信息來(lái)源：E安全

Windows系統(tǒng)安全更新

2017年10月10日，微軟發(fā)布了2017年10月安全更新公告，修補(bǔ)了多個(gè)高危漏洞，根據(jù)公告描述受影響的系統(tǒng)從Windows Server 2008到Windows 10都包含：
Windows 10 1703
Windows 10 1607
Windows Server 2016
Windows 10 1511
Windows 10 RTM
Windows 8.1
Windows Server 2012 R2
Windows Server 2012
Windows 7
Windows Server 2008 R2
Windows Server 2008

軟件更新摘要：
https://portal.msrc.microsoft.com/zh-cn/security-guidance/summary
同時(shí)也包含客戶端安全更新，特別是已經(jīng)有在利用的Office漏洞：
Internet Explorer
Microsoft Edge
Office
SharePoint

漏洞可利用情況

根據(jù)公告，CVE-2017-11780的Windows SMB(SMBv1)遠(yuǎn)程代碼執(zhí)行漏洞攻擊成功率很高，利用代碼一旦公開(kāi)可能會(huì)有惡意攻擊者用來(lái)制造蠕蟲(chóng)傳播；在局域網(wǎng)情形中CVE-2017-11771的Windows Search遠(yuǎn)程代碼執(zhí)行漏洞也是通過(guò)SMB連接遠(yuǎn)程觸發(fā)，攻擊成功后即可控制目標(biāo)計(jì)算機(jī)；同時(shí)CVE-2017-11779的Windows DNSAPI遠(yuǎn)程執(zhí)行代碼漏洞，也可能受到攻擊者建立的一臺(tái)惡意DNS服務(wù)器的虛假響應(yīng)而被攻擊；而CVE-2017-11826的Microsoft Office內(nèi)存損壞漏洞利用樣本已經(jīng)出現(xiàn)在攻擊行動(dòng)中，建議盡快安裝安全更新補(bǔ)丁和采取相應(yīng)的緩解措施保護(hù)系統(tǒng)安全運(yùn)行。

影響版本范圍

其中CVE-2017-11780的Windows SMB(SMBv1)遠(yuǎn)程代碼執(zhí)行漏洞影響如下系統(tǒng)版本：
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
微軟更新指南：

https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11780
其中CVE-2017-11771的Windows Search遠(yuǎn)程代碼執(zhí)行漏洞影響如下系統(tǒng)版本：
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
微軟更新指南：
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11771
其中CVE-2017-11779的Windows DNSAPI遠(yuǎn)程執(zhí)行代碼漏洞影響如下系統(tǒng)版本：
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
微軟更新指南：
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11779
其中CVE-2017-11826的Microsoft Office內(nèi)存損壞漏洞影響如下Office版本：
Microsoft Office Compatibility Pack Service Pack 3    
Microsoft Office Online Server 2016    
Microsoft Office Web Apps Server 2010 Service Pack 2    
Microsoft Office Web Apps Server 2013 Service Pack 1    
Microsoft Office Word Viewer    
Microsoft SharePoint Enterprise Server 2016    
Microsoft Word 2007 Service Pack 3    
Microsoft Word 2010 Service Pack 2 (32-bit editions)    
Microsoft Word 2010 Service Pack 2 (64-bit editions)    
Microsoft Word 2013 RT Service Pack 1    
Microsoft Word 2013 Service Pack 1 (32-bit editions)    
Microsoft Word 2013 Service Pack 1 (64-bit editions)    
Microsoft Word 2016 (32-bit edition)    
Microsoft Word 2016 (64-bit edition)    
Word Automation Services(Microsoft SharePoint Server 2013 Service Pack 1)
Word Automation Services(Microsoft SharePoint Server 2010 Service Pack 2)
微軟更新指南：
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11826

緩解措施（安全應(yīng)急建議等）

緊急：目前攻擊代碼已經(jīng)出現(xiàn)強(qiáng)烈建議盡快安裝安全更新補(bǔ)丁

優(yōu)先措施：個(gè)人電腦開(kāi)啟防火墻攔截外部訪問(wèn)本機(jī)TCP445端口，服務(wù)器開(kāi)啟安全策略限制指定IP訪問(wèn)本機(jī)TCP445端口。

補(bǔ)丁更新：可以通過(guò)系統(tǒng)自帶的更新功能打補(bǔ)丁，也可以單獨(dú)安裝具體的補(bǔ)丁，對(duì)應(yīng)版本參考如下微軟更新指南：
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11780 
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11771 
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11779 
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11826 
找到對(duì)應(yīng)的系統(tǒng)版本，點(diǎn)擊“Security Update”即可下載單獨(dú)的補(bǔ)丁。

安全配置：如果某些特殊環(huán)境下的系統(tǒng)不方便打補(bǔ)丁，可以參考如下安全配置進(jìn)行變通處理。
針對(duì)CVE-2017-11780的Windows SMB(SMBv1)遠(yuǎn)程代碼執(zhí)行漏洞，可以參考如何在 Windows 和 Windows Server 中啟用和禁用SMBv1、SMBv2和SMBv3的指南：
https://support.microsoft.com/zh-cn/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and 
CVE-2017-11771的Windows Search遠(yuǎn)程代碼執(zhí)行漏洞，可以參考禁用WSearch服務(wù)的方法：
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11771 
安全應(yīng)急建議：Windows SMB的漏洞在歷史上出現(xiàn)過(guò)嚴(yán)重蠕蟲(chóng)傳播攻擊，強(qiáng)烈建議盡快更新安全補(bǔ)丁和繼續(xù)關(guān)注安全威脅動(dòng)態(tài)。