微软9月补丁日回顾 | 任务计划0day漏洞已经修复

 

微软发布9月份安全补丁，修复61个安全漏洞

微软在昨日例行更新中发布了9月份的安全补丁，修复了61个安全漏洞。其中有17个漏洞被标记为关键漏洞，43个为重要漏洞，1个为中等严重漏洞。此次更新兑现了上次官方的承诺，修复了近日某安全研究员在推特上公布的计划任务0day漏洞（此漏洞之前已经有第三方安全补丁进行修复）。

此次漏洞与以往相同，涉及到微软主流产品，包括Edge，Windows，IE，Office，.NET Framework等。

 

四个漏洞此前已经公开，存在被利用可能性

CVE-2018-8475 Windows远程代码执行漏洞

此漏洞影响当前所有的Windows版本（包括Win10），并且利用方式非常简单，攻击者只需要诱导用户查看一张攻击者特制的图像文件即可实施攻击。

鉴于其利用方式，未来可能会有非常多的钓鱼攻击会利用此漏洞。

CVE-2018-8440 Windows ALPC提权漏洞

此漏洞为近日某安全研究员在推特上公布的漏洞，该漏洞可让攻击者实现提权，此前PoC已经发布在Github上，并且短时间内第三方安全补丁和解决方案也及时公布。此次官方正式修复了该漏洞。

CVE-2018-8457 Scripting Engine内存破坏漏洞

该漏洞影响IE 10与11，同时还影响Edge，可让攻击者实现以当前登录用户的权限实施远程代码执行。

CVE-2018-8409 System.IO.Pipelines 拒绝服务漏洞

此漏洞为ASP.NET中的漏洞，当System.IO.Pipelines处理请求发生错误时会导致拒绝服务，攻击者可在未授权状态下远程触发此漏洞。

 

其他需要解决的漏洞

Talos和ZDI总结了当前需要立即更新解决的危险漏洞，除上述漏洞外还有以下这些：

CVE-2018-0965/8439

此漏洞因处理用户输入时未进行有效验证，可让攻击者在虚拟机中通过Hyper-V底层执行命令，虽然官方定义为远程代码执行，但实际上攻击者需要在Guest虚拟机中执行命令。

CVE-2018-8449

此漏洞可让攻击者绕过Device Guard的安全签名机制从而执行恶意软件。

CVE-2018-8367

此漏洞为Chakra脚本引擎中的远程代码执行漏洞，处理Edge内存对象出现错误时可让攻击者以当前用户权限远程执行代码。

CVE-2018-8420

此漏洞为MSXML的远程代码执行漏洞，攻击者诱导用户访问恶意网站后可实现远程代码执行。

CVE-2018-8461/8447

此漏洞为IE中的远程代码执行漏洞，与上一个漏洞相同可让攻击者诱导用户访问恶意网站后以当前登录用户权限实现远程代码执行。

CVE-2018-8332

此漏洞为字体库的远程代码执行漏洞，攻击者可通过诱导用户访问恶意网站、恶意文档等方式实现远程代码执行。

CVE-2018-8391

此漏洞为Chakra脚本引擎的远程代码执行漏洞，只有当用户以管理员身份登录时，攻击者才可利用此漏洞。

CVE-2018-8456/8459

此漏洞为Chakra脚本引擎的远程代码执行漏洞，当其处理内存对象发生错误时，攻击者可以当前登录用户权限实现远程代码执行。

CVE-2018-8464

此漏洞为Edge中的远程代码执行漏洞，存在于内置的PDF阅读器中。攻击者可诱导用户访问恶意PDF实现远程代码执行。

 

漏洞详情列表

CVE	Title	Severity	Public	Exploited	XI – Latest	XI – Older	Type
CVE-2018-8440	Windows ALPC Elevation of Privilege Vulnerability	Important	Yes	Yes	1	1	EoP
CVE-2018-8475	Windows Remote Code Execution Vulnerability	Critical	Yes	No	1	1	RCE
CVE-2018-8457	Scripting Engine Memory Corruption Vulnerability	Critical	Yes	No	1	N/A	RCE
CVE-2018-8409	ASP.NET Core Denial of Service	Important	Yes	No	2	2	DoS
CVE-2018-0965	Windows Hyper-V Remote Code Execution Vulnerability	Critical	No	No	N/A	2	RCE
CVE-2018-8367	Chakra Scripting Engine Memory Corruption Vulnerability	Critical	No	No	1	N/A	RCE
CVE-2018-8420	MS XML Remote Code Execution Vulnerability	Critical	No	No	1	1	RCE
CVE-2018-8461	Internet Explorer Memory Corruption Vulnerability	Critical	No	No	1	1	RCE
CVE-2018-8332	Win32k Graphics Remote Code Execution Vulnerability	Critical	No	No	2	2	RCE
CVE-2018-8391	Scripting Engine Memory Corruption Vulnerability	Critical	No	No	1	N/A	RCE
CVE-2018-8421	.NET Framework Remote Code Execution Vulnerability	Critical	No	No	2	2	RCE
CVE-2018-8439	Windows Hyper-V Remote Code Execution Vulnerability	Critical	No	No	2	2	RCE
CVE-2018-8447	Internet Explorer Memory Corruption Vulnerability	Critical	No	No	1	1	RCE
CVE-2018-8456	Scripting Engine Memory Corruption Vulnerability	Critical	No	No	1	N/A	RCE
CVE-2018-8459	Scripting Engine Memory Corruption Vulnerability	Critical	No	No	1	N/A	RCE
CVE-2018-8464	Microsoft Edge PDF Remote Code Execution Vulnerability	Critical	No	No	1	N/A	RCE
CVE-2018-8465	Chakra Scripting Engine Memory Corruption Vulnerability	Critical	No	No	1	N/A	RCE
CVE-2018-8466	Chakra Scripting Engine Memory Corruption Vulnerability	Critical	No	No	1	N/A	RCE
CVE-2018-8467	Chakra Scripting Engine Memory Corruption Vulnerability	Critical	No	No	1	N/A	RCE
CVE-2018-8479	Azure IoT SDK Spoofing Vulnerability	Important	No	No	N/A	N/A	Spoof
CVE-2018-8269	Odata Denial of Service Vulnerability	Important	No	No	2	2	DoS
CVE-2018-8335	Windows SMB Denial of Service Vulnerability	Important	No	No	2	2	DoS
CVE-2018-8436	Windows Hyper-V Denial of Service Vulnerability	Important	No	No	2	2	DoS
CVE-2018-8437	Windows Hyper-V Denial of Service Vulnerability	Important	No	No	2	2	DoS
CVE-2018-8438	Windows Denial of Service Vulnerability	Important	No	No	2	2	DoS
CVE-2018-8410	Windows Registry Elevation of Privilege Vulnerability	Important	No	No	1	1	EoP
CVE-2018-8462	DirectX Graphics Kernel Elevation of Privilege Vulnerability	Important	No	No	1	1	EoP
CVE-2018-8428	Microsoft SharePoint Elevation of Privilege Vulnerability	Important	No	No	2	2	EoP
CVE-2018-8431	Microsoft SharePoint Elevation of Privilege Vulnerability	Important	No	No	2	2	EoP
CVE-2018-8441	Windows Subsystem for Linux Elevation of Privilege Vulnerability	Important	No	No	2	2	EoP
CVE-2018-8455	Windows Kernel Elevation of Privilege Vulnerability	Important	No	No	2	2	EoP
CVE-2018-8463	Microsoft Edge Elevation of Privilege Vulnerability	Important	No	No	1	N/A	EoP
CVE-2018-8468	Windows Elevation of Privilege Vulnerability	Important	No	No	1	N/A	EoP
CVE-2018-8469	Microsoft Edge Elevation of Privilege Vulnerability	Important	No	No	1	N/A	EoP
CVE-2018-8271	Windows Information Disclosure Vulnerability	Important	No	No	2	2	Info
CVE-2018-8315	Microsoft Scripting Engine Information Disclosure Vulnerability	Important	No	No	2	N/A	Info
CVE-2018-8336	Windows Kernel Information Disclosure Vulnerability	Important	No	No	N/A	2	Info
CVE-2018-8419	Windows Kernel Information Disclosure Vulnerability	Important	No	No	2	2	Info
CVE-2018-8424	Windows GDI Information Disclosure Vulnerability	Important	No	No	2	2	Info
CVE-2018-8433	Microsoft Graphics Component Information Disclosure Vulnerability	Important	No	No	2	2	Info
CVE-2018-8429	Microsoft Excel Information Disclosure Vulnerability	Important	No	No	2	N/A	Info
CVE-2018-8434	Windows Hyper-V Information Disclosure Vulnerability	Important	No	No	2	2	Info
CVE-2018-8442	Windows Kernel Information Disclosure Vulnerability	Important	No	No	1	1	Info
CVE-2018-8443	Windows Kernel Information Disclosure Vulnerability	Important	No	No	2	2	Info
CVE-2018-8444	Windows SMB Information Disclosure Vulnerability	Important	No	No	N/A	2	Info
CVE-2018-8445	Windows Kernel Information Disclosure Vulnerability	Important	No	No	2	2	Info
CVE-2018-8446	Windows Kernel Information Disclosure Vulnerability	Important	No	No	2	2	Info
CVE-2018-8452	Scripting Engine Information Disclosure Vulnerability	Important	No	No	1	N/A	Info
CVE-2018-8354	Scripting Engine Memory Corruption Vulnerability	Important	No	No	1	N/A	RCE
CVE-2018-8366	Microsoft Edge Information Disclosure Vulnerability	Important	No	No	1	N/A	RCE
CVE-2018-8392	Microsoft JET Database Engine Remote Code Execution Vulnerability	Important	No	No	2	2	RCE
CVE-2018-8393	Microsoft JET Database Engine Remote Code Execution Vulnerability	Important	No	No	2	2	RCE
CVE-2018-8430	Word PDF Remote Code Execution Vulnerability	Important	No	No	1	1	RCE
CVE-2018-8331	Microsoft Excel Remote Code Execution Vulnerability	Important	No	No	1	N/A	RCE
CVE-2018-8337	Windows Subsystem for Linux Security Feature Bypass Vulnerability	Important	No	No	2	2	SFB
CVE-2018-8435	Windows Hyper-V Security Feature Bypass Vulnerability	Important	No	No	2	2	SFB
CVE-2018-8449	Device Guard Security Feature Bypass Vulnerability	Important	No	No	1	1	SFB
CVE-2018-8470	Internet Explorer Security Feature Bypass Vulnerability	Important	No	No	1	1	SFB
CVE-2018-8425	Microsoft Edge Spoofing Vulnerability	Important	No	No	1	N/A	Spoof
CVE-2018-8426	Microsoft Office SharePoint XSS Vulnerability	Important	No	No	2	2	XSS
CVE-2018-8474	Lync for Mac 2011 Security Feature Bypass Vulnerability	Moderate	No	No	N/A	2	SFB

 

参考链接

https://blog.talosintelligence.com/2018/09/ms-tuesday.html

https://www.zerodayinitiative.com/blog/2018/9/11/the-september-2018-security-update-review

https://thehackernews.com/2018/09/microsoft-software-updates.html

https://www.bleepingcomputer.com/news/security/microsoft-september-2018-patch-tuesday-fixes-17-critical-vulnerabilities/

https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-september-2018