Microsoft ออก patch ประจำเดือนกย. 2017 แก้ไขช่องโหว่ Critical ใน product ของ Microsoft มากมาย
อย่างที่ทราบกันดีว่า Microsoft จะออก patch ทุกๆวันอังคารของทุกเดือน ล่าสุดเดือนนี้ก็ออก patch มาแก้ไขช่องโหว่และบัคใน product ของ Microsoft เองมากมาย รวมทั้งสิ้น 82 ตัวด้วยกัน
การ patch ครั้งนี้ของ Microsoft เพื่อทำการแก้ไขปัญหาช่องโหว่มากมายไม่ว่าจะเป็นช่องโหว่ใน .NET Framework (CVE-2017-8759) ที่ทำให้เกิด remote execution code (RCE) ได้ รวมถึงทาง FireEye พบช่องโหว่ร้ายแรงแล้ว report ทาง Microsoft แบบ private ได้ CVE เป็น CVE-2017-8759
สามารถดูรายละเอียดทั้งหมดได้ตามด้านล่างครับ
| Product | CVE ID | CVE Title |
|---|---|---|
| .NET Framework | CVE-2017-8759 | .NET Framework Remote Code Execution Vulnerability |
| Adobe Flash Player | ADV170013 | September 2017 Flash Security Update |
| Device Guard | CVE-2017-8746 | Device Guard Security Feature Bypass Vulnerability |
| HoloLens | CVE-2017-9417 | Broadcom BCM43xx Remote Code Execution Vulnerability |
| Internet Explorer | CVE-2017-8749 | Internet Explorer Memory Corruption Vulnerability |
| Internet Explorer | CVE-2017-8747 | Internet Explorer Memory Corruption Vulnerability |
| Internet Explorer | CVE-2017-8733 | Internet Explorer Spoofing Vulnerability |
| Microsoft Bluetooth Driver | CVE-2017-8628 | Microsoft Bluetooth Driver Spoofing Vulnerability |
| Microsoft Browsers | CVE-2017-8736 | Microsoft Browser Information Disclosure Vulnerability |
| Microsoft Browsers | CVE-2017-8750 | Microsoft Browser Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2017-8757 | Microsoft Edge Remote Code Execution Vulnerability |
| Microsoft Edge | CVE-2017-8597 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Edge | CVE-2017-8723 | Microsoft Edge Security Feature Bypass Vulnerability |
| Microsoft Edge | CVE-2017-11766 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2017-8643 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Edge | CVE-2017-8648 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Edge | CVE-2017-8735 | Microsoft Edge Spoofing Vulnerability |
| Microsoft Edge | CVE-2017-8755 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2017-8754 | Microsoft Edge Security Feature Bypass Vulnerability |
| Microsoft Edge | CVE-2017-8751 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2017-8734 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2017-8724 | Microsoft Edge Spoofing Vulnerability |
| Microsoft Edge | CVE-2017-8731 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2017-8756 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Exchange Server | CVE-2017-11761 | Microsoft Exchange Information Disclosure Vulnerability |
| Microsoft Exchange Server | CVE-2017-8758 | Microsoft Exchange Cross-Site Scripting Vulnerability |
| Microsoft Graphics Component | CVE-2017-8688 | Windows GDI+ Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2017-8685 | Windows GDI+ Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2017-8695 | Graphics Component Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2017-8683 | Win32k Graphics Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2017-8696 | Microsoft Graphics Component Remote Code Execution |
| Microsoft Graphics Component | CVE-2017-8684 | Windows GDI+ Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2017-8682 | Win32k Graphics Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2017-8720 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2017-8676 | Windows GDI+ Information Disclosure Vulnerability |
| Microsoft Office | CVE-2017-8632 | Microsoft Office Memory Corruption Vulnerability |
| Microsoft Office | CVE-2017-8725 | Microsoft Office Publisher Remote Code Execution |
| Microsoft Office | CVE-2017-8630 | Microsoft Office Memory Corruption Vulnerability |
| Microsoft Office | CVE-2017-8743 | PowerPoint Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2017-8742 | PowerPoint Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2017-8745 | Microsoft SharePoint Cross Site Scripting Vulnerability |
| Microsoft Office | CVE-2017-8744 | Microsoft Office Memory Corruption Vulnerability |
| Microsoft Office | CVE-2017-8567 | Microsoft Office Remote Code Execution |
| Microsoft Office | ADV170015 | Microsoft Office Defense in Depth Update |
| Microsoft Office | CVE-2017-8629 | Microsoft SharePoint XSS Vulnerability |
| Microsoft Office | CVE-2017-8631 | Microsoft Office Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8738 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8729 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8739 | Scripting Engine Information Disclosure Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8740 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8741 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8649 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8660 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8748 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-11764 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8752 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2017-8753 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Uniscribe | CVE-2017-8692 | Uniscribe Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2017-8699 | Windows Shell Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2017-8710 | Windows Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2017-8716 | Windows Security Feature Bypass Vulnerability |
| Microsoft Windows | CVE-2017-8702 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows PDF | CVE-2017-8737 | Microsoft PDF Remote Code Execution Vulnerability |
| Microsoft Windows PDF | CVE-2017-8728 | Microsoft PDF Remote Code Execution Vulnerability |
| Windows DHCP Server | CVE-2017-8686 | Windows DHCP Server Remote Code Execution Vulnerability |
| Windows Hyper-V | CVE-2017-8712 | Hyper-V Information Disclosure Vulnerability |
| Windows Hyper-V | CVE-2017-8713 | Hyper-V Information Disclosure Vulnerability |
| Windows Hyper-V | CVE-2017-8714 | Remote Desktop Virtual Host Remote Code Execution Vulnerability |
| Windows Hyper-V | CVE-2017-8711 | Hyper-V Information Disclosure Vulnerability |
| Windows Hyper-V | CVE-2017-8707 | Hyper-V Information Disclosure Vulnerability |
| Windows Hyper-V | CVE-2017-8704 | Hyper-V Denial of Service Vulnerability |
| Windows Hyper-V | CVE-2017-8706 | Hyper-V Information Disclosure Vulnerability |
| Windows Kernel | CVE-2017-8719 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2017-8708 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2017-8679 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2017-8709 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel-Mode Drivers | CVE-2017-8687 | Win32k Information Disclosure Vulnerability |
| Windows Kernel-Mode Drivers | CVE-2017-8681 | Win32k Information Disclosure Vulnerability |
| Windows Kernel-Mode Drivers | CVE-2017-8675 | Win32k Elevation of Privilege Vulnerability |
| Windows Kernel-Mode Drivers | CVE-2017-8678 | Win32k Information Disclosure Vulnerability |
| Windows Kernel-Mode Drivers | CVE-2017-8677 | Win32k Information Disclosure Vulnerability |
| Windows Kernel-Mode Drivers | CVE-2017-8680 | Win32k Information Disclosure Vulnerability |
| Windows NetBIOS | CVE-2017-0161 | NetBIOS Remote Code Execution Vulnerability |
Source:: BleepingComputer
LINE@Techsuii.com
