学校首页 | 部门首页 | 部门概况 | 机构设置 | 信息化建设 | 公告通知 | 联系方式 
 工作动态 
 公告通知 
 常识技巧 
 办事指南 

国家教育部
山东省教育厅
中国教育科研网
全国高校导航
胶东在线

 
当前位置: 部门首页>>快速通道>>公告通知>>正文
 
微软发布2015年6月安全公告
2015-06-23

发布日期:2015-06-09

微软发布了2015年6月份安全更新程序,其中严重级别2条,重要级别6条。请科技网用户抓紧时间升级系统!

他们是:

严重级别:

Internet Explorer 的累积安全更新程序 (3058515)

Windows Media Player 中的漏洞可能允许远程执行代码 (3033890)

重要级别:

Microsoft Office 中的漏洞可能允许远程执行代码 (3064949)

Microsoft 常见控件中的漏洞可能允许远程执行代码 (3059317)

Windows 内核模式驱动程序中的漏洞可能允许特权提升 (3057839)

Active Directory 联合身份验证服务中的漏洞可能允许特权提升 (3062577)

Windows 内核中的漏洞可能允许特权提升 (3063858)

Microsoft Exchange Server 中的漏洞可能允许特权提升 (3062157)

详细信息:

Internet Explorer 的累积安全更新程序 (3058515)

摘要

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers.

The security update addresses the vulnerabilities by:

  • Preventing browser histories from being accessed by a malicious site
  • Adding additional permission validations to Internet Explorer
  • Modifying how Internet Explorer handles objects in memory

受影响的软件

Operating System

Component

Maximum Security Impact

Aggregate Severity Rating

Updates Replaced*

Internet Explorer 6

Windows Server 2003 Service Pack 2

Internet Explorer 6
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Windows Server 2003 x64 Edition Service Pack 2

Internet Explorer 6
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Windows Server 2003 with SP2 for Itanium-based Systems

Internet Explorer 6
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Internet Explorer 7

Windows Server 2003 Service Pack 2

Internet Explorer 7
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Windows Server 2003 x64 Edition Service Pack 2

Internet Explorer 7
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Windows Server 2003 with SP2 for Itanium-based Systems

Internet Explorer 7
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Windows Vista Service Pack 2

Internet Explorer 7
(3058515)

Remote Code Execution

Critical

3049563 inMS15-043

Windows Vista x64 Edition Service Pack 2

Internet Explorer 7
(3058515)

Remote Code Execution

Critical

3049563 inMS15-043

Windows Server 2008 for 32-bit Systems Service Pack 2

Internet Explorer 7
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Windows Server 2008 for x64-based Systems Service Pack 2

Internet Explorer 7
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Windows Server 2008 for Itanium-based Systems Service Pack 2

Internet Explorer 7
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Internet Explorer 8

Windows Server 2003 Service Pack 2

Internet Explorer 8
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Windows Server 2003 x64 Edition Service Pack 2

Internet Explorer 8
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Windows Vista Service Pack 2

Internet Explorer 8
(3058515)

Remote Code Execution

Critical

3049563 inMS15-043

Windows Vista x64 Edition Service Pack 2

Internet Explorer 8
(3058515)

Remote Code Execution

Critical

3049563 inMS15-043

Windows Server 2008 for 32-bit Systems Service Pack 2

Internet Explorer 8
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Windows Server 2008 for x64-based Systems Service Pack 2

Internet Explorer 8
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Windows 7 for 32-bit Systems Service Pack 1

Internet Explorer 8
(3058515)

Remote Code Execution

Critical

3049563 inMS15-043

Windows 7 for x64-based Systems Service Pack 1

Internet Explorer 8
(3058515)

Remote Code Execution

Critical

3049563 inMS15-043

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Internet Explorer 8
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Internet Explorer 8
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Internet Explorer 9

Windows Vista Service Pack 2

Internet Explorer 9
(3058515)

Remote Code Execution

Critical

3049563 inMS15-043

Windows Vista x64 Edition Service Pack 2

Internet Explorer 9
(3058515)

Remote Code Execution

Critical

3049563 inMS15-043

Windows Server 2008 for 32-bit Systems Service Pack 2

Internet Explorer 9
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Windows Server 2008 for x64-based Systems Service Pack 2

Internet Explorer 9
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Windows 7 for 32-bit Systems Service Pack 1

Internet Explorer 9
(3058515)

Remote Code Execution

Critical

3049563 inMS15-043

Windows 7 for x64-based Systems Service Pack 1

Internet Explorer 9
(3058515)

Remote Code Execution

Critical

3049563 inMS15-043

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Internet Explorer 9
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Internet Explorer 10

Windows 7 for 32-bit Systems Service Pack 1

Internet Explorer 10
(3058515)

Remote Code Execution

Critical

3049563 inMS15-043

Windows 7 for x64-based Systems Service Pack 1

Internet Explorer 10
(3058515)

Remote Code Execution

Critical

3049563 inMS15-043

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Internet Explorer 10
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Windows 8 for 32-bit Systems

Internet Explorer 10
(3058515)

Remote Code Execution

Critical

3049563 inMS15-043

Windows 8 for x64-based Systems

Internet Explorer 10
(3058515)

Remote Code Execution

Critical

3049563 inMS15-043

Windows Server 2012

Internet Explorer 10
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Windows RT

Internet Explorer 10[1]
(3058515)

Remote Code Execution

Critical

3049563 inMS15-043

Internet Explorer 11

Windows 7 for 32-bit Systems Service Pack 1

Internet Explorer 11
(3058515)

Remote Code Execution

Critical

3049563 inMS15-043

Windows 7 for x64-based Systems Service Pack 1

Internet Explorer 11
(3058515)

Remote Code Execution

Critical

3049563 inMS15-043

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Internet Explorer 11
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Windows 8.1 for 32-bit Systems

Internet Explorer 11
(3058515)

Remote Code Execution

Critical

3049563 inMS15-043

Windows 8.1 for x64-based Systems

Internet Explorer 11
(3058515)

Remote Code Execution

Critical

3049563 inMS15-043

Windows Server 2012 R2

Internet Explorer 11
(3058515)

Remote Code Execution

Moderate

3049563 inMS15-043

Windows RT 8.1

Internet Explorer 11[1]
(3058515)

Remote Code Execution

Critical

3049563 inMS15-043

Windows Media Player 中的漏洞可能允许远程执行代码 (3033890)

摘要

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows Media Player opens specially crafted media content that is hosted on a malicious website. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Windows Media Player 10 when installed on Windows Server 2003, Windows Media Player 11 when installed on Windows Vista or Windows Server 2008, and Windows Media Player 12 when installed on Windows 7 or Windows Server 2008 R2.

The security update addresses the vulnerability by correcting how Windows Media Player handles DataObjects.

受影响的软件

Operating System

Component

Maximum Security Impact

Aggregate Severity Rating

Updates Replaced*

Windows Server 2003

Windows Server 2003 Service Pack 2

Windows Media Player 10
(3033890)

Remote Code Execution

Critical

2378111 inMS10-082

Windows Server 2003 x64 Edition Service Pack 2

Windows Media Player 10
(3033890)

Remote Code Execution

Critical

2378111 inMS10-082

Windows Vista

Windows Vista Service Pack 2

Windows Media Player 11
(3033890)

Remote Code Execution

Critical

2378111 inMS10-082

Windows Vista x64 Edition Service Pack 2

Windows Media Player 11
(3033890)

Remote Code Execution

Critical

2378111 inMS10-082

Windows Server 2008

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Media Player 11
(3033890)

Remote Code Execution

Critical

2378111 inMS10-082

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Media Player 11
(3033890)

Remote Code Execution

Critical

2378111 inMS10-082

Windows 7

Windows 7 for 32-bit Systems Service Pack 1

Windows Media Player 12
(3033890)

Remote Code Execution

Critical

None

Windows 7 for x64-based Systems Service Pack 1

Windows Media Player 12
(3033890)

Remote Code Execution

Critical

None

Windows Server 2008 R2

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Media Player 12
(3033890)

Remote Code Execution

Critical

None

Microsoft Office 中的漏洞可能允许远程执行代码 (3064949)

摘要

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

This security update is rated Importantfor all supported editions of the following software:

  • Microsoft Office 2007
  • Microsoft Office 2010
  • Microsoft Office 2013
  • Microsoft Office 2013 RT

The security update addresses the vulnerabilities by correcting how Microsoft Office handles files in memory and by correcting how Microsoft Office parses specially crafted files.

受影响的软件

Microsoft Office Suites Software

Component

Maximum Security Impact

Aggregate Severity Rating

Updates Replaced*

Microsoft Office 2007

Microsoft Office 2007 Pack Service Pack 3
(file format converters)
(2863812)

Not applicable

Remote Code Execution

Important

2760415 inMS13-091

Microsoft Office 2010

Microsoft Office 2010 Service Pack 2 (32-bit editions)
(2863817)

Not applicable

Remote Code Execution

Important

2553284 inMS13-091

Microsoft Office 2010 Service Pack 2 (64-bit editions)
(2863817)

Not applicable

Remote Code Execution

Important

2553284 inMS13-091

Microsoft Office 2013

Microsoft Office 2013 Service Pack 1 (32-bit editions)
(3039749)

Not applicable

Remote Code Execution

Important

None

Microsoft Office 2013 Service Pack 1 (64-bit editions)
(3039749)

Not applicable

Remote Code Execution

Important

None

Microsoft Office 2013 Service Pack 1 (32-bit editions)
(3039782)

Not applicable

Remote Code Execution

Important

None

Microsoft Office 2013 Service Pack 1 (64-bit editions)
(3039782)

Not applicable

Remote Code Execution

Important

None

Microsoft Office 2013 RT

Microsoft Office 2013 RT Service Pack 1
(3039749)[1]

Not applicable

Remote Code Execution

Important

None

Microsoft Office 2013 RT Service Pack 1
(3039782)[1]

Not applicable

Remote Code Execution

Important

None

Microsoft 常见控件中的漏洞可能允许远程执行代码 (3059317)

摘要

his security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link, or a link to specially crafted content, and then invokes F12 Developer Tools in Internet Explorer.

This security update is rated Important for all supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1.

The security update addresses the vulnerability by correcting how Windows handles objects in memory.

受影响的软件

Operating System

Maximum Security Impact

Aggregate Severity Rating

Updates Replaced*

Windows Vista

Windows Vista Service Pack 2
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Windows Vista x64 Edition Service Pack 2
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Windows Server 2008

Windows Server 2008 for 32-bit Systems Service Pack 2
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Windows Server 2008 for x64-based Systems Service Pack 2
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Windows Server 2008 for Itanium-based Systems Service Pack 2
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Windows 7

Windows 7 for 32-bit Systems Service Pack 1
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Windows 7 for x64-based Systems Service Pack 1
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Windows Server 2008 R2

Windows Server 2008 R2 for x64-based Systems Service Pack 1
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Windows 8 and Windows 8.1

Windows 8 for 32-bit Systems
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Windows 8 for x64-based Systems
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Windows 8.1 for 32-bit Systems
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Windows 8.1 for x64-based Systems
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Windows Server 2012 and Windows Server 2012 R2

Windows Server 2012
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Windows Server 2012 R2
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Windows RT and Windows RT 8.1

Windows RT[1]
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Windows RT 8.1[1]
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Server Core installation option

Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation)
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Windows Server 2012(Server Core installation)
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Windows Server 2012 R2(Server Core installation)
(3059317)

Remote Code Execution

Important

3051768 inMS15-054

Windows 内核模式驱动程序中的漏洞可能允许特权提升 (3057839)

摘要

This security update resolves vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

This security update is rated Important for all supported releases of Windows.

The security update addresses the vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory and validates user input.

受影响的软件

Operating System

Maximum Security Impact

Aggregate Severity Rating

Updates Replaced*

Windows Server 2003

Windows Server 2003 Service Pack 2
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows Server 2003 x64 Edition Service Pack 2
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows Server 2003 with SP2 for Itanium-based Systems
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows Server 2003 R2 Service Pack 2
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows Server 2003 R2 x64 Edition Service Pack 2
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows Vista

Windows Vista Service Pack 2
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows Vista x64 Edition Service Pack 2
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows Server 2008

Windows Server 2008 for 32-bit Systems Service Pack 2
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows Server 2008 for x64-based Systems Service Pack 2
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows Server 2008 for Itanium-based Systems Service Pack 2
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows 7

Windows 7 for 32-bit Systems Service Pack 1
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows 7 for x64-based Systems Service Pack 1
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows Server 2008 R2

Windows Server 2008 R2 for x64-based Systems Service Pack 1
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows 8 and Windows 8.1

Windows 8 for 32-bit Systems
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows 8 for x64-based Systems
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows 8.1 for 32-bit Systems
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows 8.1 for x64-based Systems
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows Server 2012 and Windows Server 2012 R2

Windows Server 2012
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows Server 2012 R2
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows RT and Windows RT 8.1

Windows RT[1]
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows RT 8.1[1]
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Server Core installation option

Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation)
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows Server 2012(Server Core installation)
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Windows Server 2012 R2(Server Core installation)
(3057839)

Elevation of Privilege

Important

3034344 inMS15-023

Active Directory 联合身份验证服务中的漏洞可能允许特权提升 (3062577)

摘要

This security update resolves a vulnerability in Microsoft Active Directory Federation Services (AD FS). The vulnerability could allow elevation of privilege if an attacker submits a specially crafted URL to a target site. Due to the vulnerability, in specific situations specially crafted script is not properly sanitized, which subsequently could lead to an attacker-supplied script being run in the security context of a user who views the malicious content. For cross-site scripting attacks, this vulnerability requires that a user be visiting a compromised site for any malicious action to occur.

This security update is rated Important for Active Directory Federation Services 2.0 and Active Directory Federation Services 2.1.

The security update addresses the vulnerability by correcting how AD FS handles the HTML encoding of HTTP responses.

受影响的软件

Operating System

Component

Maximum Security Impact

Aggregate Severity Rating

Updates Replaced*

Windows Server 2008

Windows Server 2008 for 32-bit Systems Service Pack 2

Active Directory Federation Services 2.0
(3062577)

Elevation of Privilege

Important

3003381 inMS14-077

Windows Server 2008 for x64-based Systems Service Pack 2

Active Directory Federation Services 2.0
(3062577)

Elevation of Privilege

Important

3003381 inMS14-077

Windows Server 2008 R2

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Active Directory Federation Services 2.0
(3062577)

Elevation of Privilege

Important

3003381 inMS14-077

Windows Server 2012

Windows Server 2012

Active Directory Federation Services 2.1
(3062577)

Elevation of Privilege

Important

3003381 inMS14-077

Windows 内核中的漏洞可能允许特权提升 (3063858)

摘要

his security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker places a malicious .dll file in a local directory on the machine or on a network share. An attacker would then have to wait for a user to run a program that can load a malicious .dll file, resulting in elevation of privilege. However, in all cases an attacker would have no way to force a user to visit such a network share or website.

This security update is rated Important for all supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT.

The security update addresses the vulnerability by correcting how Windows validates user input.

受影响的软件

Operating System

Maximum Security Impact

Aggregate Severity Rating

Updates Replaced*

Windows Vista

Windows Vista Service Pack 2
(3063858)

Elevation of Privilege

Important

2922229 inMS14-019

Windows Vista x64 Edition Service Pack 2
(3063858)

Elevation of Privilege

Important

2922229 inMS14-019

Windows Server 2008

Windows Server 2008 for 32-bit Systems Service Pack 2
(3063858)

Elevation of Privilege

Important

2922229 inMS14-019

Windows Server 2008 for x64-based Systems Service Pack 2
(3063858)

Elevation of Privilege

Important

2922229 inMS14-019

Windows Server 2008 for Itanium-based Systems Service Pack 2
(3063858)

Elevation of Privilege

Important

2922229 inMS14-019

Windows 7

Windows 7 for 32-bit Systems Service Pack 1
(3063858)

Elevation of Privilege

Important

2922229 inMS14-019

Windows 7 for x64-based Systems Service Pack 1
(3063858)

Elevation of Privilege

Important

2922229 inMS14-019

Windows Server 2008 R2

Windows Server 2008 R2 for x64-based Systems Service Pack 1
(3063858)

Elevation of Privilege

Important

2922229 inMS14-019

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
(3063858)

Elevation of Privilege

Important

2922229 inMS14-019

Windows 8

Windows 8 for 32-bit Systems
(3063858)

Elevation of Privilege

Important

None

Windows 8 for x64-based Systems
(3063858)

Elevation of Privilege

Important

None

Windows Server 2012

Windows Server 2012
(3063858)

Elevation of Privilege

Important

None

Windows RT

Windows RT[1]
(3063858)

Elevation of Privilege

Important

None

Server Core installation option

Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)
(3063858)

Elevation of Privilege

Important

2922229 inMS14-019

Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation)
(3063858)

Elevation of Privilege

Important

2922229 inMS14-019

Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
(3063858)

Elevation of Privilege

Important

2922229 inMS14-019

Windows Server 2012(Server Core installation)
(3063858)

Elevation of Privilege

Important

None

Microsoft Exchange Server 中的漏洞可能允许特权提升 (3062157)

摘要

This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow elevation of privilege if an authenticated user clicks a link to a specially crafted webpage. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message.

This security update is rated Important for all supported editions of Microsoft Exchange Server 2013.

The security update addresses the vulnerabilities by:

  • Modifying how Exchange web applications manage same-origin policy
  • Modifying how Exchange web applications manage user session authentication
  • Correcting how Exchange web applications sanitize HTML strings

受影响的软件

Software

Maximum Security Impact

Aggregate Severity Rating

Updates Replaced

Microsoft Server Software

Microsoft Exchange Server 2013 Service Pack 1
(3062157)

Elevation of Privilege

Important

None

Microsoft Exchange Server 2013 Cumulative Update 8
(3062157)

Elevation of Privilege

Important

None

在此,中国科技网网络安全应急小组提醒广大用户及时更新系统补丁!

参考文档:

中文网站:https://technet.microsoft.com/zh-CN/library/security/ms15-jun.aspx

英文网站:https://technet.microsoft.com/en-US/library/security/ms15-jun.aspx

关闭窗口
学校校历 | 学校地图 | 部门概况 | 联系我们

地址:山东省烟台市芝罘区红旗中路186号北区10号教学楼(综合楼) 邮编:264025
鲁东大学教育信息技术部(信息化办公室) 版权所有