国产亚洲精品日韩香蕉网,久久三级电影,天天操天天操

微軟10月補丁日回顧 | PoC是第一生產(chǎn)力

責(zé)編：gltian ｜2018-10-10 13:17:14

微軟發(fā)布10月份安全補丁，修復(fù)49個安全漏洞

微軟在昨日例行更新中發(fā)布了10月份的安全補丁，修復(fù)了49個安全漏洞。其中有12個漏洞被標(biāo)記為關(guān)鍵漏洞，35個為重要漏洞，1個為中等嚴(yán)重漏洞，1個為低風(fēng)險漏洞。

此次更新相比上月漏洞數(shù)量稍少，其中CVE-2018-8453漏洞在近日被APT組織FruityArmor用于攻擊活動中，上月ZDI披露的CVE-2018-8423漏洞也被修復(fù)。

CVE-2018-8453 Win32k提權(quán)漏洞

CVE-2018-8453漏洞最初由卡巴斯基實驗室觀測到在野利用，經(jīng)過后續(xù)研究發(fā)現(xiàn)其被APT組織FruityArmor用于攻擊活動中，這也是該組織第三次利用0day漏洞（CVE-2016-3393、CVE-2018-5002?）。不過此漏洞不能導(dǎo)致遠(yuǎn)程代碼執(zhí)行，只能用于感染機器后實現(xiàn)提權(quán)。

CVE-2018-8423 JET引擎遠(yuǎn)程代碼執(zhí)行漏洞

此漏洞是9月21日由一位安全研究員披露并公布PoC（微軟未在120天內(nèi)修復(fù)該漏洞），該漏洞最初由趨勢科技研究員Lucas Leong發(fā)現(xiàn)，后經(jīng)ZDI分析，影響當(dāng)前受支持的所有Windows版本。在5月8日向微軟提交后，微軟于5月14日確認(rèn)了該漏洞但一直沒有進(jìn)行修復(fù)，在達(dá)到披露期限后于上月安全研究員公開了該漏洞并放出了相關(guān)PoC。此漏洞在本次更新中已經(jīng)成功修復(fù)。

漏洞詳情列表

CVE	Title	Severity	Public	Exploited	Type
CVE-2018-8453	Win32k Elevation of Privilege Vulnerability	Important	No	Yes	EoP
CVE-2018-8423	Microsoft JET Database Engine Remote Code Execution Vulnerability	Important	Yes	No	RCE
CVE-2018-8497	Windows Kernel Elevation of Privilege Vulnerability	Important	Yes	No	EoP
CVE-2018-8531	Azure IoT Device Client SDK Memory Corruption Vulnerability	Important	Yes	No	RCE
CVE-2018-8460	Internet Explorer Memory Corruption Vulnerability	Critical	No	No	RCE
CVE-2018-8473	Microsoft Edge Memory Corruption Vulnerability	Critical	No	No	RCE
CVE-2018-8489	Windows Hyper-V Remote Code Execution Vulnerability	Critical	No	No	RCE
CVE-2018-8490	Windows Hyper-V Remote Code Execution Vulnerability	Critical	No	No	RCE
CVE-2018-8491	Internet Explorer Memory Corruption Vulnerability	Critical	No	No	RCE
CVE-2018-8494	MS XML Remote Code Execution Vulnerability	Critical	No	No	RCE
CVE-2018-8500	Scripting Engine Memory Corruption Vulnerability	Critical	No	No	RCE
CVE-2018-8505	Chakra Scripting Engine Memory Corruption Vulnerability	Critical	No	No	RCE
CVE-2018-8509	Microsoft Edge Memory Corruption Vulnerability	Critical	No	No	RCE
CVE-2018-8510	Chakra Scripting Engine Memory Corruption Vulnerability	Critical	No	No	RCE
CVE-2018-8511	Chakra Scripting Engine Memory Corruption Vulnerability	Critical	No	No	RCE
CVE-2018-8513	Chakra Scripting Engine Memory Corruption Vulnerability	Critical	No	No	RCE
CVE-2010-3190	MFC Insecure Library Loading Vulnerability	Important	No	No	RCE
CVE-2018-8265	Microsoft Exchange Server Elevation of Privilege Vulnerability	Important	No	No	EoP
CVE-2018-8320	Windows DNS Security Feature Bypass Vulnerability	Important	No	No	SFB
CVE-2018-8329	Linux On Windows Elevation Of Privilege Vulnerability	Important	No	No	EoP
CVE-2018-8330	Windows Kernel Information Disclosure Vulnerability	Important	No	No	Info
CVE-2018-8333	Microsoft Filter Manager Elevation Of Privilege Vulnerability	Important	No	No	EoP
CVE-2018-8411	NTFS Elevation of Privilege Vulnerability	Important	No	No	EoP
CVE-2018-8413	Windows Theme API Remote Code Execution Vulnerability	Important	No	No	RCE
CVE-2018-8427	Microsoft Graphics Components Information Disclosure Vulnerability	Important	No	No	Info
CVE-2018-8432	Microsoft Graphics Components Remote Code Execution Vulnerability	Important	No	No	RCE
CVE-2018-8448	Microsoft Exchange Server Elevation of Privilege Vulnerability	Important	No	No	EoP
CVE-2018-8472	Windows GDI Information Disclosure Vulnerability	Important	No	No	Info
CVE-2018-8480	Microsoft SharePoint Elevation of Privilege Vulnerability	Important	No	No	EoP
CVE-2018-8481	Windows Media Player Information Disclosure Vulnerability	Important	No	No	Info
CVE-2018-8482	Windows Media Player Information Disclosure Vulnerability	Important	No	No	Info
CVE-2018-8484	DirectX Graphics Kernel Elevation of Privilege Vulnerability	Important	No	No	EoP
CVE-2018-8486	DirectX Information Disclosure Vulnerability	Important	No	No	Info
CVE-2018-8488	Microsoft SharePoint Elevation of Privilege Vulnerability	Important	No	No	EoP
CVE-2018-8492	Device Guard Code Integrity Policy Security Feature Bypass Vulnerability	Important	No	No	SFB
CVE-2018-8493	Windows TCP/IP Information Disclosure Vulnerability	Important	No	No	Info
CVE-2018-8495	Windows Shell Remote Code Execution Vulnerability	Important	No	No	RCE
CVE-2018-8498	Microsoft SharePoint Elevation of Privilege Vulnerability	Important	No	No	EoP
CVE-2018-8501	Microsoft PowerPoint Security Feature Bypass Vulnerability	Important	No	No	SFB
CVE-2018-8502	Microsoft Excel Security Feature Bypass Vulnerability	Important	No	No	SFB
CVE-2018-8504	Microsoft Word Security Feature Bypass Vulnerability	Important	No	No	SFB
CVE-2018-8506	Microsoft Windows Codecs Library Information Disclosure Vulnerability	Important	No	No	Info
CVE-2018-8512	Microsoft Edge Security Feature Bypass Vulnerability	Important	No	No	SFB
CVE-2018-8518	Microsoft SharePoint Elevation of Privilege Vulnerability	Important	No	No	EoP
CVE-2018-8527	SQL Server Management Studio Information Disclosure	Important	No	No	Info
CVE-2018-8530	Microsoft Edge Security Feature Bypass Vulnerability	Important	No	No	SFB
CVE-2018-8532	SQL Server Management Studio Information Disclosure	Important	No	No	Info
CVE-2018-8533	SQL Server Management Studio Information Disclosure	Moderate	No	No	Info
CVE-2018-8503	Chakra Scripting Engine Memory Corruption Vulnerability	Low	No	No	RCE

參考鏈接

https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2018-patch-tuesday-fixes-12-critical-vulnerabilities/

https://thehackernews.com/2018/09/windows-zero-day-vulnerability.html

https://www.thezdi.com/blog/2018/10/9/the-october-2018-security-update-review

https://blog.talosintelligence.com/2018/10/ms-tuesday.html

上一篇：Gemalto公布2018上半年共945起數(shù)據(jù)泄露事件被統(tǒng)計 45億個人數(shù)據(jù)泄露

下一篇：如何利用臨時目錄繞過AppLocker CLM

压在透明的玻璃上c-国产精品国产一级A片精品免费-国产精品视频网-成人黄网站18秘 免费看|www.tcsft.com

微軟10月補丁日回顧 | PoC是第一生產(chǎn)力

压在透明的玻璃上c-国产精品国产一级A片精品免费-国产精品视频网-成人黄网站18秘免费看|www.tcsft.com