2018 年 5 月 8 日. 将默认设置从“易受攻击” 更改为“缓解” 的更新。. 相关的 Microsoft 知识库编号已在 CVE-2018-0886 中列出。. 默认情况下，安装此更新后，修补的客户端无法与未修补的服务器进行通信。. 使用本文中描述的互操作性矩阵和组策略设置来启用 ...

简介. Microsoft 于 2018 年 4 月发布了以下 Office 安全更新和非安全更新。 这些更新旨在帮助我们的客户使计算机保持最新状态。 建议安装适用于你的所有更新。 若要下载更新，请单击以下列表中的相应知识库文章，然后转到本文的"如何下载和安装更新"部分。 2018 年 4 月发布的 Office 更新列表. 2016 Microsoft Office 2016 年 1 月. 2013 Microsoft Office 2013 年 1 月. Office 2010. Office 2007. SharePoint Server 2016.

This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections from an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass (CVE-2018-3639). These protections aren't enabled by default.

注意: 如果是通过以下任一方式获取的 Microsoft 365：Microsoft 工作区折扣计划(以前称为家用许可计划)，则安装 2019、2016 或 2013 版的 Office 专业增强版、Office 标准版或独立应用（如 Word 或 Project）的步骤可能会有所不同：如果你通过公司购买了 Microsoft 365 供个人使用，请参阅通过工作场所折扣计划安装 ...

A remote code execution vulnerability exists in unpatched versions of CredSSP. An attacker who successfully exploits this vulnerability could relay user credentials to execute code on the target system. Any application that depends on CredSSP for authentication may be vulnerable to this type of attack.

Key changes include: Addresses an issue that may cause an error when connecting to a Remote Desktop server. For more information, see CredSSP updates for CVE-2018-0886. Security updates to Windows app platform and frameworks, Windows apps, Windows kernel, Microsoft Graphics Component, HTML help, and Windows storage and filesystems.

Microsoft released the following security and nonsecurity updates for Office in June 2018. These updates are intended to help our customers keep their computers up-to-date. We recommend that you install all updates that apply to you.

This security update includes improvements and fixes that were a part of update KB4284842 (released June 21, 2018) and addresses the following issues: Provides protections for an additional vulnerability involving side-channel speculative execution known as Lazy Floating Point (FP) State Restore ( CVE-2018-3665 ) for 64-Bit (x64) versions of ...

Summary. Microsoft is aware of new variants of the class of attack known as speculative execution side-channel vulnerabilities. The variants are named L1 Terminal Fault (L1TF) and Microarchitectural Data Sampling (MDS).An attacker who can successfully exploit L1TF or MDS may be able to read privileged data across trust boundaries.

Sign in to SharePoint. SharePoint is a browser-based app that you connect to through your web browser, like so: Go to office.com, and sign in to your work or school account. In the upper left corner of the window, select the app launcher > All apps > SharePoint. Tip: If you don't see the SharePoint app under All apps, use the Search box near ...