微软发布10月份安全补丁,修复49个安全漏洞
微软在昨日例行更新中发布了10月份的安全补丁,修复了49个安全漏洞。其中有12个漏洞被标记为关键漏洞,35个为重要漏洞,1个为中等严重漏洞,1个为低风险漏洞。
此次更新相比上月漏洞数量稍少,其中CVE-2018-8453漏洞在近日被APT组织FruityArmor用于攻击活动中,上月ZDI披露的CVE-2018-8423漏洞也被修复。
CVE-2018-8453 Win32k提权漏洞
CVE-2018-8453漏洞最初由卡巴斯基实验室观测到在野利用,经过后续研究发现其被APT组织FruityArmor用于攻击活动中,这也是该组织第三次利用0day漏洞(CVE-2016-3393、CVE-2018-5002 )。不过此漏洞不能导致远程代码执行,只能用于感染机器后实现提权。
CVE-2018-8423 JET引擎远程代码执行漏洞
此漏洞是9月21日由一位安全研究员披露并公布PoC(微软未在120天内修复该漏洞),该漏洞最初由趋势科技研究员Lucas Leong发现,后经ZDI分析,影响当前受支持的所有Windows版本。在5月8日向微软提交后,微软于5月14日确认了该漏洞但一直没有进行修复,在达到披露期限后于上月安全研究员公开了该漏洞并放出了相关PoC。此漏洞在本次更新中已经成功修复。
漏洞详情列表
CVE
Title
Severity
Public
Exploited
Type
CVE-2018-8453
Win32k Elevation of Privilege Vulnerability
Important
No
Yes
EoP
CVE-2018-8423
Microsoft JET Database Engine Remote Code Execution Vulnerability
Important
Yes
No
RCE
CVE-2018-8497
Windows Kernel Elevation of Privilege Vulnerability
Important
Yes
No
EoP
CVE-2018-8531
Azure IoT Device Client SDK Memory Corruption Vulnerability
Important
Yes
No
RCE
CVE-2018-8460
Internet Explorer Memory Corruption Vulnerability
Critical
No
No
RCE
CVE-2018-8473
Microsoft Edge Memory Corruption Vulnerability
Critical
No
No
RCE
CVE-2018-8489
Windows Hyper-V Remote Code Execution Vulnerability
Critical
No
No
RCE
CVE-2018-8490
Windows Hyper-V Remote Code Execution Vulnerability
Critical
No
No
RCE
CVE-2018-8491
Internet Explorer Memory Corruption Vulnerability
Critical
No
No
RCE
CVE-2018-8494
MS XML Remote Code Execution Vulnerability
Critical
No
No
RCE
CVE-2018-8500
Scripting Engine Memory Corruption Vulnerability
Critical
No
No
RCE
CVE-2018-8505
Chakra Scripting Engine Memory Corruption Vulnerability
Critical
No
No
RCE
CVE-2018-8509
Microsoft Edge Memory Corruption Vulnerability
Critical
No
No
RCE
CVE-2018-8510
Chakra Scripting Engine Memory Corruption Vulnerability
Critical
No
No
RCE
CVE-2018-8511
Chakra Scripting Engine Memory Corruption Vulnerability
Critical
No
No
RCE
CVE-2018-8513
Chakra Scripting Engine Memory Corruption Vulnerability
Critical
No
No
RCE
CVE-2010-3190
MFC Insecure Library Loading Vulnerability
Important
No
No
RCE
CVE-2018-8265
Microsoft Exchange Server Elevation of Privilege Vulnerability
Important
No
No
EoP
CVE-2018-8320
Windows DNS Security Feature Bypass Vulnerability
Important
No
No
SFB
CVE-2018-8329
Linux On Windows Elevation Of Privilege Vulnerability
Important
No
No
EoP
CVE-2018-8330
Windows Kernel Information Disclosure Vulnerability
Important
No
No
Info
CVE-2018-8333
Microsoft Filter Manager Elevation Of Privilege Vulnerability
Important
No
No
EoP
CVE-2018-8411
NTFS Elevation of Privilege Vulnerability
Important
No
No
EoP
CVE-2018-8413
Windows Theme API Remote Code Execution Vulnerability
Important
No
No
RCE
CVE-2018-8427
Microsoft Graphics Components Information Disclosure Vulnerability
Important
No
No
Info
CVE-2018-8432
Microsoft Graphics Components Remote Code Execution Vulnerability
Important
No
No
RCE
CVE-2018-8448
Microsoft Exchange Server Elevation of Privilege Vulnerability
Important
No
No
EoP
CVE-2018-8472
Windows GDI Information Disclosure Vulnerability
Important
No
No
Info
CVE-2018-8480
Microsoft SharePoint Elevation of Privilege Vulnerability
Important
No
No
EoP
CVE-2018-8481
Windows Media Player Information Disclosure Vulnerability
Important
No
No
Info
CVE-2018-8482
Windows Media Player Information Disclosure Vulnerability
Important
No
No
Info
CVE-2018-8484
DirectX Graphics Kernel Elevation of Privilege Vulnerability
Important
No
No
EoP
CVE-2018-8486
DirectX Information Disclosure Vulnerability
Important
No
No
Info
CVE-2018-8488
Microsoft SharePoint Elevation of Privilege Vulnerability
Important
No
No
EoP
CVE-2018-8492
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Important
No
No
SFB
CVE-2018-8493
Windows TCP/IP Information Disclosure Vulnerability
Important
No
No
Info
CVE-2018-8495
Windows Shell Remote Code Execution Vulnerability
Important
No
No
RCE
CVE-2018-8498
Microsoft SharePoint Elevation of Privilege Vulnerability
Important
No
No
EoP
CVE-2018-8501
Microsoft PowerPoint Security Feature Bypass Vulnerability
Important
No
No
SFB
CVE-2018-8502
Microsoft Excel Security Feature Bypass Vulnerability
Important
No
No
SFB
CVE-2018-8504
Microsoft Word Security Feature Bypass Vulnerability
Important
No
No
SFB
CVE-2018-8506
Microsoft Windows Codecs Library Information Disclosure Vulnerability
Important
No
No
Info
CVE-2018-8512
Microsoft Edge Security Feature Bypass Vulnerability
Important
No
No
SFB
CVE-2018-8518
Microsoft SharePoint Elevation of Privilege Vulnerability
Important
No
No
EoP
CVE-2018-8527
SQL Server Management Studio Information Disclosure
Important
No
No
Info
CVE-2018-8530
Microsoft Edge Security Feature Bypass Vulnerability
Important
No
No
SFB
CVE-2018-8532
SQL Server Management Studio Information Disclosure
Important
No
No
Info
CVE-2018-8533
SQL Server Management Studio Information Disclosure
Moderate
No
No
Info
CVE-2018-8503
Chakra Scripting Engine Memory Corruption Vulnerability
Low
No
No
RCE
参考链接
https://thehackernews.com/2018/09/windows-zero-day-vulnerability.html
https://www.thezdi.com/blog/2018/10/9/the-october-2018-security-update-review
https://blog.talosintelligence.com/2018/10/ms-tuesday.html
文章原文链接:https://www.anquanke.com/post/id/161504
