[English]Zum September-Patchday (11.9.2018) hat Microsoft wieder zahlreiche Sicherheitsupdates für Windows-Clients und –Server, für Office, Visual Studie etc. freigegeben.
Anzeige
Hier eine Gesamtübersicht der einzelnen Update. Eine Liste der Updates findet sich auf dieser Microsoft-Seite. Details zu den Update-Paketen für Windows, Office etc. wird es in den kommenden Stunden geben.
Fix für Windows ALPC-Schwachstelle (CVE-2018-8440)
Kürzlich wurde in der Windows Aufgabenplanung eine Schwachstelle ALPC Elevation of Privilege-Lücke entdeckt (siehe Links am Artikelende). In allen Updates für Windows ist ein Fix für die ALPC Elevation of Privilege-Lücke (CVE-2018-8440) enthalten (siehe CVE-2018-8440 Windows ALPC Elevation of Privilege Vulnerability.
Falls jemand den 0patch-Fix verwendet hat, hier geht der Entwickler von opatch darauf ein. Sobald Microsofts Update installiert ist, wird der 0patch eliminiert.
Gefixte Sicherheitslücken
Zum September 2018-Patchday hat Microsoft 17 Schwachstellen behoben. Hier eine Kurzliste weiterer CVEs, die gefixt wurden:
- CVE-2018-0965: Windows Hyper-V Remote Code Execution Vulnerability is a remote code execution vulnerability in Windows Hyper-V that would allow an attacker to craft a malicious application that could escape the guest virtual machine and execute commands on the host machine.
- CVE-2018-8465: Chakra Scripting Engine Memory Corruption Vulnerability is a vulnerability is in the Chakra scripting engine in Microsoft Edge that could allow malicious web sites to exploit the vulnerability and execute code under the security level of the logged in user.
- CVE-2018-8420: MS XML Remote Code Execution Vulnerability is a vulnerability in the Microsoft XML Core Services that could allow an attack to perform remote code execution.
- CVE-2018-8461: Internet Explorer Memory Corruption Vulnerabilityis a vulnerability in Internet Explorer 11 that would allow a malicious web site to perform remote code execution.
- CVE-2018-8475: Windows Remote Code Execution Vulnerabilityaffects all Windows versions from Windows 10 through Windows Server and could allow an attacker to create a malicious image file that would execute code when opened.
- CVE-2018-8332: Win32k Graphics Remote Code Execution Vulnerability affects all Windows versions from Windows 10 through Windows Server that could allow an attacker to create a malicious font, which when viewed could cause remote code execution.
Liste der Sicherheitsupdates
Critical Security Updates
============================
Anzeige
ChakraCore
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core
installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core
installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core
installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 version 1709 for 32-bit Systems
Windows 10 version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server, version 1709 (Server Core Installation)
Windows Server, version 1803 (Server Core Installation)
Microsoft Edge
Internet Explorer 11
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2
Microsoft .NET Framework 4.7.1/4.7.2
Microsoft .NET Framework 4.7.2
Microsoft .NET Framework 4.7/4.7.1/4.7.2
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Office 2016 for Mac
Important Security Updates
============================
.NET Core 2.1
ASP.NET Core 2.1
System.IO.Pipelines
C SDK for Azure IoT
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel Viewer 2007 Service Pack 3
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Excel Viewer 2007 Service Pack 3
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Microsoft.Data.OData
Moderate Security Updates
============================
Microsoft Lync for Mac 2011
Internet Explorer 9
Low Security Updates
============================
Internet Explorer 10
Ähnliche Artikel:
Adobe Flash Player: Update Version 31.0.0.108
Microsoft Office-Updates (4.9.2018)
Microsoft Security Update Summary 11. September 2018
Patchday: Updates für Windows 7/8.1/Server 11. Sept. 2018
Patchday Windows 10-Updates (11. September 2018)
Patchday Microsoft Office Updates (11. September 2018)
Microsoft Patchday: Weitere Updates zum 11. September 2018
Windows 10 Updates KB4464217 und KB4464218
Windows 10: Kumulative Updates (20. September 2018)
Windows 7/8.1 und Server: Updates (20 Sept. 2018)
Neue Windows ALPC Zero-Day-Schwachstelle entdeckt
Neues zur Windows ALPC Zero-Day-Schwachstelle
Windows ALPC 0-day-Lücke wird durch Malware ausgenutzt
Anzeige
KBs zum pätsch-tag 09-18:
Cumulativ IE11 KB4457426 / flash player embedded win8.1-10_ KB4457146
w7
monthly rollup KB4457144 / sec-only KB4457145
w8.1
monthly rollup KB4457129 / sec-only KB4457143
.NET Framework 3.5-4.72 W8.1 KB4457920