微软发布11月份安全补丁,修复62个安全漏洞
微软在昨日例行更新中发布了11月份的安全补丁,修复了62个安全漏洞。其中有13个漏洞被标记为关键漏洞。
继上次微软10月份更新像一剂猛毒般破坏了众多用户电脑后,微软于发布更新10天后撤下了更新,并于昨日重新发布,需要10月更新的用户可再次试水。
此次更新修复了众多已经出现在野攻击利用的漏洞,用户应及时应用更新补丁,当然这次最好提前最好数据备份。
漏洞摘要
此次更新涉及到的产品主要是浏览器的脚本引擎和Office,它们这次差不多占了补丁的半边天。同时这次还有一个蛮奇葩的漏洞,还是和刚才“臭名昭著”的10月份更新有关(1809),攻击者可在物理接触的情况下利用10月份更新进行提权,而此次11月份更新则修复了黑客可利用10月份更新进行提权的漏洞。
关于此漏洞的原理之类的官方公告并未细说,只是说通过安装更新后修改内置账户的方式修复此漏洞。
在野攻击0day漏洞修复
此次更新比较重要的一点是修复了之前已被在野利用的0day漏洞:CVE-2018-8589,此漏洞为卡巴斯基实验室发现,据称已被多个APT组织利用。漏洞为提权漏洞,影响系统中的Win32k组件,在APT组织找到方法入侵目标设备后即可实现提权(想必并不复杂)。关于此漏洞的分析文章预计将于近日发出。这也是近月以来修复的第二个提权漏洞了,上个月修复的CVE-2018-8453也被FruityArmor利用。
在野未攻击0day漏洞未修复
虽然刚讲过好消息,但是还有坏消息:推特上披露的0day漏洞还未修复(就是可以任意删除文件的那个,虽然除了删除敏感文件破坏计算机说不定还能删个WAF什么的,但依然没有太大作用)。毕竟10月底才披露的也不能苛责微软太多,不过可见推特治安还是有其局限性。虽然作者(这也是第二次推特披露)之后很快删除了推特,但Github项目并未删除且已被fork多次,虽然现在还未出现在野利用的消息,但接下来的一个月内恐怕可能会出现较为严重的问题。
并非漏洞的漏洞要修复
微软也发布了一个安全通告,详细指导用户该如何正确配置固态硬盘的BitLocker。这也是为了应对前日曝出的硬盘加密绕过漏洞,包括三星EVO等经典型号都会受到影响。
Adobe同样发布安全更新
就像上次说的,PoC是第一生产力。ColdFusion漏洞在例行更新时不温不火,过了月余在前日出现在野利用时便迅速占据了热点,不过不少企业肯定在例行补丁刚出时就已经及时分析并应用更新了。
此次更新也是一样,修复了Flash中的几个漏洞。虽然Flash大限将至,没两个月也快到2019了,但是Adobe对Flash还是尽了一点点心意。但是微软很不领情,除了督促用户尽快更新至最新版Flash外,还建议用户不要在自己的浏览器上开启(安装)Flash。
漏洞列表
Tag
CVE ID
CVE Title
.NET Core
CVE-2018-8416
.NET Core Tampering Vulnerability
Active Directory
CVE-2018-8547
Active Directory Federation Services XSS Vulnerability
Adobe Flash Player
ADV180025
November 2018 Adobe Flash Security Update
Azure
CVE-2018-8600
Azure App Service Cross-site Scripting Vulnerability
BitLocker
CVE-2018-8566
BitLocker Security Feature Bypass Vulnerability
Internet Explorer
CVE-2018-8570
Internet Explorer Memory Corruption Vulnerability
Microsoft Drivers
CVE-2018-8471
Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability
Microsoft Dynamics
CVE-2018-8605
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft Dynamics
CVE-2018-8607
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft Dynamics
CVE-2018-8606
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft Dynamics
CVE-2018-8609
Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability
Microsoft Dynamics
CVE-2018-8608
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft Edge
CVE-2018-8564
Microsoft Edge Spoofing Vulnerability
Microsoft Edge
CVE-2018-8545
Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge
CVE-2018-8567
Microsoft Edge Elevation of Privilege Vulnerability
Microsoft Exchange Server
CVE-2018-8581
Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Graphics Component
CVE-2018-8565
Win32k Information Disclosure Vulnerability
Microsoft Graphics Component
CVE-2018-8485
DirectX Elevation of Privilege Vulnerability
Microsoft Graphics Component
CVE-2018-8562
Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component
CVE-2018-8553
Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft Graphics Component
CVE-2018-8561
DirectX Elevation of Privilege Vulnerability
Microsoft Graphics Component
CVE-2018-8554
DirectX Elevation of Privilege Vulnerability
Microsoft Graphics Component
CVE-2018-8563
DirectX Information Disclosure Vulnerability
Microsoft JScript
CVE-2018-8417
Microsoft JScript Security Feature Bypass Vulnerability
Microsoft Office
CVE-2018-8579
Microsoft Outlook Information Disclosure Vulnerability
Microsoft Office
CVE-2018-8577
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office
CVE-2018-8575
Microsoft Project Remote Code Execution Vulnerability
Microsoft Office
CVE-2018-8576
Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office
CVE-2018-8522
Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office
CVE-2018-8524
Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office
CVE-2018-8539
Microsoft Word Remote Code Execution Vulnerability
Microsoft Office
CVE-2018-8558
Microsoft Outlook Information Disclosure Vulnerability
Microsoft Office
CVE-2018-8573
Microsoft Word Remote Code Execution Vulnerability
Microsoft Office
CVE-2018-8574
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office
CVE-2018-8582
Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office SharePoint
CVE-2018-8578
Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint
CVE-2018-8572
Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint
CVE-2018-8568
Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft PowerShell
CVE-2018-8256
Microsoft PowerShell Remote Code Execution Vulnerability
Microsoft PowerShell
CVE-2018-8415
Microsoft PowerShell Tampering Vulnerability
Microsoft RPC
CVE-2018-8407
MSRPC Information Disclosure Vulnerability
Microsoft Scripting Engine
CVE-2018-8557
Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine
CVE-2018-8552
Windows Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine
CVE-2018-8551
Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine
CVE-2018-8556
Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine
CVE-2018-8555
Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine
CVE-2018-8541
Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine
CVE-2018-8542
Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine
CVE-2018-8588
Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine
CVE-2018-8544
Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Scripting Engine
CVE-2018-8543
Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Windows
CVE-2018-8592
Windows Elevation Of Privilege Vulnerability
Microsoft Windows
ADV180028
Guidance for configuring BitLocker to enforce software encryption
Microsoft Windows
CVE-2018-8476
Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
Microsoft Windows
CVE-2018-8584
Windows ALPC Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2018-8550
Windows COM Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2018-8549
Windows Security Feature Bypass Vulnerability
Microsoft Windows Search Component
CVE-2018-8450
Windows Search Remote Code Execution Vulnerability
Servicing Stack Updates
ADV990001
Latest Servicing Stack Updates
Skype for Business and Microsoft Lync
CVE-2018-8546
Microsoft Skype for Business Denial of Service Vulnerability
Team Foundation Server
CVE-2018-8602
Team Foundation Server Cross-site Scripting Vulnerability
Windows Audio Service
CVE-2018-8454
Windows Audio Service Information Disclosure Vulnerability
Windows Kernel
CVE-2018-8589
Windows Win32k Elevation of Privilege Vulnerability
Windows Kernel
CVE-2018-8408
Windows Kernel Information Disclosure Vulnerability
参考链接
https://www.ghacks.net/2018/11/13/microsoft-windows-security-updates-november-2018-release-overview/
https://www.trustwave.com/Resources/SpiderLabs-Blog/Microsoft-Patch-Tuesday,-November-2018/
https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-november-2018
https://blog.talosintelligence.com/2018/11/microsoft-patch-tuesday-october-2018_13.html
文章原文链接:https://www.anquanke.com/post/id/164223
