十二月份资讯安全公告Dec

《十二月份资讯安全公告Dec》由会员分享，可在线阅读，更多相关《十二月份资讯安全公告Dec（37页珍藏版）》请在装配图网上搜索。

1、十二月份资讯安全公告Dec Still waters run deep.流静水深流静水深,人静心深人静心深 Where there is life,there is hope。有生命必有希望。有生命必有希望十二月份資訊安全公告十二月份資訊安全公告Dec 14,2006Dec 14,2006Richard Chen Richard Chen 陳政鋒陳政鋒(Net+,Sec+,MCSE2003+Security,CISSP)(Net+,Sec+,MCSE2003+Security,CISSP)資深技術支援工程師資深技術支援工程師台灣微軟技術支援處台灣微軟技術支援處Questions and Ans

2、wersSubmit text questions using the Submit text questions using the“Ask a Question”button “Ask a Question”button What We Will CoverRecap Nov.releases known issuesRecap Nov.releases known issuesReview Dec.Review Dec.releasesreleasesOther security resourcesOther security resources Prepare for new WSUS

3、SCAN.CAB architecturePrepare for new WSUSSCAN.CAB architecture IE 7 over AU IE 7 over AU Lifecycle InformationLifecycle Information Windows Malicious Software Removal ToolWindows Malicious Software Removal ToolResourcesResourcesQuestions and answersQuestions and answersRecap Nov.Known issues and MS0

4、6-066 NetwareMS06-066 Netware Get offering even no CSNW is installed:Normal proactive Get offering even no CSNW is installed:Normal proactive patchingpatching MS06-067 IE patchMS06-067 IE patch 3rd party AP compatibility issue,see KB9227603rd party AP compatibility issue,see KB922760 MS06-069 Adobe

5、Flash PlayerMS06-069 Adobe Flash Player Re-offering,install the latest Flash Player to solve the issueRe-offering,install the latest Flash Player to solve the issue MS06-070 Workstation serviceMS06-070 Workstation service Worm vulnerability,install the patch immediatelyWorm vulnerability,install the

6、 patch immediately MS06-071 MSXMLMS06-071 MSXML WSUS category/description error,fixing now.WSUS category/description error,fixing now.MSXML4 install failure,see KB927978MSXML4 install failure,see KB927978Dec 2006 Security BulletinsSummaryOn Dec 13:On Dec 13:7 New Security Bulletins7 New Security Bul

7、letins 5 Windows(1 critical,4 important)5 Windows(1 critical,4 important)1 Visual Studio(critical)1 Visual Studio(critical)1 Media Player(critical)1 Media Player(critical)1 re-release MS06-059(critical)1 re-release MS06-059(critical)5 High-priority non-security updates5 High-priority non-security up

8、datesNovember 2006 Security Bulletins OverviewBulletin Bulletin NumberNumberTitle Title Maximum Maximum Severity RatingSeverity RatingProducts AffectedProducts AffectedMS06-072Cumulative Security Update for Internet Explorer(925454)CriticalInternet Explorer 5.01&6MS06-073Vulnerability Visual Studio

9、2005 Could Allow Remote Code Execution(925674)CriticalVisual Studio 2005MS06-074Vulnerability in SNMP Could Allow Remote Code Execution(926247)ImportantWindows 2000,XP,2003MS06-075Vulnerability in Windows Could Allow Elevation of Privilege(926255)ImportantWindows XP,2003MS06-076Cumulative Security U

10、pdate for Outlook Express(923694)ImportantOutlook Express on Windows 2000,XP,2003MS06-077Vulnerability in Remote Installation Service Could Allow Remote Code Execution(926121)ImportantWindows 2000MS06-078Vulnerability in Windows Media Format Could Allow Remote Code Execution(923689)CriticalWindows M

11、edia Format 7.1 9.5 and Windows Media Player 6.4 on Windows 2000,XP,2003December 2006 Security BulletinsSeverity SummaryBulletin Bulletin NumberNumberWindows 2000 SP4 Windows 2000 SP4 Windows XP SP2 Windows XP SP2 Windows Windows Server 2003Server 2003Windows Windows Server 2003 Server 2003 SP1SP1MS

12、06-072MS06-072CriticalCriticalCriticalCriticalModerateModerateCriticalCriticalWindows 2000 SP4 Windows 2000 SP4 Windows XP SP2 Windows XP SP2 Windows Windows Server 2003Server 2003Windows Windows Server 2003 Server 2003 SP1SP1MS06-074MS06-074ImportantImportantImportantImportantImportantImportantImpo

13、rtantImportantMS06-075MS06-075Not AffectedNot AffectedImportantImportantImportantImportantNot AffectedNot AffectedMS06-077MS06-077ImportantImportantNot AffectedNot AffectedNot AffectedNot AffectedNot AffectedNot AffectedVisual Studio 2005Visual Studio 2005MS06-073MS06-073CriticalCriticalWindows Medi

14、a Player Windows Media Player 6.46.4Windows 2000 SP4 Windows 2000 SP4 Windows XP Windows XP SP2 SP2 Windows Windows Server 2003&Server 2003&SP1SP1MS06-078MS06-078CriticalCriticalCriticalCriticalCriticalCriticalCriticalCriticalOutlook Express 5.5Outlook Express 5.5Outlook Express 6Outlook Express 6Wi

15、ndows VistaWindows VistaMS06-076MS06-076ImportantImportantImportantImportantNot AffectedNot AffectedMS06-072:Internet Explorer CriticalTitle&KB Article:Title&KB Article:Cumulative Security Update for Internet Explorer(925454)Cumulative Security Update for Internet Explorer(925454)Affected Software:A

16、ffected Software:IE 5.01 SP4 on Windows 2000 SP4IE 5.01 SP4 on Windows 2000 SP4 IE 6 SP1 on Windows 2000 SP4 IE 6 SP1 on Windows 2000 SP4 IE 6 for Windows XP SP2 IE 6 for Windows XP SP2 IE 6 for Windows Server 2003 RTM and SP1 IE 6 for Windows Server 2003 RTM and SP1 IE 6 for Windows Server 2003 RTM

17、 ia64 and SP1 ia64 IE 6 for Windows Server 2003 RTM ia64 and SP1 ia64 IE 6 for Windows Server 2003 x64 IE 6 for Windows Server 2003 x64 IE 6 for Windows XP Pro x64 IE 6 for Windows XP Pro x64 Replaced Updates:Replaced Updates:MS06-067 and all previous Cumulative Security Updates for Internet Explore

18、r MS06-067 and all previous Cumulative Security Updates for Internet Explorer Vulnerabilities:Vulnerabilities:CVE-2006-5577-TIF Folder Information Disclosure VulnCVE-2006-5577-TIF Folder Information Disclosure Vuln CVE-2006-5578-TIF Folder Information Disclosure VulnCVE-2006-5578-TIF Folder Informat

19、ion Disclosure Vuln CVE-2006-5579-Script Error Handling Memory Corruption Vuln CVE-2006-5579-Script Error Handling Memory Corruption Vuln CVE-2006-5581-DHTML Script Function Memory Corruption VulnCVE-2006-5581-DHTML Script Function Memory Corruption VulnPublicly Disclosed:Publicly Disclosed:NoNoKnow

20、n Exploits:Known Exploits:NoNoMS06-072:Internet Explorer CriticalIssue Summary:Issue Summary:Two“Remote Code Exploit”vulnerabilities and two“Information Disclosure”Two“Remote Code Exploit”vulnerabilities and two“Information Disclosure”vulnerabilities exist in IE that could allow an attacker to run a

21、rbitrary codevulnerabilities exist in IE that could allow an attacker to run arbitrary codeFix Description:Fix Description:The fix modifies the handling of DHTML script function calls and script error The fix modifies the handling of DHTML script function calls and script error exceptions.It also re

22、stricts OBJECT tags from exposing sensitive paths to scripts exceptions.It also restricts OBJECT tags from exposing sensitive paths to scripts and access to cached content in the TIF folderand access to cached content in the TIF folderAttack Vectors:Attack Vectors:Malicious Web PageMalicious Web Pag

23、e Malicious Email Malicious EmailMitigations:Mitigations:A user would have to be persuaded to visit a malicious Web siteA user would have to be persuaded to visit a malicious Web site Exploitation only allows the privilege level of the logged on userExploitation only allows the privilege level of th

24、e logged on user By default,IE on Windows 2003 runs in a restricted mode By default,IE on Windows 2003 runs in a restricted mode Outlook Express 6,Outlook 2002,and Outlook 2003 open HTML e-mail Outlook Express 6,Outlook 2002,and Outlook 2003 open HTML e-mail messages in the Restricted sites zonemess

25、ages in the Restricted sites zone Internet Explorer 7 is not affectedInternet Explorer 7 is not affectedWorkaround:Workaround:Disable“Drag and Drop or copy and paste files”Disable“Drag and Drop or copy and paste files”Disable Active Scripting or set to“Prompt”Disable Active Scripting or set to“Promp

26、t”Set IE security to High for Internet and Intranet zonesSet IE security to High for Internet and Intranet zones Open HTML e-mail messages in the Restricted sites zone,apply update 235309 Open HTML e-mail messages in the Restricted sites zone,apply update 235309 for Outlook 2000for Outlook 2000Resta

27、rt Requirement:Restart Requirement:NONOInstallation and Installation and Removal:Removal:Add/Remove Programs Add/Remove Programs Command line uninstall option Command line uninstall option Scriptable Deployment Scriptable DeploymentMore Information:More Information:http:/ Object Broker-Critical Titl

28、e&KB Article:Title&KB Article:Vulnerability Visual Studio 2005 Could Allow Remote Code Execution(925674)Vulnerability Visual Studio 2005 Could Allow Remote Code Execution(925674)Affected Software:Affected Software:Microsoft Visual Studio 2005 Microsoft Visual Studio 2005Replaced Updates:Replaced Upd

29、ates:NONE NONEVulnerabilities:Vulnerabilities:WMI Object Broker Vulnerability-CVE-2006-4704:WMI Object Broker Vulnerability-CVE-2006-4704:A remote code execution vulnerability exists in the WMI Object Broker control that A remote code execution vulnerability exists in the WMI Object Broker control t

30、hat the WMI Wizard uses in Visual Studio 2005.An attacker could exploit the the WMI Wizard uses in Visual Studio 2005.An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow vulnerability by constructing a specially crafted Web page that

31、could potentially allow remote code execution if a user viewed the Web page.An attacker who successfully remote code execution if a user viewed the Web page.An attacker who successfully exploited this vulnerability could take complete control of an affected system.exploited this vulnerability could

32、take complete control of an affected system.Publicly Disclosed:Publicly Disclosed:YesYesKnown Exploits?:Known Exploits?:Yes.CVE-2006-4704.Yes.CVE-2006-4704.MS06-073:WMI Object Broker-CriticalIssue Summary:Issue Summary:This update resolves a public vulnerability.This update resolves a public vulnera

33、bility.An attacker who has successfully exploited this vulnerability could take complete An attacker who has successfully exploited this vulnerability could take complete control of an affected system.An attacker could then install programs;view,control of an affected system.An attacker could then i

34、nstall programs;view,change,or delete data;or create new accounts with full user rights.change,or delete data;or create new accounts with full user rights.If a user is logged on with administrative user rights,an attacker who has If a user is logged on with administrative user rights,an attacker who

35、 has successfully exploited this vulnerability could take complete control of an affected successfully exploited this vulnerability could take complete control of an affected system.Users whose accounts are configured to have fewer user rights on the system.Users whose accounts are configured to hav

36、e fewer user rights on the system could be less impacted than users who operate with administrative user system could be less impacted than users who operate with administrative user rights.rights.Fix Description:Fix Description:The update removes the vulnerability by modifying the way that the WMI

37、Object The update removes the vulnerability by modifying the way that the WMI Object Broker instantiates other controls.Broker instantiates other controls.Attack Vectors:Attack Vectors:Malicious Web PageMalicious Web Page Emails with Malicious Components Emails with Malicious ComponentsMS06-073:WMI

38、Object Broker-Critical Mitigations:Mitigations:A user would have to be persuaded to visit a malicious Web siteA user would have to be persuaded to visit a malicious Web site This ActiveX control is not in the default allow-list for ActiveX controls in Internet This ActiveX control is not in the defa

39、ult allow-list for ActiveX controls in Internet Explorer 7.Only customers who have explicitly approved this control by using the Explorer 7.Only customers who have explicitly approved this control by using the ActiveX Opt-in Feature are at risk to attempts to exploit this vulnerability.ActiveX Opt-i

40、n Feature are at risk to attempts to exploit this vulnerability.Exploitation only allows the same privileges as the logged on userExploitation only allows the same privileges as the logged on user The Restricted sites zone helps reduce attacks that could try to exploit this The Restricted sites zone

41、 helps reduce attacks that could try to exploit this vulnerability by preventing Active Scripting/ActiveX controls from being used vulnerability by preventing Active Scripting/ActiveX controls from being used when reading HTML e-mail.when reading HTML e-mail.The vulnerability could not be exploited

42、automatically through e-mail.For an The vulnerability could not be exploited automatically through e-mail.For an attack to be successful a user must open an attachment that is sent in an e-mail attack to be successful a user must open an attachment that is sent in an e-mail message or must click on

43、a link within an e-mail.message or must click on a link within an e-mail.By default,Internet Explorer on Windows Server 2003 runs in a restricted mode By default,Internet Explorer on Windows Server 2003 runs in a restricted mode that is known as that is known as Enhanced Security ConfigurationEnhanc

44、ed Security Configuration.Workaround:Workaround:Disable attempts to instantiate the WMI Object Broker control within Internet Disable attempts to instantiate the WMI Object Broker control within Internet Explorer(see Explorer(see Microsoft Knowledge Base Article 240797Microsoft Knowledge Base Articl

45、e 240797.).)Configure Internet Explorer to prompt before running ActiveX Controls or disable Configure Internet Explorer to prompt before running ActiveX Controls or disable ActiveX Controls in the Internet and Local intranet security zoneActiveX Controls in the Internet and Local intranet security

46、zone Set Internet and Local intranet security zone settings to“High”to prompt before Set Internet and Local intranet security zone settings to“High”to prompt before running ActiveX Controls and Active Scripting in these zonesrunning ActiveX Controls and Active Scripting in these zones For Outlook 20

47、00,install Outlook E-mail Security Update so that Outlook 2000 For Outlook 2000,install Outlook E-mail Security Update so that Outlook 2000 opens HTML e-mail messages in the Restricted sites zone.opens HTML e-mail messages in the Restricted sites zone.For Outlook Express 5.5 Service Pack 2,install M

48、icrosoft Security Bulletin For Outlook Express 5.5 Service Pack 2,install Microsoft Security Bulletin MS04-MS04-018018 so that Outlook Express 5.5 opens HTML e-mail messages in the Restricted so that Outlook Express 5.5 opens HTML e-mail messages in the Restricted sites zone.sites zone.MS06-073:WMI

49、Object Broker-Critical Restart Requirement:Restart Requirement:This update does not require a restart unless the required services cannot be This update does not require a restart unless the required services cannot be stopped by the installer.stopped by the installer.Installation and Installation a

50、nd Removal:Removal:Add/Remove Programs Add/Remove Programs Command line install/uninstall option Command line install/uninstall option Scriptable Deployment Scriptable DeploymentMore Information:More Information:http:/ Article:Title&KB Article:Vulnerability in SNMP Could Allow Remote Code Execution(

51、926247)Vulnerability in SNMP Could Allow Remote Code Execution(926247)Affected Software:Affected Software:Windows 2000 SP 4 Windows 2000 SP 4 Windows XP SP 2 Windows XP SP 2 Windows XP Pro x64 Windows XP Pro x64 Windows Server 2003 Windows Server 2003 Windows Server 2003&Windows Server 2003 SP1 Wind

52、ows Server 2003&Windows Server 2003 SP1 Windows Server 2003 ia64&Windows Server 2003 SP1 ia64 Windows Server 2003 ia64&Windows Server 2003 SP1 ia64 Windows Server 2003 x64 Windows Server 2003 x64Replaced Updates:Replaced Updates:None NoneVulnerabilities:Vulnerabilities:CVE-2006-5583 CVE-2006-5583Pub

53、licly Disclosed:Publicly Disclosed:NoNoKnown Exploits?:Known Exploits?:NoNoMS06-074:SNMP-ImportantIssue Summary:Issue Summary:A remote code execution vulnerability exists in SNMP Service that could allow an A remote code execution vulnerability exists in SNMP Service that could allow an attacker who

54、 successfully exploited this vulnerability to take complete control of the attacker who successfully exploited this vulnerability to take complete control of the affected system.affected system.Fix Description:Fix Description:The update removes the vulnerability by modifying the way that SNMP Servic

55、e The update removes the vulnerability by modifying the way that SNMP Service validates the length of a message before it passes the message to the allocated validates the length of a message before it passes the message to the allocated buffer.buffer.Attack Vectors:Attack Vectors:Malicious packet t

56、ransmission over the networkMalicious packet transmission over the networkMitigations:Mitigations:SNMP service is not installed by defaultSNMP service is not installed by default.For customers who require the affected component,firewall best practices and For customers who require the affected compo

57、nent,firewall best practices and standard default firewall configurations can help protect networks from attacks that standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.originate outside the enterprise perimeter.Workaround:

58、Workaround:Restrict the IP addresses that are allowed to manage the computer.Restrict the IP addresses that are allowed to manage the computer.Block UDP port 161 at the firewallBlock UDP port 161 at the firewall.To help protect from network-based attempts to exploit this vulnerability,use a To help

59、protect from network-based attempts to exploit this vulnerability,use a personal firewall,such as the Windows Firewall,which is included with Windows XP.personal firewall,such as the Windows Firewall,which is included with Windows XP.Restart Requirement:Restart Requirement:YesYesInstallation and Ins

60、tallation and Removal:Removal:Add/Remove Programs Add/Remove Programs Command line uninstall option Command line uninstall option Scriptable Deployment Scriptable DeploymentMore Information:More Information:http:/ Manifest-Important Title&KB Article:Title&KB Article:Vulnerability in Windows Could Al

61、low Elevation of Privilege(926255)Vulnerability in Windows Could Allow Elevation of Privilege(926255)Affected Software:Affected Software:Windows XP SP 2Windows XP SP 2 Windows Server 2003 Windows Server 2003 Windows Server 2003 ia64 Windows Server 2003 ia64Replaced Updates:Replaced Updates:NoneNoneV

62、ulnerabilities:Vulnerabilities:File Manifest Corruption Vulnerability-CVE-2006-5585File Manifest Corruption Vulnerability-CVE-2006-5585Publicly Disclosed:Publicly Disclosed:NoNoKnown Exploits?:Known Exploits?:NoNoMS06-075:File Manifest-Important Issue Summary:Issue Summary:A A privilege elevationpri

63、vilege elevation vulnerability exists in the way that Microsoft Windows starts vulnerability exists in the way that Microsoft Windows starts applications with specially crafted file manifests.This vulnerability could allow a applications with specially crafted file manifests.This vulnerability could

64、 allow a logged on user to take complete control of the system.logged on user to take complete control of the system.Fix Description:Fix Description:The update removes the vulnerability by modifying the way that Client Server Run-The update removes the vulnerability by modifying the way that Client

65、Server Run-time Subsystem validates embedded file manifests before it passes data to the time Subsystem validates embedded file manifests before it passes data to the allocated buffer.This security update corrects an integer overflow in sxs.dll.allocated buffer.This security update corrects an integ

66、er overflow in sxs.dll.Any application that uses side-by-side assemblies with Requested Privileges section Any application that uses side-by-side assemblies with Requested Privileges section may BSOD the machine.Compctl32.dll and GDIplus.dll are two side-by-side may BSOD the machine.Compctl32.dll and GDIplus.dll are two side-by-side assemblies commonly used by Microsoft.In the worst case a local authenticated user assemblies commonly used by Microsoft.In the worst case a local authenticated user