微软4月修复66个漏洞；Adobe修复19个漏洞

4 月 10 日是微软四月的修复日。此次微软一共发布了 66 个补丁，涵盖的产品包括Windows 系统、IE浏览器、Edge浏览器、ChakraCire、Office、Office Service 以及 Web 应用、微软恶意软件防护引擎、微软 VisualStudio以及微软 Azure IoT SDK等。此外，Adobe 也相应修复了 6 款产品中的 19 个漏洞，包括 Flash Player 中的 6 个漏洞（其中 3 个为高危）。

其中，修复的漏洞中不包括 0-day，也没有任何一个漏洞在野利用，但微软研究人员在 SharePoint 中发现的一个特权升级漏洞已经向公众公开。影响 VBScript 引擎的远程代码执行漏洞也属于高危漏洞，可被恶意网站或文件利用。趋势科技的 Zero Day Initiative（ZDI）指出，由于可能使用 Office 文档进行利用，因此这个漏洞攻击面更广。

其他严重漏洞包括微软图形组件中的远程代码执行漏洞（包括字体驱动提权漏洞），无线键盘中安全功能绕过漏洞等。详情可查看下表：

标签CVE IDCVE 标题Adobe Flash PlayerADV180007April 2018 Adobe Flash Security Update 2018 年 4 月 Adobe Flash 安全更新Internet ExplorerCVE-2018-0870Internet Explorer Memory Corruption Vulnerability IE 浏览器内损坏漏洞Internet ExplorerCVE-2018-1018Internet Explorer Memory Corruption Vulnerability IE 浏览器内损坏漏洞Internet ExplorerCVE-2018-0997Internet Explorer Memory Corruption Vulnerability IE 浏览器内损坏漏洞Internet ExplorerCVE-2018-0991Internet Explorer Memory Corruption Vulnerability IE 浏览器内损坏漏洞Internet ExplorerCVE-2018-1020Internet Explorer Memory Corruption Vulnerability IE 浏览器内损坏漏洞Microsoft BrowsersCVE-2018-1023Microsoft Browser Memory Corruption Vulnerability 微软浏览器内存损坏漏洞Microsoft DevicesCVE-2018-8117Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability 微软无线键盘 850 安全功能绕过漏洞Microsoft EdgeCVE-2018-0892Microsoft Edge Information Disclosure Vulnerability 微软 Edge 浏览器信息披露漏洞Microsoft EdgeCVE-2018-0998Microsoft Edge Information Disclosure Vulnerability 微软 Edge 浏览器信息披露漏洞Microsoft Graphics ComponentCVE-2018-1009Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability 微软 DirectX Graphics 内核子系统提权漏洞 Microsoft Graphics ComponentCVE-2018-1016Microsoft Graphics Remote Code Execution Vulnerability 微软Graphics 远程代码执行漏洞Microsoft Graphics ComponentCVE-2018-1012Microsoft Graphics Remote Code Execution Vulnerability 微软Graphics 远程代码执行漏洞Microsoft Graphics ComponentCVE-2018-1010Microsoft Graphics Remote Code Execution Vulnerability 微软Graphics 远程代码执行漏洞Microsoft Graphics ComponentCVE-2018-1015Microsoft Graphics Remote Code Execution Vulnerability 微软Graphics 远程代码执行漏洞Microsoft Graphics ComponentCVE-2018-1013Microsoft Graphics Remote Code Execution Vulnerability 微软Graphics 远程代码执行漏洞Microsoft JET Database EngineCVE-2018-1003Microsoft JET Database Engine Remote Code Execution Vulnerability 微软JET 数据库引擎远程代码执行漏洞 Microsoft Malware Protection EngineCVE-2018-0986Microsoft Malware Protection Engine Remote Code Execution VulnerabilityMicrosoft OfficeCVE-2018-1028Unknown 未知Microsoft OfficeCVE-2018-1026Microsoft Office Remote Code Execution Vulnerability 微软 Office 远程代码执行漏洞Microsoft OfficeCVE-2018-1027Microsoft Excel Remote Code Execution Vulnerability 微软 Excel 远程代码执行漏洞Microsoft OfficeCVE-2018-1029Microsoft Excel Remote Code Execution Vulnerability 微软 Excel 远程代码执行漏洞Microsoft OfficeCVE-2018-1005Microsoft SharePoint Elevation of Privilege Vulnerability 微软 SharePoint 提权漏洞Microsoft OfficeCVE-2018-1034Microsoft SharePoint Elevation of Privilege Vulnerability 微软 SharePoint 提权漏洞Microsoft OfficeCVE-2018-1030Microsoft Office Remote Code Execution Vulnerability 微软 Office 远程代码执行漏洞Microsoft OfficeCVE-2018-0950Microsoft Office Information Disclosure Vulnerability 微软 Office 信息披露漏洞Microsoft OfficeCVE-2018-0920Microsoft Excel Remote Code Execution Vulnerability 微软 Excel 远程代码执行漏洞Microsoft OfficeCVE-2018-1007Microsoft Office Information Disclosure Vulnerability 微软 Office 信息披露漏洞Microsoft OfficeCVE-2018-1011Microsoft Excel Remote Code Execution Vulnerability 微软 Excel 远程代码执行漏洞Microsoft OfficeCVE-2018-1032Microsoft SharePoint Elevation of Privilege Vulnerability 微软 SharePoint 提权漏洞Microsoft OfficeCVE-2018-1014Microsoft SharePoint Elevation of Privilege Vulnerability 微软 SharePoint 提权漏洞Microsoft Scripting EngineCVE-2018-0981Scripting Engine Information Disclosure Vulnerability 微软脚本引擎信息披露漏洞 Microsoft Scripting EngineCVE-2018-0979Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting 引擎内存损坏漏洞Microsoft Scripting EngineCVE-2018-1019Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting 引擎内存损坏漏洞Microsoft Scripting EngineCVE-2018-0980Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting 引擎内存损坏漏洞Microsoft Scripting EngineCVE-2018-0993Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting 引擎内存损坏漏洞Microsoft Scripting EngineCVE-2018-0994Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting 引擎内存损坏漏洞Microsoft Scripting EngineCVE-2018-0990Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting 引擎内存损坏漏洞Microsoft Scripting EngineCVE-2018-0987Scripting Engine Information Disclosure Vulnerability 微软脚本引擎信息披露漏洞 Microsoft Scripting EngineCVE-2018-0988Scripting Engine Memory Corruption Vulnerability 微软脚本引擎内存损坏漏洞 Microsoft Scripting EngineCVE-2018-0995Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting 引擎内存损坏漏洞 Microsoft Scripting EngineCVE-2018-1001Scripting Engine Memory Corruption Vulnerability 微软脚本引擎内存损坏漏洞 Microsoft Scripting EngineCVE-2018-1004Windows VBScript Engine Remote Code Execution Vulnerability Windows VBScript 引擎远程代码执行漏洞 Microsoft Scripting EngineCVE-2018-0989Scripting Engine Information Disclosure Vulnerability 微软脚本引擎信息披露漏洞 Microsoft Scripting EngineCVE-2018-1000Scripting Engine Information Disclosure Vulnerability 微软脚本引擎信息披露漏洞 Microsoft Scripting EngineCVE-2018-0996Scripting Engine Memory Corruption Vulnerability 微软脚本引擎内存损坏漏洞 Microsoft WindowsCVE-2018-0890Active Directory Security Feature Bypass Vulnerability 活跃目录安全功能绕过漏洞Microsoft WindowsCVE-2018-0966Device Guard Security Feature Bypass Vulnerability Device Guard 安全功能绕过漏洞Microsoft WindowsCVE-2018-0967Windows SNMP Service Denial of Service Vulnerability Windows SNMP 服务拒绝服务漏洞Microsoft WindowsCVE-2018-0963Windows Kernel Elevation of Privilege Vulnerability Windows 内核提权漏洞Microsoft WindowsCVE-2018-0887Windows Kernel Information Disclosure Vulnerability Windows 内核信息披露漏洞Microsoft WindowsCVE-2018-8116Microsoft Graphics Component Denial of Service Vulnerability 微软 Graphics 组件拒绝服务漏洞Visual StudioCVE-2018-1037Microsoft Visual Studio Information Disclosure Vulnerability 微软 Visual Studio 信息披露漏洞Windows Hyper-VCVE-2018-0964Hyper-V Information Disclosure Vulnerability Hyper-V 信息披露漏洞Windows Hyper-VCVE-2018-0957Hyper-V Information Disclosure Vulnerability Hyper-V 信息披露漏洞Windows IISCVE-2018-0956HTTP.sys Denial of Service VulnerabilityWindows KernelCVE-2018-1008OpenType Font Driver Elevation of Privilege Vulnerability OpenType 字体驱动提权漏洞Windows KernelCVE-2018-0960Windows Kernel Information Disclosure Vulnerability Windows 内核信息披露漏洞Windows KernelCVE-2018-0973Windows Kernel Information Disclosure Vulnerability Windows 内核信息披露漏洞Windows KernelCVE-2018-0972Windows Kernel Information Disclosure Vulnerability Windows 内核信息披露漏洞Windows KernelCVE-2018-0975Windows Kernel Information Disclosure Vulnerability Windows 内核信息披露漏洞Windows KernelCVE-2018-0974Windows Kernel Information Disclosure Vulnerability Windows 内核信息披露漏洞Windows KernelCVE-2018-0971Windows Kernel Information Disclosure Vulnerability Windows 内核信息披露漏洞Windows KernelCVE-2018-0969Windows Kernel Information Disclosure Vulnerability Windows 内核信息披露漏洞Windows KernelCVE-2018-0968Windows Kernel Information Disclosure Vulnerability Windows 内核信息披露漏洞Windows KernelCVE-2018-0970Windows Kernel Information Disclosure Vulnerability Windows 内核信息披露漏洞Windows RDPCVE-2018-0976Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Windows 远程桌面协议（RDP) 拒绝服务漏洞