuesday-october-2018_13.html