【漏洞情报】微软2018年11月补丁情报

【漏洞详情】

微软已发布2018年11月安全补丁，修复了64个安全漏洞，其中12个致命漏洞，产品涉及.NET Core、Azure、Microsoft Dynamics、Microsoft Edge、Microsoft Office、Microsoft Windows、Microsoft Scripting Engine等，修复的漏洞CVE编号列表如下，请用户根据自身业务情况安排补丁升级：

序号	产品	CVE编号	CVE标题
1	.NET Core	CVE-2018-8416	.NET Core Tampering Vulnerability
2	Active Directory	CVE-2018-8547	Active Directory Federation Services XSS Vulnerability
3	Adobe Flash Player	ADV180025	November 2018 Adobe Flash Security Update
4	Azure	CVE-2018-8600	Azure App Service Cross-site Scripting Vulnerability
5	BitLocker	CVE-2018-8566	BitLocker Security Feature Bypass Vulnerability
6	Internet Explorer	CVE-2018-8570	Internet Explorer Memory Corruption Vulnerability
7	Microsoft Drivers	CVE-2018-8471	Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability
8	Microsoft Dynamics	CVE-2018-8605	Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
9	Microsoft Dynamics	CVE-2018-8607	Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
10	Microsoft Dynamics	CVE-2018-8606	Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
11	Microsoft Dynamics	CVE-2018-8609	Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability
12	Microsoft Dynamics	CVE-2018-8608	Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
13	Microsoft Edge	CVE-2018-8564	Microsoft Edge Spoofing Vulnerability
14	Microsoft Edge	CVE-2018-8545	Microsoft Edge Information Disclosure Vulnerability
15	Microsoft Edge	CVE-2018-8567	Microsoft Edge Elevation of Privilege Vulnerability
16	Microsoft Exchange Server	CVE-2018-8581	Microsoft Exchange Server Elevation of Privilege Vulnerability
17	Microsoft Graphics Component	CVE-2018-8565	Win32k Information Disclosure Vulnerability
18	Microsoft Graphics Component	CVE-2018-8485	DirectX Elevation of Privilege Vulnerability
19	Microsoft Graphics Component	CVE-2018-8562	Win32k Elevation of Privilege Vulnerability
20	Microsoft Graphics Component	CVE-2018-8553	Microsoft Graphics Components Remote Code Execution Vulnerability
21	Microsoft Graphics Component	CVE-2018-8561	DirectX Elevation of Privilege Vulnerability
22	Microsoft Graphics Component	CVE-2018-8554	DirectX Elevation of Privilege Vulnerability
23	Microsoft Graphics Component	CVE-2018-8563	DirectX Information Disclosure Vulnerability
24	Microsoft JScript	CVE-2018-8417	Microsoft JScript Security Feature Bypass Vulnerability
25	Microsoft Office	CVE-2018-8579	Microsoft Outlook Information Disclosure Vulnerability
26	Microsoft Office	CVE-2018-8577	Microsoft Excel Remote Code Execution Vulnerability
27	Microsoft Office	CVE-2018-8575	Microsoft Project Remote Code Execution Vulnerability
28	Microsoft Office	CVE-2018-8576	Microsoft Outlook Remote Code Execution Vulnerability
29	Microsoft Office	CVE-2018-8522	Microsoft Outlook Remote Code Execution Vulnerability
30	Microsoft Office	CVE-2018-8524	Microsoft Outlook Remote Code Execution Vulnerability
31	Microsoft Office	CVE-2018-8539	Microsoft Word Remote Code Execution Vulnerability
32	Microsoft Office	CVE-2018-8558	Microsoft Outlook Information Disclosure Vulnerability
33	Microsoft Office	CVE-2018-8573	Microsoft Word Remote Code Execution Vulnerability
34	Microsoft Office	CVE-2018-8574	Microsoft Excel Remote Code Execution Vulnerability
35	Microsoft Office	CVE-2018-8582	Microsoft Outlook Remote Code Execution Vulnerability
36	Microsoft Office SharePoint	CVE-2018-8578	Microsoft SharePoint Information Disclosure Vulnerability
37	Microsoft Office SharePoint	CVE-2018-8572	Microsoft SharePoint Elevation of Privilege Vulnerability
38	Microsoft Office SharePoint	CVE-2018-8568	Microsoft SharePoint Elevation of Privilege Vulnerability
39	Microsoft PowerShell	CVE-2018-8256	Microsoft PowerShell Remote Code Execution Vulnerability
40	Microsoft PowerShell	CVE-2018-8415	Microsoft PowerShell Tampering Vulnerability
41	Microsoft RPC	CVE-2018-8407	MSRPC Information Disclosure Vulnerability
42	Microsoft Scripting Engine	CVE-2018-8557	Chakra Scripting Engine Memory Corruption Vulnerability
43	Microsoft Scripting Engine	CVE-2018-8552	Windows Scripting Engine Memory Corruption Vulnerability
44	Microsoft Scripting Engine	CVE-2018-8551	Chakra Scripting Engine Memory Corruption Vulnerability
45	Microsoft Scripting Engine	CVE-2018-8556	Chakra Scripting Engine Memory Corruption Vulnerability
46	Microsoft Scripting Engine	CVE-2018-8555	Chakra Scripting Engine Memory Corruption Vulnerability
47	Microsoft Scripting Engine	CVE-2018-8541	Chakra Scripting Engine Memory Corruption Vulnerability
48	Microsoft Scripting Engine	CVE-2018-8542	Chakra Scripting Engine Memory Corruption Vulnerability
49	Microsoft Scripting Engine	CVE-2018-8588	Chakra Scripting Engine Memory Corruption Vulnerability
50	Microsoft Scripting Engine	CVE-2018-8544	Windows VBScript Engine Remote Code Execution Vulnerability
51	Microsoft Scripting Engine	CVE-2018-8543	Chakra Scripting Engine Memory Corruption Vulnerability
52	Microsoft Windows	CVE-2018-8592	Windows Elevation Of Privilege Vulnerability
53	Microsoft Windows	ADV180028	Guidance for configuring BitLocker to enforce software encryption
54	Microsoft Windows	CVE-2018-8476	Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
55	Microsoft Windows	CVE-2018-8584	Windows ALPC Elevation of Privilege Vulnerability
56	Microsoft Windows	CVE-2018-8550	Windows COM Elevation of Privilege Vulnerability
57	Microsoft Windows	CVE-2018-8549	Windows Security Feature Bypass Vulnerability
58	Microsoft Windows Search Component	CVE-2018-8450	Windows Search Remote Code Execution Vulnerability
59	Servicing Stack Updates	ADV990001	Latest Servicing Stack Updates
60	Skype for Business and Microsoft Lync	CVE-2018-8546	Microsoft Skype for Business Denial of Service Vulnerability
61	Team Foundation Server	CVE-2018-8602	Team Foundation Server Cross-site Scripting Vulnerability
62	Windows Audio Service	CVE-2018-8454	Windows Audio Service Information Disclosure Vulnerability
63	Windows Kernel	CVE-2018-8589	Windows Win32k Elevation of Privilege Vulnerability
64	Windows Kernel	CVE-2018-8408	Windows Kernel Information Disclosure Vulnerability

【风险评级】

高危

【影响范围】

11 月安全发布的漏洞及补丁涉及如下产品：

l .NET Core

l Active Directory

l Adobe Flash Player

l Azure

l BitLocker

l Internet Explorer

l Microsoft Drivers

l Microsoft Dynamics

l Microsoft Edge

l Microsoft Exchange Server

l Microsoft Graphics Component

l Microsoft JScript

l Microsoft Office

l Microsoft Office SharePoint

l Microsoft PowerShell

l Microsoft RPC

l Microsoft Scripting Engine

l Microsoft Windows

l Microsoft Windows Search Component

l Servicing Stack Updates

l Skype for Business and Microsoft Lync

l Team Foundation Server

l Windows Audio Service

l Windows Kernel

【修复建议】

1、建议用户关注并依据业务需求场景评估实际漏洞及补丁风险，可选择更新最新补丁，以提高系统安全性；

2、修复方法：Windows Update功能，点击“检查更新”按钮，依据业务情况下载安装相关安全补丁，安装完毕后重启服务器，并检查系统运行情况。

【参考链接】

https://support.microsoft.com/en-us/help/20181113/security-update-deployment-information-november-13-2018

注意：修复漏洞前请进行充分测试，并务必做好数据备份和快照，防止出现意外。

平安云

2018-11-15

平安云公告

【漏洞情报】微软2018年11月补丁情报