微软9月补丁日回顾 | 任务计划0day漏洞已经修复

 

微软发布9月份安全补丁,修复61个安全漏洞

微软在昨日例行更新中发布了9月份的安全补丁,修复了61个安全漏洞。其中有17个漏洞被标记为关键漏洞,43个为重要漏洞,1个为中等严重漏洞。此次更新兑现了上次官方的承诺,修复了近日某安全研究员在推特上公布的计划任务0day漏洞(此漏洞之前已经有第三方安全补丁进行修复)。

此次漏洞与以往相同,涉及到微软主流产品,包括Edge,Windows,IE,Office,.NET Framework等。

 

四个漏洞此前已经公开,存在被利用可能性

CVE-2018-8475 Windows远程代码执行漏洞

此漏洞影响当前所有的Windows版本(包括Win10),并且利用方式非常简单,攻击者只需要诱导用户查看一张攻击者特制的图像文件即可实施攻击。

鉴于其利用方式,未来可能会有非常多的钓鱼攻击会利用此漏洞。

CVE-2018-8440 Windows ALPC提权漏洞

此漏洞为近日某安全研究员在推特上公布的漏洞,该漏洞可让攻击者实现提权,此前PoC已经发布在Github上,并且短时间内第三方安全补丁和解决方案也及时公布。此次官方正式修复了该漏洞。

CVE-2018-8457 Scripting Engine内存破坏漏洞

该漏洞影响IE 10与11,同时还影响Edge,可让攻击者实现以当前登录用户的权限实施远程代码执行。

CVE-2018-8409 System.IO.Pipelines 拒绝服务漏洞

此漏洞为ASP.NET中的漏洞,当System.IO.Pipelines处理请求发生错误时会导致拒绝服务,攻击者可在未授权状态下远程触发此漏洞。

 

其他需要解决的漏洞

Talos和ZDI总结了当前需要立即更新解决的危险漏洞,除上述漏洞外还有以下这些:

CVE-2018-0965/8439

此漏洞因处理用户输入时未进行有效验证,可让攻击者在虚拟机中通过Hyper-V底层执行命令,虽然官方定义为远程代码执行,但实际上攻击者需要在Guest虚拟机中执行命令。

CVE-2018-8449

此漏洞可让攻击者绕过Device Guard的安全签名机制从而执行恶意软件。

CVE-2018-8367

此漏洞为Chakra脚本引擎中的远程代码执行漏洞,处理Edge内存对象出现错误时可让攻击者以当前用户权限远程执行代码。

CVE-2018-8420

此漏洞为MSXML的远程代码执行漏洞,攻击者诱导用户访问恶意网站后可实现远程代码执行。

CVE-2018-8461/8447

此漏洞为IE中的远程代码执行漏洞,与上一个漏洞相同可让攻击者诱导用户访问恶意网站后以当前登录用户权限实现远程代码执行。

CVE-2018-8332

此漏洞为字体库的远程代码执行漏洞,攻击者可通过诱导用户访问恶意网站、恶意文档等方式实现远程代码执行。

CVE-2018-8391

此漏洞为Chakra脚本引擎的远程代码执行漏洞,只有当用户以管理员身份登录时,攻击者才可利用此漏洞。

CVE-2018-8456/8459

此漏洞为Chakra脚本引擎的远程代码执行漏洞,当其处理内存对象发生错误时,攻击者可以当前登录用户权限实现远程代码执行。

CVE-2018-8464

此漏洞为Edge中的远程代码执行漏洞,存在于内置的PDF阅读器中。攻击者可诱导用户访问恶意PDF实现远程代码执行。

 

漏洞详情列表

CVE Title Severity Public Exploited XI – Latest XI – Older Type
CVE-2018-8440 Windows ALPC Elevation of Privilege Vulnerability Important Yes Yes 1 1 EoP
CVE-2018-8475 Windows Remote Code Execution Vulnerability Critical Yes No 1 1 RCE
CVE-2018-8457 Scripting Engine Memory Corruption Vulnerability Critical Yes No 1 N/A RCE
CVE-2018-8409 ASP.NET Core Denial of Service Important Yes No 2 2 DoS
CVE-2018-0965 Windows Hyper-V Remote Code Execution Vulnerability Critical No No N/A 2 RCE
CVE-2018-8367 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2018-8420 MS XML Remote Code Execution Vulnerability Critical No No 1 1 RCE
CVE-2018-8461 Internet Explorer Memory Corruption Vulnerability Critical No No 1 1 RCE
CVE-2018-8332 Win32k Graphics Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2018-8391 Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2018-8421 .NET Framework Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2018-8439 Windows Hyper-V Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2018-8447 Internet Explorer Memory Corruption Vulnerability Critical No No 1 1 RCE
CVE-2018-8456 Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2018-8459 Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2018-8464 Microsoft Edge PDF Remote Code Execution Vulnerability Critical No No 1 N/A RCE
CVE-2018-8465 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2018-8466 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2018-8467 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2018-8479 Azure IoT SDK Spoofing Vulnerability Important No No N/A N/A Spoof
CVE-2018-8269 Odata Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2018-8335 Windows SMB Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2018-8436 Windows Hyper-V Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2018-8437 Windows Hyper-V Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2018-8438 Windows Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2018-8410 Windows Registry Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2018-8462 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2018-8428 Microsoft SharePoint Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2018-8431 Microsoft SharePoint Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2018-8441 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2018-8455 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2018-8463 Microsoft Edge Elevation of Privilege Vulnerability Important No No 1 N/A EoP
CVE-2018-8468 Windows Elevation of Privilege Vulnerability Important No No 1 N/A EoP
CVE-2018-8469 Microsoft Edge Elevation of Privilege Vulnerability Important No No 1 N/A EoP
CVE-2018-8271 Windows Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2018-8315 Microsoft Scripting Engine Information Disclosure Vulnerability Important No No 2 N/A Info
CVE-2018-8336 Windows Kernel Information Disclosure Vulnerability Important No No N/A 2 Info
CVE-2018-8419 Windows Kernel Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2018-8424 Windows GDI Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2018-8433 Microsoft Graphics Component Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2018-8429 Microsoft Excel Information Disclosure Vulnerability Important No No 2 N/A Info
CVE-2018-8434 Windows Hyper-V Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2018-8442 Windows Kernel Information Disclosure Vulnerability Important No No 1 1 Info
CVE-2018-8443 Windows Kernel Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2018-8444 Windows SMB Information Disclosure Vulnerability Important No No N/A 2 Info
CVE-2018-8445 Windows Kernel Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2018-8446 Windows Kernel Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2018-8452 Scripting Engine Information Disclosure Vulnerability Important No No 1 N/A Info
CVE-2018-8354 Scripting Engine Memory Corruption Vulnerability Important No No 1 N/A RCE
CVE-2018-8366 Microsoft Edge Information Disclosure Vulnerability Important No No 1 N/A RCE
CVE-2018-8392 Microsoft JET Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2018-8393 Microsoft JET Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2018-8430 Word PDF Remote Code Execution Vulnerability Important No No 1 1 RCE
CVE-2018-8331 Microsoft Excel Remote Code Execution Vulnerability Important No No 1 N/A RCE
CVE-2018-8337 Windows Subsystem for Linux Security Feature Bypass Vulnerability Important No No 2 2 SFB
CVE-2018-8435 Windows Hyper-V Security Feature Bypass Vulnerability Important No No 2 2 SFB
CVE-2018-8449 Device Guard Security Feature Bypass Vulnerability Important No No 1 1 SFB
CVE-2018-8470 Internet Explorer Security Feature Bypass Vulnerability Important No No 1 1 SFB
CVE-2018-8425 Microsoft Edge Spoofing Vulnerability Important No No 1 N/A Spoof
CVE-2018-8426 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2018-8474 Lync for Mac 2011 Security Feature Bypass Vulnerability Moderate No No N/A 2 SFB

 

参考链接

https://blog.talosintelligence.com/2018/09/ms-tuesday.html

https://www.zerodayinitiative.com/blog/2018/9/11/the-september-2018-security-update-review

https://thehackernews.com/2018/09/microsoft-software-updates.html

https://www.bleepingcomputer.com/news/security/microsoft-september-2018-patch-tuesday-fixes-17-critical-vulnerabilities/

https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-september-2018

(完)