MS16-094:安全启动安全更新说明:2016 年 7 月 12 日

概要
此安全更新修复了 Microsoft Windows 的一个漏洞。如果攻击者在目标设备上安装受影响的策略,该漏洞允许绕过安全启动安全功能。若要安装策略并绕过安全启动,攻击者必须具有管理权限或物理访问权限。

若要详细了解此类漏洞,请参阅 Microsoft 安全公告 MS16-094
更多信息
重要提示

  • 今后所有适用于 Windows RT 8.1、Windows 8.1 和 Windows Server 2012 R2 的安全更新和非安全更新均要求安装更新 2919355。我们建议在基于 Windows RT 8.1、Windows 8.1 或 Windows Server 2012 R2 的计算机上安装更新 2919355,以便今后持续接收更新。
  • 如果在安装此更新程序后安装语言包,则必须重新安装此更新程序。因此,我们建议先安装所需的全部语言包,然后再安装此更新程序。有关详细信息,请参阅将语言包添加到 Windows
如何获取和安装此更新程序

方法 1:Windows Update

可以通过 Windows Update 获取此更新。在你开启自动更新后,系统会自动下载并安装此更新程序。有关如何开启自动更新的详细信息,请参阅自动获取安全更新

注意 对于 Windows RT 8.1,此更新程序仅通过 Windows 更新提供。

方法 2:Microsoft 下载中心

可以通过 Microsoft 下载中心获取独立的更新程序包。若要安装此更新程序,请按照下载页上的安装说明操作。

单击 Microsoft 安全公告 MS16-094 中与您运行的 Windows 版本相对应的下载链接。
更多信息

如何获取此安全更新程序的相关帮助和支持

帮助安装更新程序:Microsoft Update 支持

IT 专业人员安全解决方案:TechNet 安全疑难解答与支持

帮助保护您基于 Windows 的计算机不受病毒和恶意软件的侵害:病毒解决方案和安全中心

基于国家/地区的本地支持:国际支持
文件信息

文件哈希信息

File namePackage hash SHA1Package hash SHA2
Windows8.1-KB3172727-x86.msu9B3A9404F262B22ADA0434E5432CDDDCCA344E91BFC8B9D4B8298D691931E4EA2C876D0B394DFDE0A781CC4EAE2392A44318C747
Windows8.1-KB3172727-x64.msu881DFB1EE768A4DFCAAA6DFE67A9A59072577349BC424D3016EB7DE18D9F96717BBCB91F260E64938AAB5D36893CEC15268C0031
Windows8-RT-KB3172727-x64.msuB2BBDE1BCBCAE514A5149618B8AA401A3022FBB36AA77FE04F7EC823AB0EB16079E06936FFB713FCB0C2205F4C5287BDEC1BC1AD

文件信息

此软件更新的英语(美国)版本将安装具有下表所列属性的文件。

Windows 8.1 和 Windows Server 2012 R2 文件信息

注意

  • 通过检查在下表中显示的文件版本号,可以识别应用于特定产品、里程碑(RTM、SPn)和服务分支(LDR、GDR)的文件:
    版本产品里程碑服务分支
    6.3.960 0.16xxxWindows RT 8.1、Windows 8.1 和 Windows Server 2012 R2RTMGDR
    6.3.960 0.17xxxWindows RT 8.1、Windows 8.1 和 Windows Server 2012 R2RTMGDR
    6.3.960 0.18xxxWindows RT 8.1、Windows 8.1 和 Windows Server 2012 R2RTMGDR
  • GDR 服务分支仅包含那些广泛发布以解决广泛分布的关键问题的修补程序。除广泛发布的修补程序以外,LDR 服务分支还包含其他修补程序。
  • 已安装的 MANIFEST 文件 (.manifest) 和 MUM 文件 (.mum) 没有列出。
对于所有受支持的基于 x86 的版本
File nameFile versionFile sizeDateTimePlatform
Boot.stlNot applicable4,66924-Jun-201613:35Not applicable
Ci.dll6.3.9600.17550485,54408-Dec-201419:46x86
Driver.stlNot applicable4,53824-Jun-201613:35Not applicable
对于所有受支持的基于 x64 版本
File nameFile versionFile sizeDateTimePlatform
Boot.stlNot applicable4,66924-Jun-201613:46Not applicable
Ci.dll6.3.9600.17550531,61608-Dec-201419:42x64
Driver.stlNot applicable4,65224-Jun-201613:46Not applicable

Windows Server 2012 文件信息

注意
  • 通过检查在下表中显示的文件版本号,可以识别应用于特定产品、里程碑(RTM、SPn)和服务分支(LDR、GDR)的文件:
    版本 产品 里程碑 服务分支
    6.2.920 0.17xxxWindows 8、Windows RT 或 Windows Server 2012RTMGDR
    6.2.920 0.21xxxWindows 8、Windows RT 或 Windows Server 2012RTMLDR
  • GDR 服务分支仅包含那些广泛发布以解决广泛分布的关键问题的修补程序。除广泛发布的修补程序以外,LDR 服务分支还包含其他修补程序。
  • 已安装的 MANIFEST 文件 (.manifest) 和 MUM 文件 (.mum) 没有列出。
对于所有受支持的基于 x64 版本
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Winload.efi6.2.9200.216381,405,40822-Sep-201521:46Not applicableNoneNot applicable
Winload.exe6.2.9200.216381,273,18422-Sep-201521:46x64NoneNot applicable
Winresume.efi6.2.9200.207261,217,35225-May-201300:17Not applicableNoneNot applicable
Winresume.exe6.2.9200.207261,093,90425-May-201300:17x64NoneNot applicable
Boot.stlNot applicable4,62924-Jun-201613:10Not applicableNoneNot applicable
Ci.dll6.2.9200.20679503,08004-Apr-201322:04x64NoneNot applicable
Driver.stlNot applicable4,36724-Jun-201613:10Not applicableNoneNot applicable
Ksecdd.sys6.2.9200.21473100,18402-May-201506:23x64NoneNot applicable
Lsass.exe6.2.9200.2052135,84020-Sep-201206:33x64NoneNot applicable
Sspicli.dll6.2.9200.21703164,35217-Nov-201508:00x64NoneNot applicable
Sspisrv.dll6.2.9200.2052127,64820-Sep-201206:32x64NoneNot applicable
Cng.sys6.2.9200.21637566,07222-Sep-201513:43x64NoneNot applicable
Ksecpkg.sys6.2.9200.21858171,36010-May-201619:18x64NoneNot applicable
Lsasrv.dll6.2.9200.218301,280,00009-Apr-201616:01x64NoneNot applicable
Adtschema.dll6.2.9200.21289719,36010-Nov-201404:43x64NoneNot applicable
Msaudite.dll6.2.9200.21269146,94411-Oct-201405:38x64NoneNot applicable
Msobjs.dll6.2.9200.1638461,95226-Jul-201202:36x64NoneNot applicable
Ocspsvcctrs.iniNot applicable2,96026-Jul-201205:07Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,13426-Jul-201208:00Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,91826-Jul-201204:43Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,21026-Jul-201207:59Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,09826-Jul-201208:00Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,02826-Jul-201207:59Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,14026-Jul-201205:21Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,64226-Jul-201208:11Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,57626-Jul-201205:20Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,02626-Jul-201207:36Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,02826-Jul-201207:48Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,18826-Jul-201205:30Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,12626-Jul-201205:08Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,06426-Jul-201207:49Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,09226-Jul-201207:52Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,82826-Jul-201205:12Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,46426-Jul-201208:05Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,48026-Jul-201205:13Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,46026-Jul-201208:11Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvc.exe6.2.9200.21345272,38415-Jan-201505:27x64SPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.hNot applicable1,56902-Jun-201214:34Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,91802-Jun-201214:34Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ntoskrnl.exe6.2.9200.219146,937,95201-Jul-201616:27x64NoneNot applicable
Credssp.dll6.2.9200.2170320,48017-Nov-201507:59x64SP_AMD64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.dll6.2.9200.2170394,72017-Nov-201508:01x64SP_AMD64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.mofNot applicable96402-Jun-201214:33Not applicableSP_AMD64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Wdigest.dll6.2.9200.21858208,89610-May-201617:07x64NoneNot applicable
Kerberos.dll6.2.9200.21830829,95209-Apr-201616:01x64NoneNot applicable
Msv1_0.dll6.2.9200.21830317,95209-Apr-201616:01x64NoneNot applicable
Shcore.dll6.2.9200.21703590,84817-Nov-201508:00x64NoneNot applicable
Mrxsmb10.sys6.2.9200.21529281,60025-Jun-201518:52x64NoneNot applicable
Mrxsmb20.sys6.2.9200.21548205,31211-Jul-201517:07x64NoneNot applicable
Mrxsmb.sys6.2.9200.21342396,80006-Jan-201523:17x64NoneNot applicable
Lsm.dll6.2.9200.21703439,80817-Nov-201508:00x64NoneNot applicable
Workerdd.dll6.2.9200.2101214,84812-Apr-201406:58x64NoneNot applicable
Usercpl.dll6.2.9200.217031,043,96817-Nov-201508:01x64NoneNot applicable
Usercpl.ptxmlNot applicable78911-Oct-201200:40Not applicableNoneNot applicable
Winlogon.exe6.2.9200.21703578,04817-Nov-201508:01x64NoneNot applicable
Sspicli.dll6.2.9200.2098499,84010-Mar-201401:34x86NoneNot applicable
Wdigest.dll6.2.9200.21858176,64010-May-201617:55x86NoneNot applicable
Kerberos.dll6.2.9200.21830666,11209-Apr-201616:48x86NoneNot applicable
Msv1_0.dll6.2.9200.21830274,94409-Apr-201616:48x86NoneNot applicable
Adtschema.dll6.2.9200.21289719,36010-Nov-201403:40x86NoneNot applicable
Msaudite.dll6.2.9200.21269146,94411-Oct-201404:35x86NoneNot applicable
Msobjs.dll6.2.9200.1638461,95226-Jul-201202:47x86NoneNot applicable
Credssp.dll6.2.9200.2170317,40817-Nov-201508:08x86SP_X86_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.dll6.2.9200.2170376,80017-Nov-201508:09x86SP_X86_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.mofNot applicable96402-Jun-201214:33Not applicableSP_X86_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Shcore.dll6.2.9200.21703460,80017-Nov-201508:09x86NoneNot applicable
Usercpl.dll6.2.9200.21703961,53617-Nov-201508:09x86NoneNot applicable
Usercpl.ptxmlNot applicable78911-Oct-201200:42Not applicableNoneNot applicable
malicious attacker exploit
属性

文章 ID:3172727 - 上次审阅时间:07/15/2016 14:13:00 - 修订版本: 3.0

  • atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability KB3172727
反馈