Microsoft windows October release of the 62 flaws vulnerability bug patch, and repair of the National researchers submitted the 0-day flaw vulnerability bug-vulnerability warning-the black bar safety net

Microsoft on Tuesday’s Patch Tuesday on the breath announced a 62 bug. the bug of the patch, which contains a has been applied to the major Office 0-day exploits flaws in the bug, this is by memory of the destruction occasioned by the long-distance code to perform vulnerability flaws bug（ CVE-2017-11826 town. Hack to long-distance applications this vulnerability flaws bugs, to lure users to shut the particular manufacturing document, and thus fulfilling vicious thoughts code. All versions of Office are affected by the vulnerability flaws of the bug impact.
! [](/Article/UploadPic/2017-10/20171012163339623. png? www. myhack58. com)
Because the software helpless to properly handle the memory in the tool lead to a long-distance code to perform vulnerability flaws bug. Intrusion the attacker can apply the vulnerability flaws of the bug in the future user cases fulfilling arbitrary whims of the code. If later the user to the governance administrator rights log in, the intrusion of the attacker to be able to in moderation the affected system: device French; check, change or delete data; and even created with the full user permissions to the new account. System user permissions to set up equipped furnishings lower user than the application of governance the user permissions of the user by the impact can be smaller.
In the e-mail intrusion attacks, intrusion attackers may place a specially crafted file is sent to the user and coercion the user to close the file and then apply this vulnerability flaws bug. In a Web-based intrusion attacks, intrusion attackers capable of hosting a web site or application was compromised the attack site to the receiving or host user-supplied content the website contains a vulnerability flaws bug the application of a specially crafted file. The invasion of the attacker is helpless to force users to visit the site, only to lure the user to click on the link on weekdays via the process e-mail or instant news stop hanging nylon one.
It is worth mentioning that this vulnerability flaws bug is the domestic qihoo 360 researchers in the invention and to the Microsoft Declaration. They are in 9 month 28 days invented with the invasion of the attacker the application of the vulnerability flaws of the bug, the joint vicious thoughts RTF file intrusion the company’s majority customers. While today it is unclear details, but via the process of elucidating the invasion of the attacker the application of the C & C server, it is possible invention the intrusion attacks as early as 8 months you have begun to organize, in the 9 months of the initial start.
The researchers showed that the invasion of the attacker the application collection vertical nylon tips to make the purpose of the user shut the vicious thoughts file, the ultimate trigger the Trojan horse nature of the useful load, can be from contaminated equipment to steal sensitive information. Else, the intrusion is also related to some“famous”network security products in the DLL coerce vulnerability flaws bug. This affected the collection of the network security vendors still have not named, but Symantec, Kaspersky Labs, Rapid7, F-Secure and Comodo and other companies of the product are also the invention of the DLL coerce vulnerability flaws bug.
Microsoft also fixed two earlier disclosed too small but also not is Application vulnerability flaws bug:
In SharePoint XSS vulnerability flaws bug（CVE-2017-11777）
The Linux version of the Windows sub-system in the DoS vulnerability. bug（CVE-2017-8703）
The repair of the vulnerability flaws of the bug have 27 belonging to the major level, included with the Windows KEPT coherent long-distance perform code vulnerability flaws bug（CVE-2017-11779-in. Microsoft also announced the initiative to prompt the user to pay attention to the impact Infineon may care Platform Module（TPM）the firmware of the network security feature bypass results. Microsoft last month total fixed about 80 vulnerabilities flaws bug, which contains a . NET 0-day exploits flaws a bug that hackers used to say that the Russian people disseminated FinFisher vicious thoughts software.
Other weekday with Microsoft sync announced a fix to update the Adobe in this week and did not announce any network security fix.
The following is the repair of the 62 vulnerabilities flaws in the bug list. Interested readers can also click here to check profile, maybe Click here to check the Microsoft Update notification Bulletin and patch on.
Tag
CVE ID
CVE Title
Device Guard
CVE-2017-8715
The Windows network security feature bypass vulnerability flaws bug
Device Guard
CVE-2017-11823
Microsoft Windows network security feature bypass vulnerability flaws bug
Internet Explorer
CVE-2017-11790
Internet Explorer information disclosure vulnerability flaws bug
Internet Explorer
CVE-2017-11810
The Scripting Engine memory destruction vulnerability flaws bug
Internet Explorer
CVE-2017-11822
Internet Explorer memory destruction vulnerability flaws bug
Internet Explorer
CVE-2017-11813
Internet Explorer memory destruction vulnerability flaws bug
Microsoft Edge
CVE-2017-8726
Microsoft Edge memory destruction vulnerability flaws bug
Microsoft Edge
CVE-2017-11794
Microsoft Edge information leak vulnerability flaws bug
Microsoft Graphics Component
CVE-2017-11816
Windows GDI information leak vulnerability flaws bug
Microsoft Graphics Component
CVE-2017-11763
Microsoft Graphics long-distance code to perform vulnerability flaws bug
Microsoft Graphics Component
CVE-2017-11762
Microsoft Graphics long-distance code to perform vulnerability flaws bug
Microsoft Graphics Component
CVE-2017-11824
Windows Graphics Component provide the right to exploit the flaws bug
Microsoft Graphics Component
CVE-2017-8693
Microsoft Graphics information leak vulnerability flaws bug
The Microsoft JET Database Engine
CVE-2017-8718
The Microsoft JET Database Engine long code perform vulnerability flaws bug
The Microsoft JET Database Engine
CVE-2017-8717
The Microsoft JET Database Engine long code perform vulnerability flaws bug
Microsoft Office
CVE-2017-11776
Microsoft Outlook information disclosure vulnerability flaws bug
Microsoft Office
CVE-2017-11775
Microsoft Office SharePoint XSS vulnerability flaws bug
Microsoft Office
CVE-2017-11774
Microsoft Outlook network security feature bypass vulnerability flaws bug
Microsoft Office
CVE-2017-11777
Microsoft Office SharePoint XSS vulnerability flaws bug
Microsoft Office
CVE-2017-11826
Microsoft Office memory the destruction of vulnerabilities flaws bug
Microsoft Office
CVE-2017-11825
Microsoft Office long distance code to perform vulnerability flaws bug
Microsoft Office
ADV170017
Office Defense depth updates
Microsoft Office
CVE-2017-11786
Skype for Business provide the right to exploit the flaws bug
Microsoft Office
CVE-2017-11820
Microsoft Office SharePoint XSS

[1] [2] next