《十二月份资讯安全公告Dec14》由会员分享,可在线阅读,更多相关《十二月份资讯安全公告Dec14(37页珍藏版)》请在金锄头文库上搜索。
1、十二月份資訊安全公告十二月份資訊安全公告Dec 14, 2006Dec 14, 2006Richard Chen Richard Chen 陳政鋒陳政鋒(Net+, Sec+, MCSE2003+Security, CISSP)(Net+, Sec+, MCSE2003+Security, CISSP)資深技術支援工程師資深技術支援工程師台灣微軟技術支援處台灣微軟技術支援處Questions and AnswersSubmit text questions using the Submit text questions using the “Ask a Question” button “As
2、k a Question” button What We Will CoverRecap Nov. releases known issuesRecap Nov. releases known issuesReview Dec.Review Dec. releasesreleasesOther security resourcesOther security resources Prepare for new WSUSSCAN.CAB architecturePrepare for new WSUSSCAN.CAB architecture IE 7 over AU IE 7 over AU
3、Lifecycle InformationLifecycle Information Windows Malicious Software Removal ToolWindows Malicious Software Removal ToolResourcesResourcesQuestions and answersQuestions and answersRecap Nov. Known issues and MS06-066 NetwareMS06-066 Netware Get offering even no Get offering even no CSNWCSNW is inst
4、alled: Normal proactive is installed: Normal proactive patchingpatching MS06-067 IE patchMS06-067 IE patch 3rd party AP compatibility issue, see KB9227603rd party AP compatibility issue, see KB922760 MS06-069 Adobe Flash PlayerMS06-069 Adobe Flash Player Re-offering, install the latest Flash Player
5、to solve the issueRe-offering, install the latest Flash Player to solve the issue MS06-070 Workstation serviceMS06-070 Workstation service Worm vulnerability, install the patch immediatelyWorm vulnerability, install the patch immediately MS06-071 MSXMLMS06-071 MSXML WSUS category/description error,
6、fixing now.WSUS category/description error, fixing now. MSXML4 install failure, see KB927978MSXML4 install failure, see KB927978Dec 2006 Security BulletinsSummaryOn Dec 13:On Dec 13: 7 New Security Bulletins7 New Security Bulletins 5 Windows (1 critical, 4 important)5 Windows (1 critical, 4 importan
7、t) 1 Visual Studio (critical)1 Visual Studio (critical) 1 Media Player (critical)1 Media Player (critical) 1 re-release MS06-059 (critical)1 re-release MS06-059 (critical) 5 High-priority non-security updates5 High-priority non-security updatesNovember 2006 Security Bulletins OverviewBulletin Bullet
8、in NumberNumberTitle Title Maximum Maximum Severity RatingSeverity RatingProducts AffectedProducts AffectedMS06-072Cumulative Security Update for Internet Explorer (925454)CriticalInternet Explorer 5.01 & 6MS06-073Vulnerability Visual Studio 2005 Could Allow Remote Code Execution (925674)CriticalVis
9、ual Studio 2005MS06-074Vulnerability in SNMP Could Allow Remote Code Execution (926247)ImportantWindows 2000, XP, 2003MS06-075Vulnerability in Windows Could Allow Elevation of Privilege (926255)ImportantWindows XP, 2003MS06-076Cumulative Security Update for Outlook Express (923694)ImportantOutlook E
10、xpress on Windows 2000, XP, 2003MS06-077Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)ImportantWindows 2000MS06-078Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)CriticalWindows Media Format 7.1 9.5 and Windows Media Player 6.
11、4 on Windows 2000, XP, 2003December 2006 Security BulletinsSeverity SummaryBulletin Bulletin NumberNumberWindows 2000 SP4 Windows 2000 SP4 Windows XP SP2 Windows XP SP2 Windows Windows Server 2003Server 2003Windows Windows Server 2003 Server 2003 SP1SP1MS06-072MS06-072CriticalCriticalCriticalCritica
12、lModerateModerateCriticalCriticalWindows 2000 SP4 Windows 2000 SP4 Windows XP SP2 Windows XP SP2 Windows Windows Server 2003Server 2003Windows Windows Server 2003 Server 2003 SP1SP1MS06-074MS06-074ImportantImportantImportantImportantImportantImportantImportantImportantMS06-075MS06-075Not AffectedNot
13、 AffectedImportantImportantImportantImportantNot AffectedNot AffectedMS06-077MS06-077ImportantImportantNot AffectedNot AffectedNot AffectedNot AffectedNot AffectedNot AffectedVisual Studio 2005Visual Studio 2005MS06-073MS06-073CriticalCriticalWindows Media Player Windows Media Player 6.46.4Windows 2
14、000 SP4 Windows 2000 SP4 Windows XP Windows XP SP2 SP2 Windows Windows Server 2003 & Server 2003 & SP1SP1MS06-078MS06-078CriticalCriticalCriticalCriticalCriticalCriticalCriticalCriticalOutlook Express 5.5Outlook Express 5.5Outlook Express 6Outlook Express 6Windows VistaWindows VistaMS06-076MS06-076I
15、mportantImportantImportantImportantNot AffectedNot AffectedMS06-072: Internet Explorer CriticalTitle & KB Article:Title & KB Article:Cumulative Security Update for Internet Explorer (925454)Cumulative Security Update for Internet Explorer (925454)Affected Software:Affected Software: IE 5.01 SP4 on W
16、indows 2000 SP4IE 5.01 SP4 on Windows 2000 SP4 IE 6 SP1 on Windows 2000 SP4 IE 6 SP1 on Windows 2000 SP4 IE 6 for Windows XP SP2 IE 6 for Windows XP SP2 IE 6 for Windows Server 2003 RTM and SP1 IE 6 for Windows Server 2003 RTM and SP1 IE 6 for Windows Server 2003 RTM ia64 and SP1 ia64 IE 6 for Windo
17、ws Server 2003 RTM ia64 and SP1 ia64 IE 6 for Windows Server 2003 x64 IE 6 for Windows Server 2003 x64 IE 6 for Windows XP Pro x64 IE 6 for Windows XP Pro x64 Replaced Updates:Replaced Updates: MS06-067 and all previous Cumulative Security Updates for Internet Explorer MS06-067 and all previous Cumu
18、lative Security Updates for Internet Explorer Vulnerabilities:Vulnerabilities: CVE-2006-5577 - TIF Folder Information Disclosure CVE-2006-5577 - TIF Folder Information Disclosure VulnVuln CVE-2006-5578 - TIF Folder Information Disclosure CVE-2006-5578 - TIF Folder Information Disclosure VulnVuln CVE
19、-2006-5579 - Script Error Handling Memory Corruption CVE-2006-5579 - Script Error Handling Memory Corruption VulnVuln CVE-2006-5581 - DHTML Script Function Memory Corruption CVE-2006-5581 - DHTML Script Function Memory Corruption VulnVulnPublicly Disclosed:Publicly Disclosed:NoNoKnown Exploits:Known
20、 Exploits:NoNoMS06-072: Internet Explorer CriticalIssue Summary:Issue Summary:Two “Remote Code Exploit” vulnerabilities and two “Information Disclosure” Two “Remote Code Exploit” vulnerabilities and two “Information Disclosure” vulnerabilities exist in IE that could allow an attacker to run arbitrar
21、y codevulnerabilities exist in IE that could allow an attacker to run arbitrary codeFix Description:Fix Description:The fix modifies the handling of DHTML script function calls and script error The fix modifies the handling of DHTML script function calls and script error exceptions. It also restrict
22、s OBJECT tags from exposing sensitive paths to scripts exceptions. It also restricts OBJECT tags from exposing sensitive paths to scripts and access to cached content in the TIF folderand access to cached content in the TIF folderAttack Vectors:Attack Vectors: Malicious Web PageMalicious Web Page Ma
23、licious Email Malicious EmailMitigations:Mitigations: A user would have to be persuaded to visit a malicious Web siteA user would have to be persuaded to visit a malicious Web site Exploitation only allows the privilege level of the logged on userExploitation only allows the privilege level of the l
24、ogged on user By default, IE on Windows 2003 runs in a restricted mode By default, IE on Windows 2003 runs in a restricted mode Outlook Express 6, Outlook 2002, and Outlook 2003 open HTML e-mail Outlook Express 6, Outlook 2002, and Outlook 2003 open HTML e-mail messages in the Restricted sites zonem
25、essages in the Restricted sites zone Internet Explorer 7 is not affectedInternet Explorer 7 is not affectedWorkaround:Workaround: Disable “Drag and Drop or copy and paste files” Disable “Drag and Drop or copy and paste files” Disable Active Scripting or set to “Prompt”Disable Active Scripting or set
26、 to “Prompt” Set IE security to High for Internet and Intranet zonesSet IE security to High for Internet and Intranet zones Open HTML e-mail messages in the Restricted sites zone, apply update 235309 Open HTML e-mail messages in the Restricted sites zone, apply update 235309 for Outlook 2000for Outl
27、ook 2000Restart Requirement:Restart Requirement:NONOInstallation and Installation and Removal:Removal: Add/Remove Programs Add/Remove Programs Command line uninstall option Command line uninstall option Scriptable Deployment Scriptable DeploymentMore Information:More Information:http:/ WMI Object Br
28、oker- Critical Title & KB Article:Title & KB Article:Vulnerability Visual Studio 2005 Could Allow Remote Code Execution (925674)Vulnerability Visual Studio 2005 Could Allow Remote Code Execution (925674)Affected Software:Affected Software: Microsoft Visual Studio 2005 Microsoft Visual Studio 2005Rep
29、laced Updates:Replaced Updates: NONE NONEVulnerabilities:Vulnerabilities:WMI Object Broker Vulnerability - CVE-2006-4704:WMI Object Broker Vulnerability - CVE-2006-4704:A remote code execution vulnerability exists in the WMI Object Broker control that A remote code execution vulnerability exists in
30、the WMI Object Broker control that the WMI Wizard uses in Visual Studio 2005. An attacker could exploit the the WMI Wizard uses in Visual Studio 2005. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow vulnerability by constructing a
31、 specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
32、exploited this vulnerability could take complete control of an affected system.Publicly Disclosed:Publicly Disclosed:YesYesKnown Exploits?:Known Exploits?:Yes. CVE-2006-4704.Yes. CVE-2006-4704.MS06-073: WMI Object Broker- CriticalIssue Summary:Issue Summary:This update resolves a public vulnerabilit
33、y. This update resolves a public vulnerability. An attacker who has successfully exploited this vulnerability could take complete An attacker who has successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, control of
34、 an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.change, or delete data; or create new accounts with full user rights.If a user is logged on with administrative user rights, an attacker who has If a user is logge
35、d on with administrative user rights, an attacker who has successfully exploited this vulnerability could take complete control of an affected successfully exploited this vulnerability could take complete control of an affected system. Users whose accounts are configured to have fewer user rights on
36、 the system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user system could be less impacted than users who operate with administrative user rights. rights. Fix Description:Fix Description:The update rem
37、oves the vulnerability by modifying the way that the WMI Object The update removes the vulnerability by modifying the way that the WMI Object Broker instantiates other controls.Broker instantiates other controls.Attack Vectors:Attack Vectors: Malicious Web PageMalicious Web Page Emails with Maliciou
38、s Components Emails with Malicious ComponentsMS06-073: WMI Object Broker- Critical Mitigations:Mitigations: A user would have to be persuaded to visit a malicious Web siteA user would have to be persuaded to visit a malicious Web site This ActiveX control is not in the default allow-list for ActiveX
39、 controls in Internet This ActiveX control is not in the default allow-list for ActiveX controls in Internet Explorer 7. Only customers who have explicitly approved this control by using the Explorer 7. Only customers who have explicitly approved this control by using the ActiveX Opt-in Feature are
40、at risk to attempts to exploit this vulnerability.ActiveX Opt-in Feature are at risk to attempts to exploit this vulnerability. Exploitation only allows the same privileges as the logged on userExploitation only allows the same privileges as the logged on user The Restricted sites zone helps reduce
41、attacks that could try to exploit this The Restricted sites zone helps reduce attacks that could try to exploit this vulnerability by preventing Active Scripting/ActiveX controls from being used vulnerability by preventing Active Scripting/ActiveX controls from being used when reading HTML e-mail. w
42、hen reading HTML e-mail. The vulnerability could not be exploited automatically through e-mail. For an The vulnerability could not be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail attack to be successful a user must op
43、en an attachment that is sent in an e-mail message or must click on a link within an e-mail.message or must click on a link within an e-mail. By default, Internet Explorer on Windows Server 2003 runs in a restricted mode By default, Internet Explorer on Windows Server 2003 runs in a restricted mode
44、that is known as that is known as Enhanced Security ConfigurationEnhanced Security Configuration. .Workaround:Workaround: Disable attempts to instantiate the WMI Object Broker control within Internet Disable attempts to instantiate the WMI Object Broker control within Internet Explorer (see Explorer
45、 (see Microsoft Knowledge Base Article 240797Microsoft Knowledge Base Article 240797.) .) Configure Internet Explorer to prompt before running ActiveX Controls or disable Configure Internet Explorer to prompt before running ActiveX Controls or disable ActiveX Controls in the Internet and Local intra
46、net security zoneActiveX Controls in the Internet and Local intranet security zone Set Internet and Local intranet security zone settings to “High” to prompt before Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX Controls and Active Scripting in thes
47、e zonesrunning ActiveX Controls and Active Scripting in these zones For Outlook 2000, install Outlook E-mail Security Update so that Outlook 2000 For Outlook 2000, install Outlook E-mail Security Update so that Outlook 2000 opens HTML e-mail messages in the Restricted sites zone.opens HTML e-mail me
48、ssages in the Restricted sites zone. For Outlook Express 5.5 Service Pack 2, install Microsoft Security Bulletin For Outlook Express 5.5 Service Pack 2, install Microsoft Security Bulletin MS04-MS04-018018 so that Outlook Express 5.5 opens HTML e-mail messages in the Restricted so that Outlook Expre
49、ss 5.5 opens HTML e-mail messages in the Restricted sites zone.sites zone.MS06-073: WMI Object Broker- Critical Restart Requirement:Restart Requirement:This update does not require a restart unless the required services cannot be This update does not require a restart unless the required services ca
50、nnot be stopped by the installer.stopped by the installer.Installation and Installation and Removal:Removal: Add/Remove Programs Add/Remove Programs Command line install/uninstall option Command line install/uninstall option Scriptable Deployment Scriptable DeploymentMore Information:More Informatio
51、n:http:/ SNMP - ImportantTitle & KB Article:Title & KB Article:Vulnerability in SNMP Could Allow Remote Code Execution (926247)Vulnerability in SNMP Could Allow Remote Code Execution (926247)Affected Software:Affected Software: Windows 2000 SP 4 Windows 2000 SP 4 Windows XP SP 2 Windows XP SP 2 Wind
52、ows XP Pro x64 Windows XP Pro x64 Windows Server 2003 Windows Server 2003 Windows Server 2003 & Windows Server 2003 SP1 Windows Server 2003 & Windows Server 2003 SP1 Windows Server 2003 ia64 & Windows Server 2003 SP1 ia64 Windows Server 2003 ia64 & Windows Server 2003 SP1 ia64 Windows Server 2003 x6
53、4 Windows Server 2003 x64Replaced Updates:Replaced Updates: None NoneVulnerabilities:Vulnerabilities: CVE-2006-5583 CVE-2006-5583Publicly Disclosed:Publicly Disclosed:NoNoKnown Exploits?:Known Exploits?:NoNoMS06-074: SNMP - ImportantIssue Summary:Issue Summary:A remote code execution vulnerability e
54、xists in SNMP Service that could allow an A remote code execution vulnerability exists in SNMP Service that could allow an attacker who successfully exploited this vulnerability to take complete control of the attacker who successfully exploited this vulnerability to take complete control of the aff
55、ected system.affected system.Fix Description:Fix Description:The update removes the vulnerability by modifying the way that SNMP Service The update removes the vulnerability by modifying the way that SNMP Service validates the length of a message before it passes the message to the allocated validat
56、es the length of a message before it passes the message to the allocated buffer.buffer.Attack Vectors:Attack Vectors: Malicious packet transmission over the networkMalicious packet transmission over the networkMitigations:Mitigations: SNMP service is not installed by defaultSNMP service is not insta
57、lled by default. . For customers who require the affected component, firewall best practices and For customers who require the affected component, firewall best practices and standard default firewall configurations can help protect networks from attacks that standard default firewall configurations
58、 can help protect networks from attacks that originate outside the enterprise perimeter. originate outside the enterprise perimeter. Workaround:Workaround: Restrict the IP addresses that are allowed to manage the computer. Restrict the IP addresses that are allowed to manage the computer. Block UDP
59、port 161 at the firewallBlock UDP port 161 at the firewall. . To help protect from network-based attempts to exploit this vulnerability, use a To help protect from network-based attempts to exploit this vulnerability, use a personal firewall, such as the Windows Firewall, which is included with Wind
60、ows XP.personal firewall, such as the Windows Firewall, which is included with Windows XP.Restart Requirement:Restart Requirement:YesYesInstallation and Installation and Removal:Removal: Add/Remove Programs Add/Remove Programs Command line uninstall option Command line uninstall option Scriptable De
61、ployment Scriptable DeploymentMore Information:More Information:http:/ File Manifest - Important Title & KB Article:Title & KB Article:Vulnerability in Windows Could Allow Elevation of Privilege (926255)Vulnerability in Windows Could Allow Elevation of Privilege (926255)Affected Software:Affected So
62、ftware: Windows XP SP 2Windows XP SP 2 Windows Server 2003 Windows Server 2003 Windows Server 2003 ia64 Windows Server 2003 ia64Replaced Updates:Replaced Updates: NoneNoneVulnerabilities:Vulnerabilities: File Manifest Corruption Vulnerability - CVE-2006-5585File Manifest Corruption Vulnerability - C
63、VE-2006-5585Publicly Disclosed:Publicly Disclosed:NoNoKnown Exploits?:Known Exploits?:NoNoMS06-075: File Manifest - Important Issue Summary:Issue Summary:A A privilege elevationprivilege elevation vulnerability exists in the way that Microsoft Windows starts vulnerability exists in the way that Micr
64、osoft Windows starts applications with specially crafted file manifests. This vulnerability could allow a applications with specially crafted file manifests. This vulnerability could allow a logged on user to take complete control of the system.logged on user to take complete control of the system.F
65、ix Description:Fix Description:The update removes the vulnerability by modifying the way that Client Server Run-The update removes the vulnerability by modifying the way that Client Server Run-time Subsystem validates embedded file manifests before it passes data to the time Subsystem validates embe
66、dded file manifests before it passes data to the allocated buffer. This security update corrects an integer overflow in allocated buffer. This security update corrects an integer overflow in sxs.dllsxs.dll. .Any application that uses side-by-side assemblies with Requested Privileges section Any appl
67、ication that uses side-by-side assemblies with Requested Privileges section may BSOD the machine. Compctl32.dll and may BSOD the machine. Compctl32.dll and GDIplus.dllGDIplus.dll are two side-by-side are two side-by-side assemblies commonly used by Microsoft. In the worst case a local authenticated
68、user assemblies commonly used by Microsoft. In the worst case a local authenticated user can run execute code before the machine BSOD; therefore local can run execute code before the machine BSOD; therefore local EoPEoP (from local to (from local to system is possible).system is possible).Attack Vec
69、tors:Attack Vectors: Logged on user Logged on userMitigations:Mitigations: An attacker must have valid logon credentials and be able to log on locally to exploit An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.this vulnerability. The vulnerab
70、ility could not be exploited remotely or by anonymous users. The vulnerability could not be exploited remotely or by anonymous users.Workaround:Workaround: None NoneRestart Requirement:Restart Requirement: Yes YesInstallation and Installation and Removal:Removal: Add/Remove Programs Add/Remove Progr
71、ams Command line uninstall option Command line uninstall option Scriptable Deployment Scriptable DeploymentMore Information:More Information:http:/ Outlook Express- ImportantTitle & KB Article:Title & KB Article:Cumulative Security Update for Outlook Express (923694)Cumulative Security Update for Ou
72、tlook Express (923694)Affected Software:Affected Software:Win2K SP4Win2K SP4WinXP SP2 , x64 EditionWinXP SP2 , x64 EditionWin2K3 and Win2K3 SP1, 2K3 Itanium & Sp1 for Itanium, Win2K3 x64Win2K3 and Win2K3 SP1, 2K3 Itanium & Sp1 for Itanium, Win2K3 x64OE 5.5 SP2 on Win2K SP4 OE 5.5 SP2 on Win2K SP4 OE
73、 6 SP1 on WinXP SP2OE 6 SP1 on WinXP SP2OE 6 on WinXP SP2 , x64 Edition OE 6 on WinXP SP2 , x64 Edition OE 6 on Win2K3 and Win2K3 SP1, x64 Edition , Itanium & Itanium SP1 OE 6 on Win2K3 and Win2K3 SP1, x64 Edition , Itanium & Itanium SP1 Replaced Updates:Replaced Updates:MS06-016MS06-016 & & MS06-04
74、3MS06-043 with OE6 on WinXP SP2 & x64 and OE6 on Win2K3 Sp1 & with OE6 on WinXP SP2 & x64 and OE6 on Win2K3 Sp1 & x64x64Vulnerabilities:Vulnerabilities:CVE-2006-2386: Windows Address Book Contact Record CVE-2006-2386: Windows Address Book Contact Record Publicly Disclosed:Publicly Disclosed:CVE-2006
75、-2386 NoCVE-2006-2386 NoKnown Exploits?:Known Exploits?:NoNoIssue Summary:Issue Summary:CVE-2006-2386: An unchecked buffer in the Windows Address Book (WAB) CVE-2006-2386: An unchecked buffer in the Windows Address Book (WAB) functions within Outlook Express leads a functions within Outlook Express
76、leads a remote code executionremote code execution attacks attacksFix Description:Fix Description:CVE-2006-2386: Removes the vulnerability by modifying the way that Outlook CVE-2006-2386: Removes the vulnerability by modifying the way that Outlook Express, when using a .Express, when using a .wabwab
77、 file, validates the length of a field before it passes it to file, validates the length of a field before it passes it to the allocated buffer the allocated buffer Attack Vectors:Attack Vectors: Malicious Email Malicious Email Malicious Web Page Malicious Web PageMitigations:Mitigations: A user wou
78、ld have to be persuaded to visit a malicious Web site A user would have to be persuaded to visit a malicious Web site Exploitation only allows the same privileges as the logged on user Exploitation only allows the same privileges as the logged on user A user must open an attachment that is sent in a
79、n e-mail A user must open an attachment that is sent in an e-mail Workaround:Workaround:Back up and remove the .Back up and remove the .wabwab file association file associationImpact of WorkaroundImpact of Workaround: : Users will not be able to open address books by double Users will not be able to
80、 open address books by double clicking them. They will have to manually start the Windows Address Book clicking them. They will have to manually start the Windows Address Book application and pass the address book to be used as a command line parameter or application and pass the address book to be
81、used as a command line parameter or they can import the address book from the File menu. This does not affect the use they can import the address book from the File menu. This does not affect the use of address books in Outlook Expressof address books in Outlook ExpressRestart RequirementRestart Req
82、uirement NoNoInstallation and Installation and Removal:Removal: Add/Remove Programs , Command line uninstall option Add/Remove Programs , Command line uninstall option Scriptable Deployment Scriptable DeploymentMore Information:More Information:http:/ Outlook Express- ImportantMS06-077: RIS - Import
83、ant Title & KB Article:Title & KB Article:Vulnerability in Remote Installation Service Could Allow Remote Code Execution Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)(926121)Affected Software:Affected Software: Windows 2000 SP4 ONLY Windows 2000 SP4 ONLY Rep
84、laced Updates:Replaced Updates: None NoneVulnerabilities:Vulnerabilities: CVE-2006-5584 - RIS Writable Path Vulnerability CVE-2006-5584 - RIS Writable Path Vulnerability Publicly Disclosed:Publicly Disclosed:NoNoKnown Exploits?:Known Exploits?:NoNoMS06-077: RIS - Important Issue Summary:Issue Summar
85、y:RIS allows anonymous access to the file structure of a hosted operating system RIS allows anonymous access to the file structure of a hosted operating system build through the TFTP service.build through the TFTP service.Fix Description:Fix Description:The update prevents anonymous TFTP users the a
86、bility to write to the RIS hosted The update prevents anonymous TFTP users the ability to write to the RIS hosted operating system builds file structure by adding the registry key identified in the operating system builds file structure by adding the registry key identified in the Workarounds sectio
87、n of the bulletin. Workarounds section of the bulletin. Attack Vectors:Attack Vectors: Malicious packet transmission over the network Malicious packet transmission over the networkMitigations:Mitigations: An attacker would need TFTP access to exploit this vulnerability An attacker would need TFTP ac
88、cess to exploit this vulnerability RIS is not installed by default RIS is not installed by default Standard Firewall configurations should block this from the web Standard Firewall configurations should block this from the web Workaround:Workaround: Configure the TFTP service as read only Configure
89、the TFTP service as read only Disable the TFTP Service Disable the TFTP Service Block UDP port 69 at the firewall Block UDP port 69 at the firewallRestart Requirement:Restart Requirement:NoNoInstallation and Installation and Removal:Removal: Add/Remove Programs Add/Remove Programs Command line unins
90、tall option Command line uninstall option Scriptable Deployment Scriptable DeploymentMore Information:More Information:http:/ Windows Media Player - CriticalTitle & KB Article:Title & KB Article:Vulnerability in Windows Media Player Could Allow Remote Code ExecutionVulnerability in Windows Media Pla
91、yer Could Allow Remote Code Execution KB 925398 addresses Windows Media Player 6.4 KB 925398 addresses Windows Media Player 6.4 KB 923689 addresses Windows Media Format Runtimes KB 923689 addresses Windows Media Format RuntimesAffected Software:Affected Software: Microsoft Windows Media Format 7.1 t
92、hrough 9.5 Series Runtime on the following Microsoft Windows Media Format 7.1 through 9.5 Series Runtime on the following operating system versionsoperating system versions Microsoft Windows 2000 Service Pack 4 - (KB923689)Microsoft Windows 2000 Service Pack 4 - (KB923689) Microsoft Windows XP Servi
93、ce Pack 2 - (KB923689)Microsoft Windows XP Service Pack 2 - (KB923689) Microsoft Windows XP Professional x64 Edition - (KB923689)Microsoft Windows XP Professional x64 Edition - (KB923689) Microsoft Windows Server 2003 or Microsoft Windows Server 2003 Service Microsoft Windows Server 2003 or Microsof
94、t Windows Server 2003 Service Pack 1 - (KB923689)Pack 1 - (KB923689) Microsoft Windows Server 2003 x64 Edition - (KB923689)Microsoft Windows Server 2003 x64 Edition - (KB923689)Affected Software:Affected Software: Microsoft Windows Media Format 9.5 Series Runtime x64 Edition on the following Microso
95、ft Windows Media Format 9.5 Series Runtime x64 Edition on the following operating system versions:operating system versions: Microsoft Windows XP Professional x64 Edition - (KB923689)Microsoft Windows XP Professional x64 Edition - (KB923689) Microsoft Windows Server 2003 x64 Edition - (KB923689)Micr
96、osoft Windows Server 2003 x64 Edition - (KB923689) Microsoft Windows Media Player 6.4 on the following operating system versions: Microsoft Windows Media Player 6.4 on the following operating system versions: Windows 2000 Service Pack 4 - (KB925398)Windows 2000 Service Pack 4 - (KB925398) Microsoft
97、Windows XP Service Pack 2 - (KB925398)Microsoft Windows XP Service Pack 2 - (KB925398) Microsoft Windows XP Professional x64 Edition (KB925398)Microsoft Windows XP Professional x64 Edition (KB925398) Microsoft Windows Server 2003 or on Microsoft Windows Server 2003 Service Microsoft Windows Server 2
98、003 or on Microsoft Windows Server 2003 Service Pack 1 (KB925398)Pack 1 (KB925398) Microsoft Windows Server 2003 x64 Edition (KB925398)Microsoft Windows Server 2003 x64 Edition (KB925398)Replaced Updates:Replaced Updates: None NoneVulnerabilities:Vulnerabilities: CVE-2006-4702 Windows Media Format V
99、ulnerability CVE-2006-4702 Windows Media Format Vulnerability CVE-2006-6134 Windows Media Format WMVCORE ASX Vulnerability CVE-2006-6134 Windows Media Format WMVCORE ASX VulnerabilityPublicly Disclosed:Publicly Disclosed: No NoKnown Exploits?:Known Exploits?: No NoMS06-078: Windows Media Player - Cr
100、iticalIssue Summary:Issue Summary: Buffer overflow Buffer overflow Remote Code Execution Remote Code Execution WMV Core WMV Core ASF exploited ASF exploited ASX exploited ASX exploitedFix Description:Fix Description: Update modifies WMVCORE validation process.Update modifies WMVCORE validation proce
101、ss.Attack Vectors:Attack Vectors: Malicious Web Page Malicious Web Page Malicious Email Malicious EmailMitigations:Mitigations: Requires accessing malicious Web site/ opening malicious email Requires accessing malicious Web site/ opening malicious email Exploitation only allows the same privileges a
102、s the logged on user Exploitation only allows the same privileges as the logged on user By default, IE on Windows 2003 runs in a restricted mode By default, IE on Windows 2003 runs in a restricted mode Windows Media Format 11 runtime is not affected by this vulnerability and could Windows Media Form
103、at 11 runtime is not affected by this vulnerability and could be used to prevent an attempt to exploit this vulnerability.be used to prevent an attempt to exploit this vulnerability.Workaround:Workaround: Disable the Windows Media Player ActiveX controls from running in Internet Disable the Windows
104、Media Player ActiveX controls from running in Internet ExplorerExplorer Modify the Access Control List on Modify the Access Control List on Strmdll.dllStrmdll.dll to prevent shell based attacks on to prevent shell based attacks on players on Windows 2000players on Windows 2000 UnregisterUnregister S
105、hmedia.dllShmedia.dll to prevent shell based attacks on players Windows XP and to prevent shell based attacks on players Windows XP and Windows 2003Windows 2003MS06-078: Windows Media Player - CriticalRestart Requirement:Restart Requirement: None, if required services are terminable None, if require
106、d services are terminable. . Installation and Installation and Removal:Removal: Add/ Remove Programs Add/ Remove Programs Command line uninstall option Command line uninstall option Scriptable Deployment Scriptable DeploymentMore Information:More Information: h http:/ Windows Media Player - Critical
107、Re-Release of MS06-059- Excel Critical Install MS06-059 might fail if ALL conditions are true:Install MS06-059 might fail if ALL conditions are true: Running Excel 2002Running Excel 2002 MSI 2.0MSI 2.0 Previously installed MS06-037 Previously installed MS06-037 Details:Details: Basically, because th
108、e 059 patch does not contain the MSI 2.0 Basically, because the 059 patch does not contain the MSI 2.0 patch code for 037, installing Excel 2002s 059 on top of 037 will patch code for 037, installing Excel 2002s 059 on top of 037 will trigger a Windows Installer 2.0 bug in some cases & result in tri
109、gger a Windows Installer 2.0 bug in some cases & result in excel.exeexcel.exe not getting updated to version 6816. not getting updated to version 6816. Resolution: Install MS06-059 v2Resolution: Install MS06-059 v2Detection and DeploymentBulletin Component Office Update WU/MUMBSA 1.2 + ODT MBSA 2.0/
110、 2.0.1 SUS WSUS ESTSMS SUIT SMS ITMU Detect and deploy Detect and deploy Detect only Detect only Detect and deploy Detect and deploy Detect only Detect and deploy Detect and deploy MS06-072 Microsoft Internet Explorer Not applicableYes Yes Yes Yes Yes Not applicable Yes Yes MS06-073 Microsoft Visual
111、 Studio Not applicableYes No Yes No Yes Yes Yes, with ESUIT Yes MS06-074 SNMP Not applicable Yes Yes Yes Yes Yes Not applicable Yes Yes MS06-075 File Manifest Not applicableYes Yes Yes Yes Yes Not applicable Yes Yes MS06-076 Microsoft Outlook Express Not applicableYes No Yes Yes Yes Yes Yes, with ES
112、UIT Yes MS06-077 Remote Installation Services (RIS) Not applicableYes No Yes Yes Yes Yes Yes Yes MS06-078 Windows Media Player Not applicableYes PartialYes Yes Yes Yes Yes, with ESUIT PartialOther Update InformationBulletinBulletinRestartRestartUninstallUninstallReplacesReplacesOn productsOn product
113、sMS06-072MS06-072YesYesYesYesMS06-067 and all MS06-067 and all previous Cumulative previous Cumulative Security Updates for Security Updates for IEIEIE 5.01SP4, IE6, IE6 SP1IE 5.01SP4, IE6, IE6 SP1MS06-073MS06-073MaybeMaybeYesYesN/AN/AVisual Studio 2005Visual Studio 2005MS06-074MS06-074YesYesYesYesN
114、/AN/AWindows 2000 SP4, XPSP2, W2K3, Windows 2000 SP4, XPSP2, W2K3, W2K3SP1W2K3SP1MS06-075MS06-075YesYesYesYesN/AN/AXPSP2 and W2K3XPSP2 and W2K3MS06-076MS06-076NoNoYesYesMS06-016MS06-016 & & MS06-043MS06-043 with OE 6 on with OE 6 on WinXPWinXP SP2 SP2 & x64 and OE 6 on W2K3 & x64 and OE 6 on W2K3 SP
115、1 & x64SP1 & x64OE 5.5 SP2 and OE6OE 5.5 SP2 and OE6MS06-077MS06-077NoNoYesYesN/AN/AW2K OnlyW2K OnlyMS06-078MS06-078MaybeMaybeYesYesN/AN/A Microsoft Windows Media Format 7.1 Microsoft Windows Media Format 7.1 through 9.5 Series Runtime on the through 9.5 Series Runtime on the following operating sys
116、tem versionsfollowing operating system versions Microsoft Windows Media Player 6.4Microsoft Windows Media Player 6.4December 2006 Non-Security UpdatesNUMBERNUMBERTITLETITLEDistributionDistribution911897911897Update for Windows ServerUpdate for Windows ServerWU, MUWU, MU926251926251Update for Windows
117、 XP Media Center Edition for 2005Update for Windows XP Media Center Edition for 2005WU, MUWU, MU928388928388Update for WindowsUpdate for WindowsWU, MUWU, MU929120929120Update for WindowsUpdate for WindowsWU, MUWU, MU924886924886Update for Office 2003Update for Office 2003MUMUNew WSUSSCAN.CAB archite
118、ctureNew architecture for wsusscan.cab begins since November 2006Support for existing wsusscan.cab architecture ends on March 2007SMS ITMU customers: download and deploy updated version of the SMS ITMUhttp:/ 2.0 offline scan customers: Download updated version of MBSA 2.0.1 nowOr download the new of
119、fline scan file, wsusscn2.cab, by clicking http:/ Save this file to C:Documents and SettingsLocal SettingsApplication DataMicrosoftMBSA2.0Cachewsusscn2.cab. If you only run MBSA 2.0 in the online mode, do anything. See Microsoft KB Article 926464 for more informationhttp:/ 7 over AU Manual download
120、(EN version) is available.Manual download (EN version) is available. Internet Explorer 7 began distribution over AU in Internet Explorer 7 began distribution over AU in November 2006November 2006 ZH version schedule see announcement below!ZH version schedule see announcement below! Internet Explorer
121、 7 Blocker Toolkit available for Internet Explorer 7 Blocker Toolkit available for enterprise customers enterprise customers Blocks automatic delivery of Internet Explorer 7 Blocks automatic delivery of Internet Explorer 7 For additional information see:For additional information see: http:/ Support
122、 Information Software Update Services (SUS) 1.0Software Update Services (SUS) 1.0 Old deadline of 6 December 2006 has CHANGED to 10 July 2007Old deadline of 6 December 2006 has CHANGED to 10 July 2007 Information on upgrading:Information on upgrading:http:/http:/ Public security support for Windows
123、XP SP1 and Office Public security support for Windows XP SP1 and Office 2003 SP1 HAS ENDED as of 2003 SP1 HAS ENDED as of 10 October 200610 October 2006 No Security UpdatesNo Security Updates for Windows XP SP1 or Office 2003 SP1 starting in for Windows XP SP1 or Office 2003 SP1 starting in November
124、 2006November 2006 Remaining Windows XP SP1, Office 2003 SP1 customers should upgrade Remaining Windows XP SP1, Office 2003 SP1 customers should upgrade to Windows XP SP2, Office 2003 SP2 right awayto Windows XP SP2, Office 2003 SP2 right away Public security support for Windows 98, 98 SE, and Publi
125、c security support for Windows 98, 98 SE, and Millennium Edition Millennium Edition HAS ENDED as of 11 July 2006HAS ENDED as of 11 July 2006 See See for more information for more information Microsoft Forefront Client Security Beta open to download.Microsoft Forefront Client Security Beta open to d
126、ownload. http:/ Malicious Software Removal Tool KB890830 Twenty-fourth monthly incremental update. Twenty-fourth monthly incremental update. The Oct update adds the ability to remove:The Oct update adds the ability to remove: Win32/BeenutWin32/Beenut Available as priority update through Windows Upda
127、te or Available as priority update through Windows Update or Microsoft Update for Windows XP usersMicrosoft Update for Windows XP users Offered through WSUS; not offered through SUS 1.0Offered through WSUS; not offered through SUS 1.0 Also as an ActiveX control or download at Also as an ActiveX cont
128、rol or download at Deployment step-by-Deployment step-by-stspstsp: KB891716: KB891716Resources Nov. Security Bulletin Nov. Security Bulletin WebcastWebcast (US) (US) http:/ Security Bulletins SummarySecurity Bulletins Summaryhttp:/ Security Bulletins SearchSecurity Bulletins S Security AdvisoriesSe
129、curity A / MSRC BlogMSRC Bloghttp:/ NotificationsN TechNet RadioTechNet R IT Pro Security NewsletterIT Pro Security N TechNet Security CenterTechNet Security C TechNet Forum TechNet Forum ITProITProhttp:/ Detection and deployment guidance for the December 2006 security Detection and deployment guida
130、nce for the December 2006 security releasereleasehttp:/ and AnswersSubmit text questions using the Submit text questions using the “Ask a Question” button “Ask a Question” button Dont forget to fill out the surveyDont forget to fill out the surveyFor upcoming and previously recorded For upcoming and previously recorded webcasts: webcasts: http:/ content suggestions: content suggestions: