微软12月补丁日回顾 | 平平淡淡才是真 - 一念悟道|一念成魔，一念成佛

微软发布12月份安全补丁，修复39个安全漏洞

微软在昨日例行更新中发布了12月份的安全补丁，修复了39个安全漏洞。其中有9个漏洞被标记为关键漏洞。

相比上月来说，修复的大大小小的漏洞数量少了三分之一，从一方面来说，可能这一个月漏洞数量稍少，不过从另一方面来说，也可能有不少漏洞都需要不止一个月的时间去修复，具体情况下月便可知晓。

微软连续第四个月补丁日修复0day漏洞

此次补丁日是微软连读第四个月修复已有在野利用的0day漏洞，与往常相比不同的是，这次的0day漏洞被两个APT组织接连使用。不过与上个月相同，这次0day漏洞还是由卡巴斯基发现的。此次修复的0day漏洞为CVE-2018-8611，虽然CVSS评级并不是非常高，但依然属于高危漏洞，可用于本地提权。除此之外，此次补丁日还修复了一个之前披露过的漏洞，为CVE-2018-8517，是.NET框架的拒绝服务漏洞。此漏洞可用来实现远程拒绝服务攻击。

少见的语音引擎漏洞

此次修复的漏洞中有一个漏洞比较有意思，是TTS引擎的漏洞。此漏洞为远程代码执行漏洞但微软并未公布漏洞细节，如有安全需求请务必关闭此服务的网络连接。

其他重要漏洞

此次有5个漏洞均与Chakra引擎有关，但根据前几日的消息微软准备使用Chromium打造新的Edge浏览器并与Win10分离为两个产品线，不知道Chakra引擎以后将何去何从。CVE-2018-8587、CVE-2018-8590、CVE-2018-8628则分别是Outlook、Word及Powerpoint的代码执行漏洞，在钓鱼攻击中可能会起到作用。

Adobe发布安全补丁修复87个漏洞

与微软相比Adobe可谓是修复了成吨的漏洞，其中也包含前几日APT攻击中用到的Flash 0day漏洞。关于这个漏洞，微软此次也发布了安全通告。

漏洞列表

CVE
Title
Severity
Public
Exploited
XI – Latest
XI – Older
Type

CVE-2018-8611
Windows Kernel Elevation of Privilege Vulnerability
Important
No
Yes
1
0
EoP

CVE-2018-8517
.NET Framework Denial Of Service Vulnerability
Important
Yes
No
3
3
DoS

CVE-2018-8540
.NET Framework Remote Code Injection Vulnerability
Critical
No
No
2
2
RCE

CVE-2018-8583
Chakra Scripting Engine Memory Corruption Vulnerability
Critical
No
No
1
N/A
RCE

CVE-2018-8617
Chakra Scripting Engine Memory Corruption Vulnerability
Critical
No
No
1
N/A
RCE

CVE-2018-8618
Chakra Scripting Engine Memory Corruption Vulnerability
Critical
No
No
1
N/A
RCE

CVE-2018-8624
Chakra Scripting Engine Memory Corruption Vulnerability
Critical
No
No
1
N/A
RCE

CVE-2018-8626
Windows DNS Server Heap Overflow Vulnerability
Critical
No
No
2
2
RCE

CVE-2018-8629
Chakra Scripting Engine Memory Corruption Vulnerability
Critical
No
No
1
N/A
RCE

CVE-2018-8631
Internet Explorer Memory Corruption Vulnerability
Critical
No
No
1
1
RCE

CVE-2018-8634
Microsoft Text-To-Speech Remote Code Execution Vulnerability
Critical
No
No
1
1
RCE

CVE-2018-8477
Windows Kernel Information Disclosure Vulnerability
Important
No
No
1
1
Info

CVE-2018-8514
Remote Procedure Call runtime Information Disclosure Vulnerability
Important
No
No
2
2
Info

CVE-2018-8580
Microsoft SharePoint Information Disclosure Vulnerability
Important
No
No
3
3
Info

CVE-2018-8587
Microsoft Outlook Remote Code Execution Vulnerability
Important
No
No
1
1
RCE

CVE-2018-8595
Windows GDI Information Disclosure Vulnerability
Important
No
No
1
1
Info

CVE-2018-8596
Windows GDI Information Disclosure Vulnerability
Important
No
No
1
1
Info

CVE-2018-8597
Microsoft Excel Remote Code Execution Vulnerability
Important
No
No
1
1
RCE

CVE-2018-8598
Microsoft Excel Information Disclosure Vulnerability
Important
No
No
2
2
Info

CVE-2018-8599
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
Important
No
No
1
1
EoP

CVE-2018-8604
Microsoft Exchange Server Tampering Vulnerability
Important
No
No
2
2
Tampering

CVE-2018-8612
Connected User Experiences and Telemetry Service Denial of Service Vulnerability
Important
No
No
1
1
DoS

CVE-2018-8619
Internet Explorer Remote Code Execution Vulnerability
Important
No
No
1
1
RCE

CVE-2018-8621
Windows Kernel Information Disclosure Vulnerability
Important
No
No
N/A
1
Info

CVE-2018-8622
Windows Kernel Information Disclosure Vulnerability
Important
No
No
N/A
1
Info

CVE-2018-8625
Windows VBScript Engine Remote Code Execution Vulnerability
Important
No
No
1
1
RCE

CVE-2018-8627
Microsoft Excel Information Disclosure Vulnerability
Important
No
No
2
2
Info

CVE-2018-8628
Microsoft PowerPoint Remote Code Execution Vulnerability
Important
No
No
1
1
RCE

CVE-2018-8635
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Important
No
No
3
3
EoP

CVE-2018-8636
Microsoft Excel Remote Code Execution Vulnerability
Important
No
No
2
2
RCE

CVE-2018-8637
Win32k Information Disclosure Vulnerability
Important
No
No
1
1
Info

CVE-2018-8638
DirectX Information Disclosure Vulnerability
Important
No
No
1
1
Info

CVE-2018-8639
Win32k Elevation of Privilege Vulnerability
Important
No
No
1
1
EoP

CVE-2018-8641
Win32k Elevation of Privilege Vulnerability
Important
No
No
1
1
EoP

CVE-2018-8643
Scripting Engine Memory Corruption Vulnerability
Important
No
No
1
1
RCE

CVE-2018-8649
Windows Denial of Service Vulnerability
Important
No
No
N/A
N/A
DoS

CVE-2018-8650
Microsoft Office SharePoint XSS Vulnerability
Important
No
No
N/A
N/A
XSS

CVE-2018-8651
Microsoft Dynamics NAV Cross Site Scripting Vulnerability
Important
No
No
2
2
XSS

CVE-2018-8652
Windows Azure Pack Cross Site Scripting Vulnerability
Important
No
No
N/A
N/A
XSS

参考链接

https://www.thezdi.com/blog/2018/12/11/the-december-2018-security-update-review

https://blog.talosintelligence.com/2018/12/microsoft-patch-tuesday-december-2018.html

https://www.zdnet.com/article/for-the-fourth-month-in-a-row-microsoft-patches-windows-zero-day-used-in-the-wild/

https://www.bleepingcomputer.com/news/microsoft/microsoft-december-2018-patch-tuesday-fixes-actively-used-zero-day-vulnerability/

https://krebsonsecurity.com/2018/12/patch-tuesday-december-2018-edition/

文章原文链接:https://www.anquanke.com/post/id/167759