Microsoft는 Windows, Internet Explorer (IE), Edge, ChakraCore, .NET Framework, ASP.NET, PowerShell, Visual Studio, Microsoft Office / Office Services 및 Adobe Flash Player에 영향을주는 53 가지 보안 취약점에 대한 보안 패치 업데이트를 발표.
대부분은 IE, Edge 브라우저 및 Chakra 스크립팅 엔진의 메모리 손상 취약점. 악용 될 경우 인증되지 않은 원격 공격자가 현재 사용자의 컨텍스트에서 대상 시스템에서 임의 코드를 실행할 수 있게 함.
https://technet.microsoft.com/ko-kr/security/dn440717
- 치명적인 취역점 패치
Scripting Engine Memory Corruption Vulnerability (CVE-2018-8242) : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8242
Edge Memory Corruption Vulnerability (CVE-2018-8262) : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8262
Edge Memory Corruption Vulnerability (CVE-2018-8274)
Scripting Engine Memory Corruption Vulnerability (CVE-2018-8275)
Scripting Engine Memory Corruption Vulnerability (CVE-2018-8279)
Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8280)
Scripting Engine Memory Corruption Vulnerability (CVE-2018-8283)
Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8286)
Scripting Engine Memory Corruption Vulnerability (CVE-2018-8288)
Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8290)
Scripting Engine Memory Corruption Vulnerability (CVE-2018-8291)
Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8294)
Scripting Engine Memory Corruption Vulnerability (CVE-2018-8296)
Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8298)
Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8301)
Microsoft Edge Information Disclosure Vulnerability (CVE-2018-8324)
PowerShell Editor Services Remote Code Execution Vulnerability (CVE-2018-8327) : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8327
- 34가지의 중요한 패치
Microsoft Edge—Remote code execution (RCE), Information disclosure, spoofing, and security feature bypass flaws
Microsoft Internet Explorer (IE)— RCE and security feature bypass flaws
MS Office (Powerpoint, Word, Excel, Access, Lync, Skype)—security feature bypass, RCE, and elevation of privilege flaws
Windows 10, 8.1, 7 and Server 2008, 2012, 2016—Denial of Service, security feature bypass, elevation of privilege flaws
Microsoft .NET Framework—Elevation of privilege and RCE flaws
Microsoft SharePoint—Elevation of Privilege, and RCE flaws
ChakraCore—RCE, and security feature bypass vulnerabilities
Microsoft Visual Studio—RCE flaw
Expression Blend 4—RCE flaw
ASP .NET—security feature bypass flaws
Mail, Calendar, and People in Windows 8.1 App Store—information disclosure flaw
'보안이슈' 카테고리의 다른 글
| 스팸이 2018 년에 다시 상승하고 있습니다. (0) | 2018.08.14 |
|---|---|
| MALWAREBYTES FOR iOS (0) | 2018.07.13 |
| 2018년 6월 VB100 결과 (0) | 2018.07.05 |
| GandCrab V4가 발견되었습니다. .KRAB로 확장자가 바뀜 (0) | 2018.07.04 |
| 안드로이드 암호화 마이닝 맬웨어가 Amazon 디바이스를 타깃으로하고있다. (0) | 2018.06.29 |
