微软安全公告—2016年10月
微软于北京时间2016年10月11日发布了10个新的安全公告,其中6个为严重等级,4个为重要等级。本次更新主要修复Windows、InternetExplorer、Office、MicrosoftOffice Services 和Microsoft .NET Framework、AdobeFlash Player、Microsoft Edge等组件的安全漏洞。我们推荐您安装所有更新,对于暂时只采用部分更新的用户,我们推荐您首先部署等级为“严重”的安全公告。安全公告每月更新一次,旨在解决严重的漏洞问题。
2016年10月新的安全漏洞
以下是所有安全公告的内容,供您参考。
公告ID | MS16-118 |
|---|---|
最高严重级 | Critical |
受影响软件及其软件版本 | Microsoft Windows(Windows Vista、Windows Server 2008 for 32-bit Systems Service Pack 2、 Windows Server 2008 for x64-based Systems Service Pack 2、Windows 7、Windows Server 2008 R2 for x64-based Systems Service Pack 1、Security Only、 Windows Server 2008 R2 for x64-based Systems Service Pack 1、Monthly Roll Up Windows 8.1、Windows Server 2012和Windows Server 2012 R2、Windows RT 8.1、Windows 10) |
影响情况 | Remote Code Execution |
建议修补时限 | 2周以内 |
重启要求 | Requires restart |
公告ID | MS16-119 |
最高严重级 | Critical |
受影响软件及其软件版本 | Microsoft Windows(Windows 10) |
影响情况 | Remote Code Execution |
建议修补时限 | 2周以内 |
重启要求 | Requires restart |
公告ID | MS16-120 |
最高严重级 | Critical |
受影响软件及其软件版本 | Microsoft Windows(Windows Vista、Windows Server 2008、Windows 7、Windows Server 2008 R2、Windows 8.1 、Windows Server 2012和Windows Server 2012 R2、Windows RT 8.1、Windows 10、Server Core installation option) |
影响情况 | Remote Code Execution |
建议修补时限 | 2周以内 |
重启要求 | Requires restart |
公告ID | MS16-121 |
最高严重级 | Critical |
受影响软件及其软件版本 | Microsoft Office Services and Web Apps(Microsoft SharePoint Server 2010、 Microsoft SharePoint Server 2013、 Microsoft Office Web Apps 2010、 Microsoft Office Web Apps 2013) |
影响情况 | Remote Code Execution |
建议修补时限 | 2周以内 |
重启要求 | May require restart |
公告ID | MS16-122 |
最高严重级 | Critical |
受影响软件及其软件版本 | Microsoft Windows(Windows Vista、Windows 7、Windows 8.1 、Windows RT 8.1、Windows 10) |
影响情况 | Remote Code Execution |
建议修补时限 | 2周以内 |
重启要求 | Requires restart |
公告ID | MS16-123 |
最高严重级 | 重要 |
受影响软件及其软件版本 | Microsoft Windows(Windows Vista、Windows Server 2008、Windows 7、Windows Server 2008 R2、Windows 8.1 、Windows Server 2012和Windows Server 2012 R2、Windows RT 8.1、Windows 10、Server Core installation option) |
Microsoft .NET Framework – Security Only Release(Microsoft .NET Framework、Windows Server 2008、Windows 7、Windows Server 2008 R2、Windows 8.1、Windows Server 2012 and Windows Server 2012 R2、Windows 10、Server Core installation option) | |
Microsoft .NET Framework – Monthly Rollup Release(Microsoft .NET Framework、 Windows Server 2008、Windows 7、Windows Server 2008 R2 Windows 8.1、Windows Server 2012 and Windows Server 2012 R2、Windows 10、Server Core installation option) | |
Microsoft Communications Platforms and Software(Skype for Business 2016、Microsoft Lync 2013、Microsoft Lync 2010、Microsoft Live Meeting 2007 Console) | |
Microsoft Developer Tools and Software(Microsoft Silverlight) | |
Microsoft Office Suites and Software(Microsoft Office 2007、Microsoft Office 2010、Microsoft Office 2013、Microsoft Office 2013 RT、Microsoft Office 2016、Microsoft Office for Mac 2011、Microsoft Office 2016 for Mac、Other Office Software) | |
影响情况 | Elevation of Privilege |
建议修补时限 | 2个月以内 |
重启要求 | Requires restart |
公告ID | MS16-124 |
最高严重级 | 重要 |
受影响软件及其软件版本 | Microsoft Windows(Windows Vista、Windows Server 2008、Windows 7、Windows Server 2008 R2、Windows 8.1 、Windows Server 2012和Windows Server 2012 R2、Windows RT 8.1、Windows 10、Server Core installation option) |
影响情况 | Elevation of Privilege |
建议修补时限 | 2个月以内 |
重启要求 | Requires restart |
公告ID | MS16-125 |
最高严重级 | 重要 |
受影响软件及其软件版本 | Microsoft Windows(Windows 10) |
影响情况 | Elevation of Privilege |
建议修补时限 | 2个月以内 |
重启要求 | Requires restart |
公告ID | MS16-126 |
最高严重级 | 重要 |
受影响软件及其软件版本 | Microsoft Windows(Windows Vista、Windows Server 2008、Windows 7、Windows Server 2008 R2) |
影响情况 | Information Disclosure |
建议修补时限 | 2个月以内 |
重启要求 | Requires restart |
公告ID | MS16-127 |
最高严重级 | Critical |
受影响软件及其软件版本 | Microsoft Windows(Windows 8.1 for 32-bit Systems Security Only、 Windows 8.1 for x64-based Systems Security Only、 Windows Server 2012 Security Only、 Windows Server 2012 R2 Security Only、 Windows RT 8.1、 Windows 10) |
影响情况 | Remote Code Execution |
建议修补时限 | 2周以内 |
重启要求 | Requires restart |
关于这些新发布的安全公告,可在以下页面中找到详细信息:
英文:https://technet.microsoft.com/en-us/library/security/ms16-oct.aspx
安全公告技术细节
公告标识:MS16-118 | |
|---|---|
标题 | Cumulative Security Update for Internet Explorer (3192887) |
摘要 | This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
最高严重等级 | Critical |
漏洞的影响 | Remote Code Execution |
检测 | Microsoft Baseline Security Analyzer 可以检测您的计算机系统是否需要此更新。 |
受影响的软件及其软件版本 | Microsoft Windows(Windows Vista、Windows Server 2008 for 32-bit Systems Service Pack 2 、 Windows Server 2008 for x64-based Systems Service Pack 2 、Windows 7、 Windows Server 2008 R2 for x64-based Systems Service Pack 1 、Security Only、 Windows Server 2008 R2 for x64-based Systems Service Pack 1、Monthly Roll Up Windows 8.1 、Windows Server 2012和Windows Server 2012 R2、 Windows RT 8.1、 Windows 10) |
卸载信息 | 使用控制面板中的添加删除程序 |
详细信息 | https://technet.microsoft.com/library/security/MS16-118 |
公告标识:MS16-119 | |
标题 | Cumulative Security Update for Microsoft Edge (3192890) |
摘要 | This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights. |
最高严重等级 | Critical |
漏洞的影响 | Remote Code Execution |
检测 | Microsoft Baseline Security Analyzer 可以检测您的计算机系统是否需要此更新。 |
受影响的软件及其软件版本 | Microsoft Windows(Windows 10) |
卸载信息 | 使用控制面板中的添加删除程序 |
详细信息 | https://technet.microsoft.com/zh-CN/library/security/ms16-119 |
公告标识:MS16-120 | |
标题 | Security Update for Microsoft Graphics Component (3192884) |
摘要 | This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, Silverlight, and Microsoft Lync. The most serious of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
最高严重等级 | Critical |
漏洞的影响 | Remote Code Execution |
检测 | Microsoft Baseline Security0 Analyzer 可以检测您的计算机系统是否需要此更新。 |
受影响的软件及其软件版本 | Microsoft Windows(Windows Vista、Windows Server 2008、Windows 7、Windows Server 2008 R2、Windows 8.1 、Windows Server 2012和Windows Server 2012 R2、 Windows RT 8.1、 Windows 10、 Server Core installation option) |
卸载信息 | 使用控制面板中的添加删除程序 |
详细信息 | https://technet.microsoft.com/library/security/MS16-120 |
公告标识:MS16-121 | |
标题 | Security Update for Microsoft Office (3194063) |
摘要 | This security update resolves a vulnerability in Microsoft Office. An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. |
最高严重等级 | Critical |
漏洞的影响 | Remote Code Execution |
检测 | Microsoft Baseline Security Analyzer 可以检测您的计算机系统是否需要此更新。 |
受影响的软件及其软件版本 | Microsoft Office Services and Web Apps(Microsoft SharePoint Server 2010、 Microsoft SharePoint Server 2013、 Microsoft Office Web Apps 2010、 Microsoft Office Web Apps 2013) |
卸载信息 | 使用控制面板中的添加删除程序 |
详细信息 | https://technet.microsoft.com/library/security/MS16-121 |
公告标识:MS16-122 | |
标题 | Security Update for Microsoft Video Control (3195360) |
摘要 | This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message. |
最高严重等级 | Critical |
漏洞的影响 | Remote Code Execution |
检测 | Microsoft Baseline Security Analyzer 可以检测您的计算机系统是否需要此更新。 |
受影响的软件及其软件版本 | Microsoft Windows(Windows Vista、Windows 7、Windows 8.1 、Windows RT 8.1、 Windows 10) |
卸载信息 | 使用控制面板中的添加删除程序 |
详细信息 | https://technet.microsoft.com/library/security/MS16-122 |
公告标识:MS16-123 | |
标题 | Security Update for Windows Kernel-Mode Drivers (3192892) |
摘要 | This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. |
最高严重等级 | Important |
漏洞的影响 | Elevation of Privilege |
检测 | Microsoft Baseline Security Analyzer 可以检测您的计算机系统是否需要此更新。 |
受影响的软件及其软件版本 | Microsoft Windows(Windows Vista、Windows Server 2008、Windows 7、Windows Server 2008 R2、Windows 8.1 、Windows Server 2012和Windows Server 2012 R2、 Windows RT 8.1、 Windows 10、 Server Core installation option) |
Microsoft .NET Framework – Security Only Release(Microsoft .NET Framework、Windows Server 2008、Windows 7、Windows Server 2008 R2、 Windows 8.1、Windows Server 2012 and Windows Server 2012 R2、Windows 10、Server Core installation option) | |
Microsoft .NET Framework – Monthly Rollup Release(Microsoft .NET Framework、 Windows Server 2008、Windows 7、Windows Server 2008 R2 Windows 8.1、Windows Server 2012 and Windows Server 2012 R2、Windows 10、Server Core installation option) | |
Microsoft Communications Platforms and Software(Skype for Business 2016、Microsoft Lync 2013、Microsoft Lync 2010、Microsoft Live Meeting 2007 Console) | |
Microsoft Developer Tools and Software(Microsoft Silverlight) | |
Microsoft Office Suites and Software(Microsoft Office 2007、Microsoft Office 2010、Microsoft Office 2013、Microsoft Office 2013 RT、Microsoft Office 2016、Microsoft Office for Mac 2011、Microsoft Office 2016 for Mac、Other Office Software) | |
卸载信息 | 使用控制面板中的添加删除程序 |
详细信息 | https://technet.microsoft.com/library/security/MS16-123 |
公告标识:MS16-124 | |
标题 | Security Update for Windows Registry (3193227) |
摘要 | This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker can access sensitive registry information. |
最高严重等级 | Important |
漏洞的影响 | Elevation of Privilege |
检测 | Microsoft Baseline Security Analyzer 可以检测您的计算机系统是否需要此更新。 |
受影响的软件及其软件版本 | Microsoft Windows(Windows Vista、Windows Server 2008、Windows 7、Windows Server 2008 R2、Windows 8.1 、Windows Server 2012和Windows Server 2012 R2、 Windows RT 8.1、 Windows 10、 Server Core installation option) |
卸载信息 | 使用控制面板中的添加删除程序 |
详细信息 | https://technet.microsoft.com/library/security/MS16-124 |
公告标识:MS16-125 | |
标题 | Security Update for Diagnostics Hub (3193229) |
摘要 | This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. |
最高严重等级 | Important |
漏洞的影响 | Elevation of Privilege |
检测 | Microsoft Baseline Security Analyzer 可以检测您的计算机系统是否需要此更新。 |
受影响的软件及其软件版本 | Microsoft Windows(Windows 10) |
卸载信息 | 使用控制面板中的添加删除程序 |
详细信息 | https://technet.microsoft.com/library/security/MS16-125 |
公告标识:MS16-126 | |
标题 | Security Update for Microsoft Internet Messaging API (3196067) |
摘要 | This security update resolves a vulnerability in Microsoft Windows. An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk. |
最高严重等级 | Moderate |
漏洞的影响 | Information Disclosure |
检测 | Microsoft Baseline Security Analyzer 可以检测您的计算机系统是否需要此更新。 |
受影响的软件及其软件版本 | Microsoft Windows(Windows Vista、Windows Server 2008、Windows 7、Windows Server 2008 R2) |
卸载信息 | 使用控制面板中的添加删除程序 |
详细信息 | https://technet.microsoft.com/library/security/MS16-126 |
公告标识:MS16-127 | |
标题 | Security Update for Adobe Flash Player (3194343) |
摘要 | This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. |
最高严重等级 | Critical |
漏洞的影响 | Remote Code Execution |
检测 | Microsoft Baseline Security Analyzer 可以检测您的计算机系统是否需要此更新。 |
受影响的软件及其软件版本 | Microsoft Windows(Windows 8.1 for 32-bit Systems Security Only、 Windows 8.1 for x64-based Systems Security Only、 Windows Server 2012 Security Only、 Windows Server 2012 R2 Security Only、 Windows RT 8.1、 Windows 10) |
卸载信息 | 使用控制面板中的添加删除程序 |
详细信息 | https://technet.microsoft.com/library/security/MS16-127 |
注意和免责声明
关于信息的一致性:
如果微软网站上的安全公告内容和本文中的内容不一致,请以网站上的安全公告内容为准。