微软安全公告—2016年10月

2018-12-21 10:43:07 浏览数 (1)

微软于北京时间2016年10月11日发布了10个新的安全公告,其中6个为严重等级,4个为重要等级。本次更新主要修复Windows、InternetExplorer、Office、MicrosoftOffice Services 和Microsoft .NET Framework、AdobeFlash Player、Microsoft Edge等组件的安全漏洞。我们推荐您安装所有更新,对于暂时只采用部分更新的用户,我们推荐您首先部署等级为“严重”的安全公告。安全公告每月更新一次,旨在解决严重的漏洞问题。


2016年10月新的安全漏洞

以下是所有安全公告的内容,供您参考。

公告ID

MS16-118

最高严重级

Critical

受影响软件及其软件版本

Microsoft Windows(Windows Vista、Windows Server 2008 for 32-bit Systems Service Pack 2、 Windows Server 2008 for x64-based Systems Service Pack 2、Windows 7、Windows Server 2008 R2 for x64-based Systems Service Pack 1、Security Only、 Windows Server 2008 R2 for x64-based Systems Service Pack 1、Monthly Roll Up Windows 8.1、Windows Server 2012和Windows Server 2012 R2、Windows RT 8.1、Windows 10)

影响情况

Remote Code Execution

建议修补时限

2周以内

重启要求

Requires restart

公告ID

MS16-119

最高严重级

Critical

受影响软件及其软件版本

Microsoft Windows(Windows 10)

影响情况

Remote Code Execution

建议修补时限

2周以内

重启要求

Requires restart

公告ID

MS16-120

最高严重级

Critical

受影响软件及其软件版本

Microsoft Windows(Windows Vista、Windows Server 2008、Windows 7、Windows Server 2008 R2、Windows 8.1 、Windows Server 2012和Windows Server 2012 R2、Windows RT 8.1、Windows 10、Server Core installation option)

影响情况

Remote Code Execution

建议修补时限

2周以内

重启要求

Requires restart

公告ID

MS16-121

最高严重级

Critical

受影响软件及其软件版本

Microsoft Office Services and Web Apps(Microsoft SharePoint Server 2010、 Microsoft SharePoint Server 2013、 Microsoft Office Web Apps 2010、 Microsoft Office Web Apps 2013)

影响情况

Remote Code Execution

建议修补时限

2周以内

重启要求

May require restart

公告ID

MS16-122

最高严重级

Critical

受影响软件及其软件版本

Microsoft Windows(Windows Vista、Windows 7、Windows 8.1 、Windows RT 8.1、Windows 10)

影响情况

Remote Code Execution

建议修补时限

2周以内

重启要求

Requires restart

公告ID

MS16-123

最高严重级

重要

受影响软件及其软件版本

Microsoft Windows(Windows Vista、Windows Server 2008、Windows 7、Windows Server 2008 R2、Windows 8.1 、Windows Server 2012和Windows Server 2012 R2、Windows RT 8.1、Windows 10、Server Core installation option)

Microsoft .NET Framework – Security Only Release(Microsoft .NET Framework、Windows Server 2008、Windows 7、Windows Server 2008 R2、Windows 8.1、Windows Server 2012 and Windows Server 2012 R2、Windows 10、Server Core installation option)

Microsoft .NET Framework – Monthly Rollup Release(Microsoft .NET Framework、 Windows Server 2008、Windows 7、Windows Server 2008 R2 Windows 8.1、Windows Server 2012 and Windows Server 2012 R2、Windows 10、Server Core installation option)

Microsoft Communications Platforms and Software(Skype for Business 2016、Microsoft Lync 2013、Microsoft Lync 2010、Microsoft Live Meeting 2007 Console)

Microsoft Developer Tools and Software(Microsoft Silverlight)

Microsoft Office Suites and Software(Microsoft Office 2007、Microsoft Office 2010、Microsoft Office 2013、Microsoft Office 2013 RT、Microsoft Office 2016、Microsoft Office for Mac 2011、Microsoft Office 2016 for Mac、Other Office Software)

影响情况

Elevation of Privilege

建议修补时限

2个月以内

重启要求

Requires restart

公告ID

MS16-124

最高严重级

重要

受影响软件及其软件版本

Microsoft Windows(Windows Vista、Windows Server 2008、Windows 7、Windows Server 2008 R2、Windows 8.1 、Windows Server 2012和Windows Server 2012 R2、Windows RT 8.1、Windows 10、Server Core installation option)

影响情况

Elevation of Privilege

建议修补时限

2个月以内

重启要求

Requires restart

公告ID

MS16-125

最高严重级

重要

受影响软件及其软件版本

Microsoft Windows(Windows 10)

影响情况

Elevation of Privilege

建议修补时限

2个月以内

重启要求

Requires restart

公告ID

MS16-126

最高严重级

重要

受影响软件及其软件版本

Microsoft Windows(Windows Vista、Windows Server 2008、Windows 7、Windows Server 2008 R2)

影响情况

Information Disclosure

建议修补时限

2个月以内

重启要求

Requires restart

公告ID

MS16-127

最高严重级

Critical

受影响软件及其软件版本

Microsoft Windows(Windows 8.1 for 32-bit Systems Security Only、 Windows 8.1 for x64-based Systems Security Only、 Windows Server 2012 Security Only、 Windows Server 2012 R2 Security Only、 Windows RT 8.1、 Windows 10)

影响情况

Remote Code Execution

建议修补时限

2周以内

重启要求

Requires restart

关于这些新发布的安全公告,可在以下页面中找到详细信息:

英文:https://technet.microsoft.com/en-us/library/security/ms16-oct.aspx


安全公告技术细节

公告标识:MS16-118

标题

Cumulative Security Update for Internet Explorer (3192887)

摘要

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

最高严重等级

Critical

漏洞的影响

Remote Code Execution

检测

Microsoft Baseline Security Analyzer 可以检测您的计算机系统是否需要此更新。

受影响的软件及其软件版本

Microsoft Windows(Windows Vista、Windows Server 2008 for 32-bit Systems Service Pack 2 、 Windows Server 2008 for x64-based Systems Service Pack 2 、Windows 7、 Windows Server 2008 R2 for x64-based Systems Service Pack 1 、Security Only、 Windows Server 2008 R2 for x64-based Systems Service Pack 1、Monthly Roll Up Windows 8.1 、Windows Server 2012和Windows Server 2012 R2、 Windows RT 8.1、 Windows 10)

卸载信息

使用控制面板中的添加删除程序

详细信息

https://technet.microsoft.com/library/security/MS16-118

公告标识:MS16-119

标题

Cumulative Security Update for Microsoft Edge (3192890)

摘要

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

最高严重等级

Critical

漏洞的影响

Remote Code Execution

检测

Microsoft Baseline Security Analyzer 可以检测您的计算机系统是否需要此更新。

受影响的软件及其软件版本

Microsoft Windows(Windows 10)

卸载信息

使用控制面板中的添加删除程序

详细信息

https://technet.microsoft.com/zh-CN/library/security/ms16-119

公告标识:MS16-120

标题

Security Update for Microsoft Graphics Component (3192884)

摘要

This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, Silverlight, and Microsoft Lync. The most serious of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

最高严重等级

Critical

漏洞的影响

Remote Code Execution

检测

Microsoft Baseline Security0 Analyzer 可以检测您的计算机系统是否需要此更新。

受影响的软件及其软件版本

Microsoft Windows(Windows Vista、Windows Server 2008、Windows 7、Windows Server 2008 R2、Windows 8.1 、Windows Server 2012和Windows Server 2012 R2、 Windows RT 8.1、 Windows 10、 Server Core installation option)

卸载信息

使用控制面板中的添加删除程序

详细信息

https://technet.microsoft.com/library/security/MS16-120

公告标识:MS16-121

标题

Security Update for Microsoft Office (3194063)

摘要

This security update resolves a vulnerability in Microsoft Office. An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

最高严重等级

Critical

漏洞的影响

Remote Code Execution

检测

Microsoft Baseline Security Analyzer 可以检测您的计算机系统是否需要此更新。

受影响的软件及其软件版本

Microsoft Office Services and Web Apps(Microsoft SharePoint Server 2010、 Microsoft SharePoint Server 2013、 Microsoft Office Web Apps 2010、 Microsoft Office Web Apps 2013)

卸载信息

使用控制面板中的添加删除程序

详细信息

https://technet.microsoft.com/library/security/MS16-121

公告标识:MS16-122

标题

Security Update for Microsoft Video Control (3195360)

摘要

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.

最高严重等级

Critical

漏洞的影响

Remote Code Execution

检测

Microsoft Baseline Security Analyzer 可以检测您的计算机系统是否需要此更新。

受影响的软件及其软件版本

Microsoft Windows(Windows Vista、Windows 7、Windows 8.1 、Windows RT 8.1、 Windows 10)

卸载信息

使用控制面板中的添加删除程序

详细信息

https://technet.microsoft.com/library/security/MS16-122

公告标识:MS16-123

标题

Security Update for Windows Kernel-Mode Drivers (3192892)

摘要

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

最高严重等级

Important

漏洞的影响

Elevation of Privilege

检测

Microsoft Baseline Security Analyzer 可以检测您的计算机系统是否需要此更新。

受影响的软件及其软件版本

Microsoft Windows(Windows Vista、Windows Server 2008、Windows 7、Windows Server 2008 R2、Windows 8.1 、Windows Server 2012和Windows Server 2012 R2、 Windows RT 8.1、 Windows 10、 Server Core installation option)

Microsoft .NET Framework – Security Only Release(Microsoft .NET Framework、Windows Server 2008、Windows 7、Windows Server 2008 R2、 Windows 8.1、Windows Server 2012 and Windows Server 2012 R2、Windows 10、Server Core installation option)

Microsoft .NET Framework – Monthly Rollup Release(Microsoft .NET Framework、 Windows Server 2008、Windows 7、Windows Server 2008 R2 Windows 8.1、Windows Server 2012 and Windows Server 2012 R2、Windows 10、Server Core installation option)

Microsoft Communications Platforms and Software(Skype for Business 2016、Microsoft Lync 2013、Microsoft Lync 2010、Microsoft Live Meeting 2007 Console)

Microsoft Developer Tools and Software(Microsoft Silverlight)

Microsoft Office Suites and Software(Microsoft Office 2007、Microsoft Office 2010、Microsoft Office 2013、Microsoft Office 2013 RT、Microsoft Office 2016、Microsoft Office for Mac 2011、Microsoft Office 2016 for Mac、Other Office Software)

卸载信息

使用控制面板中的添加删除程序

详细信息

https://technet.microsoft.com/library/security/MS16-123

公告标识:MS16-124

标题

Security Update for Windows Registry (3193227)

摘要

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker can access sensitive registry information.

最高严重等级

Important

漏洞的影响

Elevation of Privilege

检测

Microsoft Baseline Security Analyzer 可以检测您的计算机系统是否需要此更新。

受影响的软件及其软件版本

Microsoft Windows(Windows Vista、Windows Server 2008、Windows 7、Windows Server 2008 R2、Windows 8.1 、Windows Server 2012和Windows Server 2012 R2、 Windows RT 8.1、 Windows 10、 Server Core installation option)

卸载信息

使用控制面板中的添加删除程序

详细信息

https://technet.microsoft.com/library/security/MS16-124

公告标识:MS16-125

标题

Security Update for Diagnostics Hub (3193229)

摘要

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

最高严重等级

Important

漏洞的影响

Elevation of Privilege

检测

Microsoft Baseline Security Analyzer 可以检测您的计算机系统是否需要此更新。

受影响的软件及其软件版本

Microsoft Windows(Windows 10)

卸载信息

使用控制面板中的添加删除程序

详细信息

https://technet.microsoft.com/library/security/MS16-125

公告标识:MS16-126

标题

Security Update for Microsoft Internet Messaging API (3196067)

摘要

This security update resolves a vulnerability in Microsoft Windows. An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk.

最高严重等级

Moderate

漏洞的影响

Information Disclosure

检测

Microsoft Baseline Security Analyzer 可以检测您的计算机系统是否需要此更新。

受影响的软件及其软件版本

Microsoft Windows(Windows Vista、Windows Server 2008、Windows 7、Windows Server 2008 R2)

卸载信息

使用控制面板中的添加删除程序

详细信息

https://technet.microsoft.com/library/security/MS16-126

公告标识:MS16-127

标题

Security Update for Adobe Flash Player (3194343)

摘要

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

最高严重等级

Critical

漏洞的影响

Remote Code Execution

检测

Microsoft Baseline Security Analyzer 可以检测您的计算机系统是否需要此更新。

受影响的软件及其软件版本

Microsoft Windows(Windows 8.1 for 32-bit Systems Security Only、 Windows 8.1 for x64-based Systems Security Only、 Windows Server 2012 Security Only、 Windows Server 2012 R2 Security Only、 Windows RT 8.1、 Windows 10)

卸载信息

使用控制面板中的添加删除程序

详细信息

https://technet.microsoft.com/library/security/MS16-127

注意和免责声明

关于信息的一致性:

如果微软网站上的安全公告内容和本文中的内容不一致,请以网站上的安全公告内容为准。

0 人点赞