微软发布9月份安全补丁,修复61个安全漏洞
微软在昨日例行更新中发布了9月份的安全补丁,修复了61个安全漏洞。其中有17个漏洞被标记为关键漏洞,43个为重要漏洞,1个为中等严重漏洞。此次更新兑现了上次官方的承诺,修复了近日某安全研究员在推特上公布的计划任务0day漏洞(此漏洞之前已经有第三方安全补丁进行修复)。
此次漏洞与以往相同,涉及到微软主流产品,包括Edge,Windows,IE,Office,.NET Framework等。
四个漏洞此前已经公开,存在被利用可能性
CVE-2018-8475 Windows远程代码执行漏洞
此漏洞影响当前所有的Windows版本(包括Win10),并且利用方式非常简单,攻击者只需要诱导用户查看一张攻击者特制的图像文件即可实施攻击。
鉴于其利用方式,未来可能会有非常多的钓鱼攻击会利用此漏洞。
CVE-2018-8440 Windows ALPC提权漏洞
此漏洞为近日某安全研究员在推特上公布的漏洞,该漏洞可让攻击者实现提权,此前PoC已经发布在Github上,并且短时间内第三方安全补丁和解决方案也及时公布。此次官方正式修复了该漏洞。
CVE-2018-8457 Scripting Engine内存破坏漏洞
该漏洞影响IE 10与11,同时还影响Edge,可让攻击者实现以当前登录用户的权限实施远程代码执行。
CVE-2018-8409 System.IO.Pipelines 拒绝服务漏洞
此漏洞为ASP.NET中的漏洞,当System.IO.Pipelines处理请求发生错误时会导致拒绝服务,攻击者可在未授权状态下远程触发此漏洞。
其他需要解决的漏洞
Talos和ZDI总结了当前需要立即更新解决的危险漏洞,除上述漏洞外还有以下这些:
CVE-2018-0965/8439
此漏洞因处理用户输入时未进行有效验证,可让攻击者在虚拟机中通过Hyper-V底层执行命令,虽然官方定义为远程代码执行,但实际上攻击者需要在Guest虚拟机中执行命令。
CVE-2018-8449
此漏洞可让攻击者绕过Device Guard的安全签名机制从而执行恶意软件。
CVE-2018-8367
此漏洞为Chakra脚本引擎中的远程代码执行漏洞,处理Edge内存对象出现错误时可让攻击者以当前用户权限远程执行代码。
CVE-2018-8420
此漏洞为MSXML的远程代码执行漏洞,攻击者诱导用户访问恶意网站后可实现远程代码执行。
CVE-2018-8461/8447
此漏洞为IE中的远程代码执行漏洞,与上一个漏洞相同可让攻击者诱导用户访问恶意网站后以当前登录用户权限实现远程代码执行。
CVE-2018-8332
此漏洞为字体库的远程代码执行漏洞,攻击者可通过诱导用户访问恶意网站、恶意文档等方式实现远程代码执行。
CVE-2018-8391
此漏洞为Chakra脚本引擎的远程代码执行漏洞,只有当用户以管理员身份登录时,攻击者才可利用此漏洞。
CVE-2018-8456/8459
此漏洞为Chakra脚本引擎的远程代码执行漏洞,当其处理内存对象发生错误时,攻击者可以当前登录用户权限实现远程代码执行。
CVE-2018-8464
此漏洞为Edge中的远程代码执行漏洞,存在于内置的PDF阅读器中。攻击者可诱导用户访问恶意PDF实现远程代码执行。
漏洞详情列表
CVE | Title | Severity | Public | Exploited | XI – Latest | XI – Older | Type |
CVE-2018-8440 | Windows ALPC Elevation of Privilege Vulnerability | Important | Yes | Yes | 1 | 1 | EoP |
CVE-2018-8475 | Windows Remote Code Execution Vulnerability | Critical | Yes | No | 1 | 1 | RCE |
CVE-2018-8457 | Scripting Engine Memory Corruption Vulnerability | Critical | Yes | No | 1 | N/A | RCE |
CVE-2018-8409 | ASP.NET Core Denial of Service | Important | Yes | No | 2 | 2 | DoS |
CVE-2018-0965 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | No | No | N/A | 2 | RCE |
CVE-2018-8367 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A | RCE |
CVE-2018-8420 | MS XML Remote Code Execution Vulnerability | Critical | No | No | 1 | 1 | RCE |
CVE-2018-8461 | Internet Explorer Memory Corruption Vulnerability | Critical | No | No | 1 | 1 | RCE |
CVE-2018-8332 | Win32k Graphics Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2018-8391 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A | RCE |
CVE-2018-8421 | .NET Framework Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2018-8439 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2018-8447 | Internet Explorer Memory Corruption Vulnerability | Critical | No | No | 1 | 1 | RCE |
CVE-2018-8456 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A | RCE |
CVE-2018-8459 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A | RCE |
CVE-2018-8464 | Microsoft Edge PDF Remote Code Execution Vulnerability | Critical | No | No | 1 | N/A | RCE |
CVE-2018-8465 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A | RCE |
CVE-2018-8466 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A | RCE |
CVE-2018-8467 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A | RCE |
CVE-2018-8479 | Azure IoT SDK Spoofing Vulnerability | Important | No | No | N/A | N/A | Spoof |
CVE-2018-8269 | Odata Denial of Service Vulnerability | Important | No | No | 2 | 2 | DoS |
CVE-2018-8335 | Windows SMB Denial of Service Vulnerability | Important | No | No | 2 | 2 | DoS |
CVE-2018-8436 | Windows Hyper-V Denial of Service Vulnerability | Important | No | No | 2 | 2 | DoS |
CVE-2018-8437 | Windows Hyper-V Denial of Service Vulnerability | Important | No | No | 2 | 2 | DoS |
CVE-2018-8438 | Windows Denial of Service Vulnerability | Important | No | No | 2 | 2 | DoS |
CVE-2018-8410 | Windows Registry Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
CVE-2018-8462 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
CVE-2018-8428 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2018-8431 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2018-8441 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2018-8455 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2018-8463 | Microsoft Edge Elevation of Privilege Vulnerability | Important | No | No | 1 | N/A | EoP |
CVE-2018-8468 | Windows Elevation of Privilege Vulnerability | Important | No | No | 1 | N/A | EoP |
CVE-2018-8469 | Microsoft Edge Elevation of Privilege Vulnerability | Important | No | No | 1 | N/A | EoP |
CVE-2018-8271 | Windows Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2018-8315 | Microsoft Scripting Engine Information Disclosure Vulnerability | Important | No | No | 2 | N/A | Info |
CVE-2018-8336 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | N/A | 2 | Info |
CVE-2018-8419 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2018-8424 | Windows GDI Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2018-8433 | Microsoft Graphics Component Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2018-8429 | Microsoft Excel Information Disclosure Vulnerability | Important | No | No | 2 | N/A | Info |
CVE-2018-8434 | Windows Hyper-V Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2018-8442 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | 1 | 1 | Info |
CVE-2018-8443 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2018-8444 | Windows SMB Information Disclosure Vulnerability | Important | No | No | N/A | 2 | Info |
CVE-2018-8445 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2018-8446 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2018-8452 | Scripting Engine Information Disclosure Vulnerability | Important | No | No | 1 | N/A | Info |
CVE-2018-8354 | Scripting Engine Memory Corruption Vulnerability | Important | No | No | 1 | N/A | RCE |
CVE-2018-8366 | Microsoft Edge Information Disclosure Vulnerability | Important | No | No | 1 | N/A | RCE |
CVE-2018-8392 | Microsoft JET Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2018-8393 | Microsoft JET Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2018-8430 | Word PDF Remote Code Execution Vulnerability | Important | No | No | 1 | 1 | RCE |
CVE-2018-8331 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | 1 | N/A | RCE |
CVE-2018-8337 | Windows Subsystem for Linux Security Feature Bypass Vulnerability | Important | No | No | 2 | 2 | SFB |
CVE-2018-8435 | Windows Hyper-V Security Feature Bypass Vulnerability | Important | No | No | 2 | 2 | SFB |
CVE-2018-8449 | Device Guard Security Feature Bypass Vulnerability | Important | No | No | 1 | 1 | SFB |
CVE-2018-8470 | Internet Explorer Security Feature Bypass Vulnerability | Important | No | No | 1 | 1 | SFB |
CVE-2018-8425 | Microsoft Edge Spoofing Vulnerability | Important | No | No | 1 | N/A | Spoof |
CVE-2018-8426 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2018-8474 | Lync for Mac 2011 Security Feature Bypass Vulnerability | Moderate | No | No | N/A | 2 | SFB |
参考链接
https://blog.talosintelligence.com/2018/09/ms-tuesday.html
https://www.zerodayinitiative.com/blog/2018/9/11/the-september-2018-security-update-review
https://thehackernews.com/2018/09/microsoft-software-updates.html
https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-september-2018