Microsoft corrige 82 vulnerabilidades em Patch Tuesday

Segunda terça-feira do mês e a Microsoft realizou a tradicional Patch Tuesday, corrigindo nada menos que 82 vulnerabilidades em seus produtos de uma só vez.

Nessa edição de Setembro, a empresa foi rápida em consertar uma falha de segurança que já estava sendo empregada em ataques de espionagem patrocinados por governos.

A vulnerabilidade fazia parte do .NET Framework e era considerada “zero-day”, ou seja, desconhecida mas já explorada em ataques. Através da falha, era possível enviar documentos em formato Rich Text para alvos com a capacidade de injetar códigos maliciosos uma vez abertos por suas vítimas. Segundo análises da empresa de segurança FireEye, o vetor de ataque foi detectado em uma operação de monitoramento de usuários russos e, a partir da infecção, carregava um módulo de vigilância desenvolvido pela Gamma Group, startup alemã especializada em spyware estatal.

A FireEye detectou o problema no final de Julho e reportou a vulnerabilidade em sigilo para a Microsoft. No boletim de segurança associado ao problema, a Microsoft reconhece a vulnerabilidade como importante e alerta que ela afeta todas as versões do Windows.

A recomendação é que os usuários instalem as correções imediatamente, uma vez que cibercriminosos poderão e deverão utilizar esse falha de segurança para conduzir ataques no futuro na expectativa de atingir sistemas desatualizados em larga escala.

Confira a lista completa de correções publicadas nessa Patch Tuesday:

Produto URL Problema
.NET Framework CVE-2017-8759 .NET Framework Remote Code Execution Vulnerability
Adobe Flash Player ADV170013 September 2017 Flash Security Update
Device Guard CVE-2017-8746 Device Guard Security Feature Bypass Vulnerability
HoloLens CVE-2017-9417 Broadcom BCM43xx Remote Code Execution Vulnerability
Internet Explorer CVE-2017-8749 Internet Explorer Memory Corruption Vulnerability
Internet Explorer CVE-2017-8747 Internet Explorer Memory Corruption Vulnerability
Internet Explorer CVE-2017-8733 Internet Explorer Spoofing Vulnerability
Microsoft Bluetooth Driver CVE-2017-8628 Microsoft Bluetooth Driver Spoofing Vulnerability
Microsoft Browsers CVE-2017-8736 Microsoft Browser Information Disclosure Vulnerability
Microsoft Browsers CVE-2017-8750 Microsoft Browser Memory Corruption Vulnerability
Microsoft Edge CVE-2017-8757 Microsoft Edge Remote Code Execution Vulnerability
Microsoft Edge CVE-2017-8597 Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge CVE-2017-8723 Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge CVE-2017-11766 Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge CVE-2017-8643 Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge CVE-2017-8648 Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge CVE-2017-8735 Microsoft Edge Spoofing Vulnerability
Microsoft Edge CVE-2017-8755 Scripting Engine Memory Corruption Vulnerability
Microsoft Edge CVE-2017-8754 Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge CVE-2017-8751 Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge CVE-2017-8734 Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge CVE-2017-8724 Microsoft Edge Spoofing Vulnerability
Microsoft Edge CVE-2017-8731 Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge CVE-2017-8756 Scripting Engine Memory Corruption Vulnerability
Microsoft Exchange Server CVE-2017-11761 Microsoft Exchange Information Disclosure Vulnerability
Microsoft Exchange Server CVE-2017-8758 Microsoft Exchange Cross-Site Scripting Vulnerability
Microsoft Graphics Component CVE-2017-8688 Windows GDI+ Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2017-8685 Windows GDI+ Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2017-8695 Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2017-8683 Win32k Graphics Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2017-8696 Microsoft Graphics Component Remote Code Execution
Microsoft Graphics Component CVE-2017-8684 Windows GDI+ Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2017-8682 Win32k Graphics Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2017-8720 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2017-8676 Windows GDI+ Information Disclosure Vulnerability
Microsoft Office CVE-2017-8632 Microsoft Office Memory Corruption Vulnerability
Microsoft Office CVE-2017-8725 Microsoft Office Publisher Remote Code Execution
Microsoft Office CVE-2017-8630 Microsoft Office Memory Corruption Vulnerability
Microsoft Office CVE-2017-8743 PowerPoint Remote Code Execution Vulnerability
Microsoft Office CVE-2017-8742 PowerPoint Remote Code Execution Vulnerability
Microsoft Office CVE-2017-8745 Microsoft SharePoint Cross Site Scripting Vulnerability
Microsoft Office CVE-2017-8744 Microsoft Office Memory Corruption Vulnerability
Microsoft Office CVE-2017-8567 Microsoft Office Remote Code Execution
Microsoft Office ADV170015 Microsoft Office Defense in Depth Update
Microsoft Office CVE-2017-8629 Microsoft SharePoint XSS Vulnerability
Microsoft Office CVE-2017-8631 Microsoft Office Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-8738 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-8729 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-8739 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2017-8740 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-8741 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-8649 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-8660 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-8748 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11764 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-8752 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-8753 Scripting Engine Memory Corruption Vulnerability
Microsoft Uniscribe CVE-2017-8692 Uniscribe Remote Code Execution Vulnerability
Microsoft Windows CVE-2017-8699 Windows Shell Remote Code Execution Vulnerability
Microsoft Windows CVE-2017-8710 Windows Information Disclosure Vulnerability
Microsoft Windows CVE-2017-8716 Windows Security Feature Bypass Vulnerability
Microsoft Windows CVE-2017-8702 Windows Elevation of Privilege Vulnerability
Microsoft Windows PDF CVE-2017-8737 Microsoft PDF Remote Code Execution Vulnerability
Microsoft Windows PDF CVE-2017-8728 Microsoft PDF Remote Code Execution Vulnerability
Windows DHCP Server CVE-2017-8686 Windows DHCP Server Remote Code Execution Vulnerability
Windows Hyper-V CVE-2017-8712 Hyper-V Information Disclosure Vulnerability
Windows Hyper-V CVE-2017-8713 Hyper-V Information Disclosure Vulnerability
Windows Hyper-V CVE-2017-8714 Remote Desktop Virtual Host Remote Code Execution Vulnerability
Windows Hyper-V CVE-2017-8711 Hyper-V Information Disclosure Vulnerability
Windows Hyper-V CVE-2017-8707 Hyper-V Information Disclosure Vulnerability
Windows Hyper-V CVE-2017-8704 Hyper-V Denial of Service Vulnerability
Windows Hyper-V CVE-2017-8706 Hyper-V Information Disclosure Vulnerability
Windows Kernel CVE-2017-8719 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2017-8708 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2017-8679 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2017-8709 Windows Kernel Information Disclosure Vulnerability
Windows Kernel-Mode Drivers CVE-2017-8687 Win32k Information Disclosure Vulnerability
Windows Kernel-Mode Drivers CVE-2017-8681 Win32k Information Disclosure Vulnerability
Windows Kernel-Mode Drivers CVE-2017-8675 Win32k Elevation of Privilege Vulnerability
Windows Kernel-Mode Drivers CVE-2017-8678 Win32k Information Disclosure Vulnerability
Windows Kernel-Mode Drivers CVE-2017-8677 Win32k Information Disclosure Vulnerability
Windows Kernel-Mode Drivers CVE-2017-8680 Win32k Information Disclosure Vulnerability
Windows NetBIOS CVE-2017-0161 NetBIOS Remote Code Execution Vulnerability

Queremos saber sua opinião