该安全更新解决了Microsoft Office中的一个秘密报告的漏洞,当用户使用受影响的Microsoft Office软件打开特制的Office文件或者在Outlook中使用Word预览或打开邮件附件的时候,该漏洞可能引发远程代码执行。该漏洞对于Microsoft Office 2003和Office for Mac 2011均为严重等级。尽管该漏洞是秘密披露的,但是我们发现了针对该漏洞仅有的一些攻击。
微软此次还发布了安全通报 2854544,在今后的几个月中,微软将通过更新该安全通报来发布一个有关提升Windows加密及私钥管理的新功能。在Windows 8、Windows Server 2012和Windows RT中已经自带该功能,现在对于从Windows Vista到Windows 7系统,也将提供该功能。
Cumulative Security Update for Internet Explorer (2838727)
This security update resolves nineteen privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerability in Windows Kernel Could Allow Information Disclosure (2839229)
This security update resolves one privately reported vulnerability in Windows. The vulnerability could allow information disclosure if an attacker logs on to a system and runs a specially crafted application or convinces a local, logged-in user to run a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system.
Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (2845690)
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends specially crafted packets to the server. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.
Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege (2839894)
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege when an authenticated attacker deletes a printer connection. An attacker must have valid logon credentials and be able to log on to exploit this vulnerability.
Vulnerability in Microsoft Office Could Allow Remote Code Execution (2839571)
This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Office document using an affected version of Microsoft Office software, or previews or opens a specially crafted email message in Outlook while using Microsoft Word as the email reader. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
大家好,我们是微软大中华区安全支持团队。微软于北京时间6月12日清晨发布5个安全补丁,其中1个为最高级别严重等级,4个为重要等级,共修复、Microsoft Windows、Microsoft Office和Internet Explorer 中的23个安全漏洞。请特别优先部署严重等级补丁 MS13-047 和 MS13-051。 MS13-047 | Internet Explorer 的累积性