2018 年 5 月 8 日. 将默认设置从“易受攻击” 更改为“缓解” 的更新。. 相关的 Microsoft 知识库编号已在 CVE-2018-0886 中列出。. 默认情况下，安装此更新后，修补的客户端无法与未修补的服务器进行通信。. 使用本文中描述的互操作性矩阵和组策略设置来启用 ...

简介. Microsoft 于 2018 年 4 月发布了以下 Office 安全更新和非安全更新。 这些更新旨在帮助我们的客户使计算机保持最新状态。 建议安装适用于你的所有更新。 若要下载更新，请单击以下列表中的相应知识库文章，然后转到本文的"如何下载和安装更新"部分。 2018 年 4 月发布的 Office 更新列表. 2016 Microsoft Office 2016 年 1 月. 2013 Microsoft Office 2013 年 1 月. Office 2010. Office 2007. SharePoint Server 2016.

A remote code execution vulnerability exists in unpatched versions of CredSSP. An attacker who successfully exploits this vulnerability could relay user credentials to execute code on the target system. Any application that depends on CredSSP for authentication may be vulnerable to this type of attack.

This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections from an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass (CVE-2018-3639). These protections aren't enabled by default.

Key changes include: Addresses an issue that may cause an error when connecting to a Remote Desktop server. For more information, see CredSSP updates for CVE-2018-0886. Security updates to Windows app platform and frameworks, Windows apps, Windows kernel, Microsoft Graphics Component, HTML help, and Windows storage and filesystems.

Microsoft released the following security and nonsecurity updates for Office in March 2018. These updates are intended to help our customers keep their computers up-to-date. We recommend that you install all updates that apply to you.

注意: 如果是通过以下任一方式获取的 Microsoft 365：Microsoft 工作区折扣计划(以前称为家用许可计划)，则安装 2019、2016 或 2013 版的 Office 专业增强版、Office 标准版或独立应用（如 Word 或 Project）的步骤可能会有所不同：如果你通过公司购买了 Microsoft 365 供个人使用，请参阅通过工作场所折扣计划安装 ...

啟動 Microsoft 365. 開啟 Word 或 Excel 等任何應用程式，即可開始使用 Microsoft 365 應用程式。. 安裝後找不到 Office？. 在大多數的情況下，在您開啟應用程式並按一下 [接受] 以同意授權條款之後，Microsoft 365 就會啟用。. Office 可能會自動啟用。. 不過，視您的產品而定 ...

Microsoft released the following security and nonsecurity updates for Office in June 2018. These updates are intended to help our customers keep their computers up-to-date. We recommend that you install all updates that apply to you.

Summary. Microsoft is aware of new variants of the class of attack known as speculative execution side-channel vulnerabilities. The variants are named L1 Terminal Fault (L1TF) and Microarchitectural Data Sampling (MDS).An attacker who can successfully exploit L1TF or MDS may be able to read privileged data across trust boundaries.