微软12月补丁日回顾 | 平平淡淡才是真

微软发布12月份安全补丁,修复39个安全漏洞

微软在昨日例行更新中发布了12月份的安全补丁,修复了39个安全漏洞。其中有9个漏洞被标记为关键漏洞。

相比上月来说,修复的大大小小的漏洞数量少了三分之一,从一方面来说,可能这一个月漏洞数量稍少,不过从另一方面来说,也可能有不少漏洞都需要不止一个月的时间去修复,具体情况下月便可知晓。

 

微软连续第四个月补丁日修复0day漏洞

此次补丁日是微软连读第四个月修复已有在野利用的0day漏洞,与往常相比不同的是,这次的0day漏洞被两个APT组织接连使用。不过与上个月相同,这次0day漏洞还是由卡巴斯基发现的。此次修复的0day漏洞为CVE-2018-8611,虽然CVSS评级并不是非常高,但依然属于高危漏洞,可用于本地提权。除此之外,此次补丁日还修复了一个之前披露过的漏洞,为CVE-2018-8517,是.NET框架的拒绝服务漏洞。此漏洞可用来实现远程拒绝服务攻击。

 

少见的语音引擎漏洞

此次修复的漏洞中有一个漏洞比较有意思,是TTS引擎的漏洞。此漏洞为远程代码执行漏洞但微软并未公布漏洞细节,如有安全需求请务必关闭此服务的网络连接。

 

其他重要漏洞

此次有5个漏洞均与Chakra引擎有关,但根据前几日的消息微软准备使用Chromium打造新的Edge浏览器并与Win10分离为两个产品线,不知道Chakra引擎以后将何去何从。CVE-2018-8587、CVE-2018-8590、CVE-2018-8628则分别是Outlook、Word及Powerpoint的代码执行漏洞,在钓鱼攻击中可能会起到作用。

 

Adobe发布安全补丁修复87个漏洞

与微软相比Adobe可谓是修复了成吨的漏洞,其中也包含前几日APT攻击中用到的Flash 0day漏洞。关于这个漏洞,微软此次也发布了安全通告。

 

漏洞列表

CVE Title Severity Public Exploited XI – Latest XI – Older Type
CVE-2018-8611 Windows Kernel Elevation of Privilege Vulnerability Important No Yes 1 0 EoP
CVE-2018-8517 .NET Framework Denial Of Service Vulnerability Important Yes No 3 3 DoS
CVE-2018-8540 .NET Framework Remote Code Injection Vulnerability Critical No No 2 2 RCE
CVE-2018-8583 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2018-8617 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2018-8618 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2018-8624 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2018-8626 Windows DNS Server Heap Overflow Vulnerability Critical No No 2 2 RCE
CVE-2018-8629 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2018-8631 Internet Explorer Memory Corruption Vulnerability Critical No No 1 1 RCE
CVE-2018-8634 Microsoft Text-To-Speech Remote Code Execution Vulnerability Critical No No 1 1 RCE
CVE-2018-8477 Windows Kernel Information Disclosure Vulnerability Important No No 1 1 Info
CVE-2018-8514 Remote Procedure Call runtime Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2018-8580 Microsoft SharePoint Information Disclosure Vulnerability Important No No 3 3 Info
CVE-2018-8587 Microsoft Outlook Remote Code Execution Vulnerability Important No No 1 1 RCE
CVE-2018-8595 Windows GDI Information Disclosure Vulnerability Important No No 1 1 Info
CVE-2018-8596 Windows GDI Information Disclosure Vulnerability Important No No 1 1 Info
CVE-2018-8597 Microsoft Excel Remote Code Execution Vulnerability Important No No 1 1 RCE
CVE-2018-8598 Microsoft Excel Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2018-8599 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2018-8604 Microsoft Exchange Server Tampering Vulnerability Important No No 2 2 Tampering
CVE-2018-8612 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Important No No 1 1 DoS
CVE-2018-8619 Internet Explorer Remote Code Execution Vulnerability Important No No 1 1 RCE
CVE-2018-8621 Windows Kernel Information Disclosure Vulnerability Important No No N/A 1 Info
CVE-2018-8622 Windows Kernel Information Disclosure Vulnerability Important No No N/A 1 Info
CVE-2018-8625 Windows VBScript Engine Remote Code Execution Vulnerability Important No No 1 1 RCE
CVE-2018-8627 Microsoft Excel Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2018-8628 Microsoft PowerPoint Remote Code Execution Vulnerability Important No No 1 1 RCE
CVE-2018-8635 Microsoft SharePoint Server Elevation of Privilege Vulnerability Important No No 3 3 EoP
CVE-2018-8636 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2018-8637 Win32k Information Disclosure Vulnerability Important No No 1 1 Info
CVE-2018-8638 DirectX Information Disclosure Vulnerability Important No No 1 1 Info
CVE-2018-8639 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2018-8641 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2018-8643 Scripting Engine Memory Corruption Vulnerability Important No No 1 1 RCE
CVE-2018-8649 Windows Denial of Service Vulnerability Important No No N/A N/A DoS
CVE-2018-8650 Microsoft Office SharePoint XSS Vulnerability Important No No N/A N/A XSS
CVE-2018-8651 Microsoft Dynamics NAV Cross Site Scripting Vulnerability Important No No 2 2 XSS
CVE-2018-8652 Windows Azure Pack Cross Site Scripting Vulnerability Important No No N/A N/A XSS

 

参考链接

https://www.thezdi.com/blog/2018/12/11/the-december-2018-security-update-review

https://blog.talosintelligence.com/2018/12/microsoft-patch-tuesday-december-2018.html

https://www.zdnet.com/article/for-the-fourth-month-in-a-row-microsoft-patches-windows-zero-day-used-in-the-wild/

https://www.bleepingcomputer.com/news/microsoft/microsoft-december-2018-patch-tuesday-fixes-actively-used-zero-day-vulnerability/

https://krebsonsecurity.com/2018/12/patch-tuesday-december-2018-edition/

 

(完)