΢Èí7Ô²¹¶¡ÈÕÐè¹Ø×¢µÄ¸ßΣ·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2018-07-11

·ì϶±àºÅºÍ¼¶±ð

CVE-2018-8304  ³ÁÒª  ³§ÉÌ×ÔÆÀ£º5.9

CVE-2018-8279  ÑϳÁ  ³§ÉÌ×ÔÆÀ£º4.2

CVE-2018-8281  ³ÁÒª  

CVE-2018-8311  ³ÁÒª  

CVE-2018-8300  ³ÁÒª

 

·ì϶¸ÅÊö

7ÔÂ10ÈÕ£¬Î¢Èí°ä²¼ÁË2018Äê7Ô·ݵÄÔ¶ÈÀýÐа²È«²¼¸æ£¬½¨¸´ÁËÆä¶à¿î²úÆ·´æÔÚµÄ87¸ö°²È«·ì϶¡£ÊÜÓ°ÏìµÄ²úÆ·Ô̺¬Windows 10 v1803 and Server 2016£¨7¸ö£©¡¢Windows 10 v1709£¨8¸ö£©¡¢Windows 10 v1703£¨8¸ö£©¡¢Windows 8.1 and Windows Server2012 R2£¨9¸ö£©¡¢Windows Server 2012£¨8¸ö£©¡¢Windows 7 and Windows Server 2008R2£¨8¸ö£©¡¢Windows Server 2008£¨7¸ö£©¡¢Internet Explorer£¨6¸ö£©¡¢Microsoft Edge£¨19¸ö£©ºÍMicrosoft Office£¨7¸ö£©¡£

 

ÀûÓÃÉÏÊö·ì϶£¬¹¥»÷ÕßÄܹ»»ñÈ¡Ãô¸ÐÐÅÏ¢£¬ÌáÉýȨÏÞ£¬ºýŪ£¬Èƹý°²È«Ö°ÄÜÏ޶ȣ¬Ö´ÐÐÔ¶³Ì´úÂ룬»ò½øÐлؾø·þÎñ¹¥»÷µÈ¡£ÌáÐÑ¿í´óMicrosoftÓû§¾¡¿ìÏÂÔز¹¶¡¸üУ¬Ô¤·ÀÒý·¢·ì϶ÓйصÄÍøÂ簲ȫÊÂÎñ¡£

 

CVE-2018-8304 Microsoft Windows DNSAPI»Ø¾ø·þÎñ·ì϶

Windows Domain Name System (DNS) DNSAPI.dllδÄÜÕýÈ·´¦ÖÃDNSÏìӦʱ£¬´æÔڻؾø·þÎñ·ì϶¡£³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷Õß¿ÉÄܵ¼ÖÂϵͳÖÕ³¡ÏìÓ¦¡£ÒªÀûÓô˷ì϶£¬¹¥»÷Õß½«Ê¹ÓöñÒâDNS·þÎñÆ÷ÏòÖ¸±ê·¢ËÍ°Ü»µµÄDNSÏìÓ¦¡£

 

ÊÜÓ°ÏìµÄÈí¼þ£º

Windows 10

Windows 7

Windows 8.1

Windows RT 8.1

Server 2008

Server 2008 R2

Server 2012

Server 2012 R2

Server 2016

 

CVE-2018-8279 Microsoft EdgeÔ¶³ÌÖ´ÐдúÂë·ì϶

µ±Microsoft EdgeδÄÜÕýÈ·½Ó¼ûÄÚ´æÖеĶÔÏóʱ£¬´æÔÚÔ¶³ÌÖ´ÐдúÂë·ì϶¡£¸Ã·ì϶¿ÉÄÜÒÔÒ»ÖÖʹ¹¥»÷Õß¿ÉÄÜÔÚµ±Ç°Óû§µÄ¸ßµÍÎÄÖÐÖ´ÐÐËÁÒâ´úÂëµÄ·½Ê½À´·ÛËéÄÚ´æ¡£³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷ÕßÄܹ»»ñµÃÓ뵱ǰÓû§Ò»ÑùµÄÓû§È¨ÏÞ¡£ÈôÊǵ±Ç°Óû§Ê¹ÓÃÖÎÀíÓû§È¨Ï޵Ǽ£¬Ôò¹¥»÷ÕßÄܹ»½ÚÔìÊÜÓ°ÏìµÄϵͳ¡£¶øºó¹¥»÷ÕßÄܹ»×°Ö÷¨Ê½£» ²é¿´£¬¸ü¸Ä»òɾ³ýÊý¾Ý£» »ò´´½¨ÓµÓÐÆëÈ«Óû§È¨ÏÞµÄÐÂÕÊ»§¡£

 

ÊÜÓ°ÏìµÄÈí¼þ£º

Microsoft  ChakraCore

Microsoft Edge

 

CVE-2018-8281 Microsoft  OfficeÔ¶³Ì´úÂëÖ´Ðзì϶

µ±Èí¼þδÄÜÕýÈ·´¦ÖÃÄÚ´æÖеĶÔÏóʱ£¬Microsoft OfficeÈí¼þ´æÔÚÔ¶³Ì´úÂëÖ´Ðзì϶¡£³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷ÕßÄܹ»ÔÚµ±Ç°Óû§µÄ¸ßµÍÎÄÖÐÔËÐÐËÁÒâ´úÂë¡£ÈôÊǵ±Ç°Óû§Ê¹ÓÃÖÎÀíÓû§È¨Ï޵Ǽ£¬Ôò¹¥»÷ÕßÄܹ»½ÚÔìÊÜÓ°ÏìµÄϵͳ¡£¶øºó¹¥»÷ÕßÄܹ»×°Ö÷¨Ê½£»²é¿´£¬¸ü¸Ä»òɾ³ýÊý¾Ý£»»ò´´½¨ÓµÓÐÆëÈ«Óû§È¨ÏÞµÄÐÂÕÊ»§¡£ÕÊ»§±»ÅäÖÃΪռÓнÏÉÙϵͳÓû§È¨ÏÞµÄÓû§¿ÉÄܱÈʹÓÃÖÎÀíÓû§È¨ÏÞµÄÓû§Êܵ½µÄÓ°ÏìÒªÓס£

 

ÊÜÓ°ÏìµÄÈí¼þ£º

Office 2016 for Mac

PowerPoint Viewer

Office 2016 C2R

Office Compat Pack

Word Viewer

Excel Viewer

 

CVE-2018-8311 Microsoft Skype for Business and LyncÔ¶³Ì´úÂëÖ´Ðзì϶

µ±Skype for BusinessºÍMicrosoft Lync¿Í»§¶ËδÄÜÕýÈ·¹ýÂËÌØÔìÄÚÈÝʱ£¬´æÔÚÔ¶³ÌÖ´ÐдúÂë·ì϶¡£¸Ã·ì϶¿ÉÄÜÒÔÒ»ÖÖÔÊÐí¹¥»÷ÕßÔÚµ±Ç°Óû§µÄ¸ßµÍÎÄÖÐÖ´ÐÐËÁÒâ´úÂëµÄ·½Ê½À´·ÛËéÄÚ´æ¡£³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷ÕßÄܹ»»ñµÃÓ뵱ǰÓû§Ò»ÑùµÄÓû§È¨ÏÞ¡£ÈôÊǵ±Ç°Óû§Ê¹ÓÃÖÎÀíÓû§È¨Ï޵Ǽ£¬Ôò¹¥»÷ÕßÄܹ»½ÚÔìÊÜÓ°ÏìµÄϵͳ¡£¶øºó¹¥»÷ÕßÄܹ»×°Ö÷¨Ê½£»²é¿´£¬¸ü¸Ä»òɾ³ýÊý¾Ý£»»ò´´½¨ÓµÓÐÆëÈ«Óû§È¨ÏÞµÄÐÂÕÊ»§¡£

 

ÊÜÓ°ÏìµÄÈí¼þ£º

Skype for Business 2016

Lync 2013

 

CVE-2018-8300 Microsoft SharePointÔ¶³Ì´úÂëÖ´Ðзì϶

µ±Èí¼þδÄܲ鳭ÀûÓ÷¨Ê½°üµÄÔ´ÏóÕ÷ʱ£¬Microsoft SharePointÖдæÔÚÒ»¸öÔ¶³ÌÖ´ÐдúÂë·ì϶¡£³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷ÕßÄܹ»ÔÚSharePointÀûÓ÷¨Ê½³ØºÍSharePoint·þÎñÆ÷³¡ÕÊ»§µÄ¸ßµÍÎÄÖÐÔËÐÐËÁÒâ´úÂë¡£

ÀûÓô˷ì϶±ØÒªÓû§½«ÌØÔìµÄSharePointÀûÓ÷¨Ê½°üÉÏÔص½ÊÜÓ°ÏìµÄSharePoint°æ±¾¡£

 

ÊÜÓ°ÏìµÄÈí¼þ£º

SharePoint  Enterprise 2016

SharePoint  Foundation 2013

 

½¨¸´½¨Ò飺

Ä¿Ç°£¬Î¢Èí¹Ù·½ÒѾ­°ä²¼²¹¶¡½¨¸´ÁËÉÏÊö·ì϶£¬½¨ÒéÓû§ÊµÊ±È·ÈÏÊÇ·ñÊܵ½·ì϶ӰÏ죬¾¡¿ì²ÉÈ¡½¨²¹´ëÊ©£¬ÒÔÔ¤·ÀDZÔڵݲȫÍþв¡£ÏëÒª½øÐиüУ¬Ö»Ðèתµ½ÉèÖáú¸üкͰ²È«¡úWindows¸üСú²é³­¸üУ¬»òÕßÒ²Äܹ»Í¨¹ýÊÖ¶¯½øÐиüС£

 

²Î¿¼Á´½Ó£º

https://portal.msrc.microsoft.com/en-us/security-guidance/acknowledgments