岁月联盟 - 技术社区 - BBS.SYUE.COM's Archiver

Syue落叶 发表于 2006-7-13 15:29

[紧急公告]微软发布6月份安全公告 修复多个严重安全漏洞

<span style="COLOR: red;">微软本月发布了12个安全公告,这些公告描述并修复了23个安全漏洞,其中12个漏洞属于“紧急”风险级别。攻击者利用这些漏洞可能远程入侵并完全控制服务器或者客户端系统。<br/><br/>我们强烈建议使用Windows操作系统的用户立刻检查一下您的系统是否受此漏洞影响,并按照我们提供的解决方法予以解决。</span><br/><br/>微软6月份安全公告汇总:<br/><a href="http://www.microsoft.com/technet/security/bulletin/ms06-jun.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/ms06-jun.mspx</a><br/><br/><span style="COLOR: red;">详细情况如下:</span><br/><br/><br/>综述:<br/>======<br/>微软本月发布了12个安全公告,这些公告描述并修复了23个安全漏洞,其中12个漏洞属于“紧急”风险级别。攻击者利用这些漏洞可能远程入侵并完全控制服务器或者客户端系统。<br/><br/>我们强烈建议使用Windows操作系统的用户立刻检查一下您的系统是否受此漏洞影响,<br/>并按照我们提供的解决方法予以解决。<br/><br/>分析:<br/>======<br/>微软刚刚发布了12个最新的安全公告: MS06-021到MS06-032。这些安全公告分别描述了23个安全问题,分别是有关各版本的Microsoft Windows,Internet Explorer,Media Player和Exchange Server等系统和应用的漏洞。 <br/><br/>1. MS06-021 - Internet Explorer累积安全更新(916281)<br/><br/>- 受影响系统:<br/><br/>Microsoft Windows 2000 Service Pack 4<br/>Microsoft Windows XP Service Pack 1和Microsoft Windows XP Service Pack 2<br/>Microsoft Windows XP Professional x64 Edition<br/>Microsoft Windows Server 2003和Microsoft Windows Server 2003 Service Pack 1<br/>Microsoft Windows Server 2003 for Itanium-based Systems和Microsoft Windows <br/>Server 2003 with Service Pack 1 for Itanium-based Systems<br/>Microsoft Windows Server 2003 x64 Edition <br/>Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE)和Microsoft <br/>Windows Millennium Edition (ME) <br/><br/>- 受影响组件:<br/><br/>Microsoft Windows 2000 Service Pack 4上的Internet Explorer 5.01 Service <br/>Pack 4 - 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=91A997DE-BAE4-4AC7-912D-79EF8ABAEF4F" target="_blank">http://www.microsoft.com/downloads/details...2D-79EF8ABAEF4F</a><br/><br/>Microsoft Windows 2000 Service Pack 4或Microsoft Windows XP Service Pack 1<br/>上的Internet Explorer 6 Service Pack 1 - 下载更新: <br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=0EB17A41-FB43-413B-A5CC-41E1F3DEDE4F" target="_blank">http://www.microsoft.com/downloads/details...CC-41E1F3DEDE4F</a><br/><br/>Microsoft Windows XP Service Pack 2上的Internet Explorer 6 - 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=85CABE87-C4A0-4F80-BD1C-210E23FD8D81" target="_blank">http://www.microsoft.com/downloads/details...1C-210E23FD8D81</a><br/><br/>Microsoft Windows Server 2003和Microsoft Windows Server 2003 Service <br/>Pack 1的Internet Explorer 6 - 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=CCE7C875-C9A4-4C3D-A37B-946EE5E781E7" target="_blank">http://www.microsoft.com/downloads/details...7B-946EE5E781E7</a><br/><br/>Microsoft Windows Server 2003 for Itanium-based Systems和Microsoft Windows <br/>Server 2003 with SP1 for Itanium-based Systems的Internet Explorer 6 - <br/>下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=C8E4CFB6-1350-4AAE-B681-EE2ECAB41118" target="_blank">http://www.microsoft.com/downloads/details...81-EE2ECAB41118</a><br/><br/>Microsoft Windows Server 2003 x64 Edition的Internet Explorer 6 - 下载更<br/>新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=1C7D5C6D-DDCF-485D-A1E3-60E55334FD74" target="_blank">http://www.microsoft.com/downloads/details...E3-60E55334FD74</a><br/><br/>Microsoft Windows XP Professional x64 Edition的Internet Explorer 6 - 下<br/>载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=F91791AC-8185-4346-AA66-89F74D4B5EA7" target="_blank">http://www.microsoft.com/downloads/details...66-89F74D4B5EA7</a><br/><br/>Microsoft Windows 98, Microsoft Windows 98 SE或Microsoft Windows Millennium <br/>Edition上的Internet Explorer 6 Service Pack 1 <br/><br/>- 漏洞危害: 远程执行代码<br/>- 严重程度: 紧急<br/>- 漏洞描述: <br/><br/>Internet Explorer中的多个漏洞可能允许远程执行代码。<br/><br/>风险级别和漏洞标识<br/><font color="#808080"><b>游客无法下载附件,请您登录:)</b></font><br/><br/>- 临时解决方案:<br/><br/>* 配置Internet Explorer在运行活动脚本之前要求提示,或在Internet和本地<br/>intranet安全区中禁用活动脚本。<br/>* 将Internet和本地intranet安全区设置为“高”以在运行ActiveX控件和活动脚本<br/>之前要求提示。<br/>* 如果正在使用Outlook 2002或之后版本,或Outlook Express 6 SP1或之后版本<br/>的话,以纯文本读取邮件。<br/>* 禁止在Internet Explorer中运行COM对象。<br/>* 不要在Internet Explorer中使用“另存为...”命令将不可信任的网页保存为“Web<br/>档案,单一文件(*.mht)”。<br/><br/>- 厂商补丁: <br/><br/>微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带的<br/>"Windows update"功能下载最新补丁。<br/><br/>您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:<br/><a href="http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-021.mspx</a><br/><br/>2. MS06-022 - ART图形渲染中的漏洞可能允许远程代码执行(918439)<br/><br/>- 受影响系统:<br/><br/>Microsoft Windows XP Service Pack 1 — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=F6328F82-457E-44CB-95FB-2DB0E8C9EE3C" target="_blank">http://www.microsoft.com/downloads/details...FB-2DB0E8C9EE3C</a>
        <br/><br/>Microsoft Windows XP Service Pack 2 — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=71022EA1-94CB-4FE9-B89E-46876D068B9A" target="_blank">http://www.microsoft.com/downloads/details...9E-46876D068B9A</a><br/><br/>Microsoft Windows XP Professional x64 Edition — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=A386523E-96AB-43ED-B189-E13AF497B685" target="_blank">http://www.microsoft.com/downloads/details...89-E13AF497B685</a><br/><br/>Microsoft Windows Server 2003和Microsoft Windows Server 2003 Service <br/>Pack 1 — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=56DF0CF2-9214-4B23-9034-C59E8B7126D6" target="_blank">http://www.microsoft.com/downloads/details...34-C59E8B7126D6</a><br/><br/>Microsoft Windows Server 2003 for Itanium-based Systems和Microsoft Windows <br/>Server 2003 with SP1 for Itanium-based Systems — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=5E1B95C3-7E75-4468-829C-1DC7B4ECE5D0" target="_blank">http://www.microsoft.com/downloads/details...9C-1DC7B4ECE5D0</a><br/><br/>Microsoft Windows Server 2003 x64 Edition — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=4DC13B7C-01AB-4BB6-9766-0FE0D02E410D" target="_blank">http://www.microsoft.com/downloads/details...66-0FE0D02E410D</a><br/><br/>Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE)和Microsoft <br/>Windows Millennium Edition (Me) <br/><br/>- 受影响组件:<br/><br/>安装了Windows 2000 AOL图形支持更新的Windows 2000:<br/><br/>* Microsoft Windows 2000 Service Pack 4上的Internet Explorer 5.01 Service <br/>Pack 4 — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=AE6D8DA7-B170-416D-8812-265FFA757301" target="_blank">http://www.microsoft.com/downloads/details...12-265FFA757301</a><br/><br/>* Microsoft Windows 2000 Service Pack 4上的Internet Explorer 6 Service <br/>Pack 1 — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=F6328F82-457E-44CB-95FB-2DB0E8C9EE3C" target="_blank">http://www.microsoft.com/downloads/details...FB-2DB0E8C9EE3C</a><br/><br/>- 漏洞危害: 远程执行代码<br/>- 严重程度: 紧急<br/>- 漏洞描述: <br/><br/>Windows处理ART图形的方式存在远程代码执行漏洞。攻击者可以通过创建特制的<br/>ART图形来利用这个漏洞,如果用户访问了Web站点或特制邮件消息的话就会导致<br/>代码执行。成功利用这个漏洞的攻击者可以完全控制受影响的系统。<br/><br/>风险级别和漏洞标识<br/><font color="#808080"><b>游客无法下载附件,请您登录:)</b></font><br/><br/><br/>- 临时解决方案:<br/><br/>* 修改AOL ART文件的访问控制列表,临时禁止在Internet Explorer中显示。 <br/>* 安全Microsoft安全公告MS06-021的Internet Explorer累积安全更新(916281)。<br/><br/>- 厂商补丁: <br/><br/>微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带<br/>的"Windows update"功能下载最新补丁。<br/><br/>您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:<br/><a href="http://www.microsoft.com/technet/security/Bulletin/MS06-022.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-022.mspx</a><br/><br/>3. MS06-023 - Microsoft JScript中的漏洞可能允许远程代码执行(917344)<br/><br/>- 受影响系统:<br/><br/>Microsoft Windows 2000 Service Pack 4 <br/>Microsoft Windows XP Service Pack 1和Microsoft Windows XP Service Pack 2<br/>Microsoft Windows XP Professional x64 Edition<br/>Microsoft Windows Server 2003和Microsoft Windows Server 2003 Service Pack 1<br/>Microsoft Windows Server 2003 for Itanium-based Systems和Microsoft Windows <br/>Server 2003 with SP1 for Itanium-based Systems <br/>Microsoft Windows Server 2003 x64 Edition <br/>Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE)和Microsoft <br/>Windows Millennium Edition (ME) <br/><br/>- 受影响组件:<br/><br/>Microsoft Windows 2000 Service Pack 4上的Microsoft JScript 5.1 — 下载更<br/>新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=23E79ABD-B1FE-4734-B3D3-FB53D286C06F" target="_blank">http://www.microsoft.com/downloads/details...D3-FB53D286C06F</a><br/><br/>安装在Windows 2000 Service Pack 4上的Microsoft JScript 5.6 — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=16DD21A1-C4EE-4ECA-8B80-7BD1DFEFB4F8" target="_blank">http://www.microsoft.com/downloads/details...80-7BD1DFEFB4F8</a><br/><br/>Microsoft Windows XP Service Pack 1和Microsoft Windows XP Service Pack <br/>2上的Microsoft JScript 5.6 — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=D28C02BE-CAC3-4579-9B93-939FD5D3CDE6" target="_blank">http://www.microsoft.com/downloads/details...93-939FD5D3CDE6</a><br/><br/>Microsoft Windows XP Professional x64 Edition上的Microsoft JScript 5.6 <br/>— 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=2EE3DD28-7167-4A2C-941D-A236F8CC5C4B" target="_blank">http://www.microsoft.com/downloads/details...1D-A236F8CC5C4B</a><br/><br/>Microsoft Windows Server 2003和Microsoft Windows Server 2003 Service <br/>Pack 1上的Microsoft JScript 5.6 — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=8963AE25-2230-47FE-AECE-49D7457D96D4" target="_blank">http://www.microsoft.com/downloads/details...CE-49D7457D96D4</a><br/><br/>Microsoft Windows Server 2003 for Itanium-based Systems和Microsoft Windows <br/>Server 2003 with SP1 for Itanium-based Systems上的Microsoft JScript 5.6 <br/>— 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=7764C7DC-A7E4-4B91-95C2-EF7D4DCE0A00" target="_blank">http://www.microsoft.com/downloads/details...C2-EF7D4DCE0A00</a><br/><br/>Microsoft Windows Server 2003 x64 Edition上的Microsoft JScript 5.6 — 下<br/>载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=BCF7AB2E-EE1C-45F9-8B1C-4B1CEF683082" target="_blank">http://www.microsoft.com/downloads/details...1C-4B1CEF683082</a>
        <br/><br/>- 漏洞危害: 远程执行代码<br/>- 严重程度: 紧急<br/>- 漏洞描述: <br/><br/>JScript中存在远程代码执行漏洞。攻击者可以通过创建特制的JScript来利用这<br/>个漏洞,如果用户访问了Web站点或特制邮件消息的话就会导致代码执行。成功利<br/>用这个漏洞的攻击者可以完全控制受影响系统。<br/><br/>风险级别和漏洞标识<br/><font color="#808080"><b>游客无法下载附件,请您登录:)</b></font><br/><br/>- 临时解决方案:<br/><br/>* 配置Internet Explorer在运行活动脚本之前要求提示,或在Internet和本地<br/>intranet安全区中禁用活动脚本。<br/>* 将Internet和本地intranet安全区设置为“高”以在运行ActiveX控件和活动脚本<br/>之前要求提示。<br/>* 修改JScript.dll的访问控制列表,临时禁止在Internet Explorer中运行。<br/><br/>- 厂商补丁: <br/><br/>微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带<br/>的"Windows update"功能下载最新补丁。<br/><br/>您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:<br/><a href="http://www.microsoft.com/technet/security/Bulletin/MS06-023.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-023.mspx</a><br/><br/>4. MS06-024 - Windows Media Player中的漏洞可能允许远程代码执行(917734)<br/><br/>- 受影响软件:<br/><br/>Microsoft Windows XP Service Pack 1上的Windows Media Player for XP – 下<br/>载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=11372cc0-3da9-49ad-bb08-1493ce3cd0bd" target="_blank">http://www.microsoft.com/downloads/details...08-1493ce3cd0bd</a><br/><br/>Microsoft Windows XP Service Pack 2上的Windows Media Player 9 – 下载更<br/>新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=c00be4c3-34ba-4858-90d7-520b7d240e33" target="_blank">http://www.microsoft.com/downloads/details...d7-520b7d240e33</a><br/><br/>Microsoft Windows XP Professional x64 Edition上的Windows Media Player <br/>10 – 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=f59065ec-0279-48ec-ab27-8abca715ac01" target="_blank">http://www.microsoft.com/downloads/details...27-8abca715ac01</a><br/><br/>Microsoft Windows Server 2003上的Windows Media Player 9 – 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=c00be4c3-34ba-4858-90d7-520b7d240e33" target="_blank">http://www.microsoft.com/downloads/details...d7-520b7d240e33</a><br/><br/>Microsoft Windows Server 2003 Service Pack 1上的Windows Media Player 10<br/>– 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=4f933b0c-7d2d-4049-92da-bbbe97371594" target="_blank">http://www.microsoft.com/downloads/details...da-bbbe97371594</a><br/><br/>Microsoft Windows Server 2003 x64 Edition上的Windows Media Player 10 – <br/>下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=facc7dfe-9b3b-48dd-a068-5bb9c6b60f87" target="_blank">http://www.microsoft.com/downloads/details...68-5bb9c6b60f87</a><br/><br/>Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE)和Microsoft <br/>Windows Millennium Edition (Me) <br/><br/>- 受影响组件:<br/><br/>安装在Windows 2000 Service Pack 4上的Microsoft Windows Media Player 7.1 <br/>– 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=5abb6258-9468-4188-a178-aa46f100ab61" target="_blank">http://www.microsoft.com/downloads/details...78-aa46f100ab61</a><br/><br/>安装在Windows 2000 Service Pack 4或Windows XP Service Pack 1上的Microsoft <br/>Windows Media Player 9 – 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=c00be4c3-34ba-4858-90d7-520b7d240e33" target="_blank">http://www.microsoft.com/downloads/details...d7-520b7d240e33</a><br/><br/>安装在Windows XP Service Pack 1或Windows XP Service Pack 2上的Microsoft <br/>Windows Media Player 10 – 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=0f641572-74fd-4281-953f-6f2f12e001e0" target="_blank">http://www.microsoft.com/downloads/details...3f-6f2f12e001e0</a><br/><br/>- 漏洞危害: 远程执行代码<br/>- 严重程度: 紧急<br/>- 漏洞描述: <br/><br/>Windows Media Player处理PNG图形的方式存在远程代码执行漏洞。攻击者可以创<br/>建特制的Windows Media Player内容,如果用户访问了Web站点或特制邮件消息的<br/>话就会导致代码执行。成功利用这个漏洞的攻击者可以完全控制受影响系统。<br/><br/>风险级别和漏洞标识<br/><font color="#808080"><b>游客无法下载附件,请您登录:)</b></font><br/><br/>- 临时解决方案:<br/><br/>* 修改DirectX “Filter Graph no thread”注册表项的访问控制列表。<br/>* 备份并删除DirectX “Filter Graph no thread”注册表项。<br/>* 注销Wmp.dll。<br/>* 解除WMZ文件扩展名的关联。 <br/><br/>- 厂商补丁: <br/><br/>微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带<br/>的"Windows update"功能下载最新补丁。<br/><br/>您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:<br/><a href="http://www.microsoft.com/technet/security/Bulletin/MS06-024.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-024.mspx</a><br/><br/>5. MS06-025 - 路由和远程访问中的漏洞可能允许远程代码执行(911280)<br/><br/>- 受影响系统:<br/><br/>Microsoft Windows 2000 Service Pack 4 — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=c1af96b2-2807-444b-82df-b6b61ec63715" target="_blank">http://www.microsoft.com/downloads/details...df-b6b61ec63715</a><br/><br/>Microsoft Windows XP Service Pack 1和Microsoft Windows XP Service Pack <br/>2 — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=74838e2b-bd5f-4584-81f1-3250e6b69728" target="_blank">http://www.microsoft.com/downloads/details...f1-3250e6b69728</a><br/><br/>Microsoft Windows XP Professional x64 Edition — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=09d1a284-6a16-44a5-a95e-8eb566401ce9" target="_blank">http://www.microsoft.com/downloads/details...5e-8eb566401ce9</a><br/><br/>Microsoft Windows Server 2003和Microsoft Windows Server 2003 Service <br/>Pack 1 — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=b4264cb9-8979-40e8-b903-bc8deda00fec" target="_blank">http://www.microsoft.com/downloads/details...03-bc8deda00fec</a><br/><br/>Microsoft Windows Server 2003 for Itanium-based Systems和Microsoft Windows <br/>Server 2003 with SP1 for Itanium-based Systems — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=890535c9-98cf-49a9-ae50-178e3c5fac6b" target="_blank">http://www.microsoft.com/downloads/details...50-178e3c5fac6b</a><br/><br/>Microsoft Windows Server 2003 x64 Edition — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=bf9cef95-89fd-4ec3-be0a-93902f2bb768" target="_blank">http://www.microsoft.com/downloads/details...0a-93902f2bb768</a><br/><br/>- 漏洞危害: 远程执行代码<br/>- 严重程度: 紧急<br/>- 漏洞描述: <br/><br/>路由和远程访问服务中的漏洞可能允许攻击者完全控制受影响的系统。<br/><br/>风险级别和漏洞标识<br/><font color="#808080"><b>游客无法下载附件,请您登录:)</b></font><br/><br/>- 临时解决方案:<br/><br/>* 禁用远程访问连接管理器服务。<br/>* 在防火墙阻断:<br/>UDP端口135、137、138、445,以及TCP端口135、139、445、593<br/>所有大于1024端口上的未经请求的入站通讯<br/>任何其他明确配置的RPC端口<br/>* 使用个人防火墙,如Windows XP和Windows Server 2003捆绑的Internet连接防<br/>火墙。<br/>* 在支持的系统上启用高级TCP/IP过滤功能。<br/>* 在受影响的系统上使用IPSec阻断受影响的端口。<br/><br/>- 厂商补丁: <br/><br/>微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带<br/>的"Windows update"功能下载最新补丁。<br/><br/>您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:<br/><a href="http://www.microsoft.com/technet/security/Bulletin/MS06-025.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-025.mspx</a><br/><br/>6. MS06-026 - 图形渲染引擎中的漏洞可能允许远程代码执行(918547)<br/><br/>- 受影响系统:<br/><br/>Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE)和Microsoft <br/>Windows Millennium Edition (Me)<br/><br/>- 漏洞危害: 远程执行代码<br/>- 严重程度: 紧急<br/>- 漏洞描述: <br/><br/>图形渲染引擎处理Windows元文件(WMF)图形的方式存在远程代码执行漏洞。攻击<br/>者可以通过创建特制的WMF图形来利用这个漏洞,如果用户访问了Web站点或特制<br/>邮件消息的话就会导致代码执行。成功利用这个漏洞的攻击者可以完全控制受影<br/>响系统。<br/><br/>风险级别和漏洞标识<br/><font color="#808080"><b>游客无法下载附件,请您登录:)</b></font><br/><br/>- 临时解决方案:<br/><br/>无<br/><br/>- 厂商补丁: <br/><br/>目前微软仅为Windows 98、Windows 98 Second Edition和Windows Millennium <br/>Edition平台的紧急安全更新发布补丁,下载位于:<br/><a href="http://go.microsoft.com/fwlink/?LinkId=21130" target="_blank">http://go.microsoft.com/fwlink/?LinkId=21130</a>
        <br/><br/>7. MS06-027 - Microsoft Word中的漏洞可能允许远程代码执行(917336)<br/><br/>- 受影响软件:<br/><br/>Microsoft Office 2000 Service Pack 3<br/>Microsoft Word 2000 — 下载更新(KB917345):<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=507D97B5-8B20-41B2-AE8B-27F2BF5198CD" target="_blank">http://www.microsoft.com/downloads/details...8B-27F2BF5198CD</a><br/><br/>Microsoft Office XP Service Pack 3<br/>Microsoft Word 2002 — 下载更新(KB917335):<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C" target="_blank">http://www.microsoft.com/downloads/details...EF-DF563095563C</a><br/><br/>Microsoft Office 2003 Service Pack 1或Service Pack 2<br/>Microsoft Word 2003 — 下载更新(KB917334):<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=ADEA09B4-481A-4908-8B77-0630AC679CAC" target="_blank">http://www.microsoft.com/downloads/details...77-0630AC679CAC</a>
        <br/><br/>Microsoft Word Viewer 2003 - 下载更新(KB917346):<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=6089B843-61FF-469F-A38B-BD4FFEFF0552" target="_blank">http://www.microsoft.com/downloads/details...8B-BD4FFEFF0552</a><br/><br/>Microsoft Works Suites<br/>Microsoft Works Suite 2000 - 下载更新(KB917345):<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=507D97B5-8B20-41B2-AE8B-27F2BF5198CD" target="_blank">http://www.microsoft.com/downloads/details...8B-27F2BF5198CD</a><br/><br/>Microsoft Works Suite 2001 - 下载更新(KB917345):<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=507D97B5-8B20-41B2-AE8B-27F2BF5198CD" target="_blank">http://www.microsoft.com/downloads/details...8B-27F2BF5198CD</a><br/><br/> Microsoft Works Suite 2002 - 下载更新(KB917335):<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C" target="_blank">http://www.microsoft.com/downloads/details...EF-DF563095563C</a><br/><br/>Microsoft Works Suite 2003 - 下载更新(KB917335):<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C" target="_blank">http://www.microsoft.com/downloads/details...EF-DF563095563C</a>
        <br/><br/>Microsoft Works Suite 2004 - 下载更新(KB917335):<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C" target="_blank">http://www.microsoft.com/downloads/details...EF-DF563095563C</a><br/><br/>Microsoft Works Suite 2005 - 下载更新(KB917335):<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C" target="_blank">http://www.microsoft.com/downloads/details...EF-DF563095563C</a><br/><br/>Microsoft Works Suite 2006 - 下载更新(KB917335):<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C" target="_blank">http://www.microsoft.com/downloads/details...EF-DF563095563C</a>
        <br/><br/>- 漏洞危害: 远程执行代码<br/>- 严重程度: 紧急<br/>- 漏洞描述: <br/><br/>Word使用畸形对象指针的方式存在远程代码执行漏洞。攻击者可以通过创建特制<br/>的Word文件来利用这个漏洞,导致代码执行。<br/><br/>风险级别和漏洞标识<br/><font color="#808080"><b>游客无法下载附件,请您登录:)</b></font><br/><br/>- 临时解决方案:<br/><br/>* 以安全模式使用Microsoft Word。 <br/><br/>- 厂商补丁: <br/><br/>微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带<br/>的"Windows update"功能下载最新补丁。<br/><br/>您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:<br/><a href="http://www.microsoft.com/technet/security/Bulletin/MS06-027.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-027.mspx</a><br/><br/>8. MS06-028 - Microsoft PowerPoint中的漏洞可能导致远程代码执行(916768)<br/><br/>- 受影响系统:<br/><br/>Microsoft Office 2000 Service Pack 3<br/>Microsoft PowerPoint 2000 — 下载更新(KB916520):<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=F635F2CB-CFEE-4129-BB77-4779A3B05674" target="_blank">http://www.microsoft.com/downloads/details...77-4779A3B05674</a><br/><br/>Microsoft Office XP Service Pack 3<br/>Microsoft PowerPoint 2002 — 下载更新(KB916519):<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=60A1EB9F-F04B-4D21-A95E-CCC90D9782AB" target="_blank">http://www.microsoft.com/downloads/details...5E-CCC90D9782AB</a><br/><br/>Microsoft Office 2003 Service Pack 1或Service Pack 2<br/>Microsoft PowerPoint 2003 — 下载更新(KB916518):<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=FCED8804-45B4-4FD2-8FDB-4960C5BB8954" target="_blank">http://www.microsoft.com/downloads/details...DB-4960C5BB8954</a><br/><br/>Microsoft Office 2004 for Mac<br/>Microsoft PowerPoint 2004 for Mac — 下载更新(KB918963):<br/><a href="http://www.microsoft.com/mac/" target="_blank">http://www.microsoft.com/mac/</a><br/><br/>Microsoft Office v. X for Mac<br/>Microsoft PowerPoint v. X for Mac — 下载更新(KB918963):<br/><a href="http://www.microsoft.com/mac/" target="_blank">http://www.microsoft.com/mac/</a>
        <br/><br/>- 漏洞危害: 远程执行代码<br/>- 严重程度: 紧急<br/>- 漏洞描述: <br/><br/>PowerPoint使用畸形记录的方式存在远程代码执行漏洞。攻击者可以通过创建特<br/>制的PowerPoint文件来利用这个漏洞,导致代码执行。<br/><br/>风险级别和漏洞标识<br/><font color="#808080"><b>游客无法下载附件,请您登录:)</b></font><br/><br/>- 临时解决方案:<br/><br/>* 不要打开不可信任来源接收到的Microsoft PowerPoint文件。<br/><br/>- 厂商补丁: <br/><br/>微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带<br/>的"Windows update"功能下载最新补丁。<br/><br/>您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:<br/><a href="http://www.microsoft.com/technet/security/Bulletin/MS06-028.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-028.mspx</a><br/><br/>9. MS06-029 - 运行Outlook Web Access的Microsoft Exchange Server中的漏洞可<br/>能允许脚本注入(912442)<br/><br/>- 受影响软件:<br/><br/>安装了2004年8月Exchange 2000 Server Post-Service Pack 3更新总成的Microsoft <br/>Exchange 2000 Server Pack 3 — 下载更新(KB912442):<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=746CE64E-3186-422B-A13B-004E7942189B" target="_blank">http://www.microsoft.com/downloads/details...3B-004E7942189B</a><br/><br/>Microsoft Exchange Server 2003 Service Pack 1 — 下载更新(KB912442):<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=0E192781-847F-41C1-B32A-84218DB60942" target="_blank">http://www.microsoft.com/downloads/details...2A-84218DB60942</a><br/><br/>Microsoft Exchange Server 2003 Service Pack 2 — 下载更新(KB912442):<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=C777BC9F-52B7-4F17-96C7-DAF3B9987D70" target="_blank">http://www.microsoft.com/downloads/details...C7-DAF3B9987D70</a><br/><br/>- 漏洞危害: 远程执行代码<br/>- 严重程度: 重要<br/>- 漏洞描述: <br/><br/>运行Outlook Web Access (OWA)的Exchange Server存在脚本注入漏洞。攻击者可<br/>以通过创建有特制脚本的邮件消息来利用这个漏洞。如果运行了特制脚本的话,<br/>就会在客户端以用户的安全环境执行。利用这个漏洞需要用户交互。<br/><br/>风险级别和漏洞标识<br/><font color="#808080"><b>游客无法下载附件,请您登录:)</b></font><br/><br/>- 临时解决方案:<br/><br/>* 在运行Exchange Server的计算机上禁用Outlook Web Access (OWA)。 <br/><br/>- 厂商补丁: <br/><br/>微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带<br/>的"Windows update"功能下载最新补丁。<br/><br/>您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:<br/><a href="http://www.microsoft.com/technet/security/Bulletin/MS06-029.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-029.mspx</a><br/><br/>10. MS06-030 - 服务器消息块中的漏洞可能允许权限提升(914389)<br/><br/>- 受影响系统:<br/><br/>Microsoft Windows 2000 Service Pack 4 — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=6ec86784-6b12-410b-8068-028c58ed5df7" target="_blank">http://www.microsoft.com/downloads/details...68-028c58ed5df7</a><br/><br/>Microsoft Windows XP Service Pack 1和Microsoft Windows XP Service Pack <br/>2 — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=c17ddc07-204b-4a7f-8c5a-36b7865a030c" target="_blank">http://www.microsoft.com/downloads/details...5a-36b7865a030c</a><br/><br/>Microsoft Windows XP Professional x64 Edition — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=89fbbdd0-7504-4807-9337-08324aa457e7" target="_blank">http://www.microsoft.com/downloads/details...37-08324aa457e7</a><br/><br/>Microsoft Windows Server 2003和Microsoft Windows Server 2003 Service <br/>Pack 1 — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=%2043d69a41-6acb-4c64-89dc-2b9aef6e98fd" target="_blank">http://www.microsoft.com/downloads/details...dc-2b9aef6e98fd</a><br/><br/>Microsoft Windows Server 2003 for Itanium-based Systems和Microsoft Windows <br/>Server 2003 with SP1 for Itanium-based Systems — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=e1d13c18-72d1-40b8-95b3-08aef8db9213" target="_blank">http://www.microsoft.com/downloads/details...b3-08aef8db9213</a><br/><br/>Microsoft Windows Server 2003 x64 Edition — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=b6018a61-b0ec-467e-9025-059d3c9f1c5f" target="_blank">http://www.microsoft.com/downloads/details...25-059d3c9f1c5f</a><br/><br/>- 漏洞危害: 权限提升<br/>- 严重程度: 重要<br/>- 漏洞描述: <br/><br/>服务器消息框(SMB)中的权限提升漏洞可能允许攻击者完全控制受影响的系统。<br/><br/>风险级别和漏洞标识<br/><font color="#808080"><b>游客无法下载附件,请您登录:)</b></font><br/>- 临时解决方案:<br/><br/>* 禁用Workstation服务。<br/>* 删除MRxSmb驱动注册表项。 <br/><br/>- 厂商补丁: <br/><br/>微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带<br/>的"Windows update"功能下载最新补丁。<br/><br/>您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:<br/><a href="http://www.microsoft.com/technet/security/Bulletin/MS06-030.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-030.mspx</a>
        <br/><br/>11. MS06-031 - RPC相互认证中的漏洞可能允许欺骗(917736)<br/><br/>- 受影响系统:<br/><br/>Microsoft Windows 2000 Service Pack 4 — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=5089d956-7d8d-4241-9ca2-107ce4f8c093" target="_blank">http://www.microsoft.com/downloads/details...a2-107ce4f8c093</a><br/><br/>- 漏洞危害: 欺骗<br/>- 严重程度: 中等<br/>- 漏洞描述: <br/><br/>RPC处理相互认证的方式存在欺骗漏洞,可能允许攻击者诱骗用户连接到看起来好<br/>像有效的恶意的RPC服务器。<br/><br/>风险级别和漏洞标识<br/><font color="#808080"><b>游客无法下载附件,请您登录:)</b></font><br/><br/>- 临时解决方案:<br/><br/>* 使用IPSec确保系统的身份。<br/><br/>- 厂商补丁: <br/><br/>微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带<br/>的"Windows update"功能下载最新补丁。<br/><br/>您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:<br/><a href="http://www.microsoft.com/technet/security/Bulletin/MS06-031.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-031.mspx</a><br/><br/>12. MS06-032 - TCP/IP中的漏洞可能允许远程代码执行(917953)<br/><br/>- 受影响系统:<br/><br/>Microsoft Windows 2000 Service Pack 4 — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=305e208c-d75c-471b-9e57-30d01e320ad1" target="_blank">http://www.microsoft.com/downloads/details...57-30d01e320ad1</a><br/><br/>Microsoft Windows XP Service Pack 1和Microsoft Windows XP Service Pack <br/>2 — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=b62abe8e-4735-4934-a66e-5b957986efbf" target="_blank">http://www.microsoft.com/downloads/details...6e-5b957986efbf</a><br/><br/>Microsoft Windows XP Professional x64 Edition — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=44213900-9082-45dc-b514-31d38717fe89" target="_blank">http://www.microsoft.com/downloads/details...14-31d38717fe89</a><br/><br/>Microsoft Windows Server 2003和Microsoft Windows Server 2003 Service <br/>Pack 1 — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=ea319c61-b405-41ab-9eee-d5b3488b90e0" target="_blank">http://www.microsoft.com/downloads/details...ee-d5b3488b90e0</a><br/><br/>Microsoft Windows Server 2003 for Itanium-based Systems和Microsoft Windows <br/>Server 2003 with SP1 for Itanium-based Systems — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=cd8b88b5-f90f-4c0c-a5ad-3641751381c9" target="_blank">http://www.microsoft.com/downloads/details...ad-3641751381c9</a><br/><br/>Microsoft Windows Server 2003 x64 Edition — 下载更新:<br/><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=cd8699bc-6760-4f0e-b8e0-2e7d89092ce8" target="_blank">http://www.microsoft.com/downloads/details...e0-2e7d89092ce8</a><br/><br/>- 漏洞危害: 远程执行代码<br/>- 严重程度: 重要<br/>- 漏洞描述: <br/><br/>TCP/IP协议驱动中的远程代码执行漏洞可能允许攻击者完全控制受影响的系统。<br/><br/>风险级别和漏洞标识<br/><font color="#808080"><b>游客无法下载附件,请您登录:)</b></font><br/><br/>- 临时解决方案:<br/><br/>* 在防火墙阻断包含有IP源路由选项131和137的IP报文。<br/>* 使用个人防火墙,如Windows XP和Windows Server 2003捆绑的Internet连接防<br/>火墙。<br/>* 禁用IP源路由。<br/>* 在受影响的系统上使用IPSec阻断受影响的端口。<br/><br/>- 厂商补丁: <br/><br/>微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带<br/>的"Windows update"功能下载最新补丁。<br/><br/>您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:<br/><a href="http://www.microsoft.com/technet/security/Bulletin/MS06-032.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-032.mspx</a><br/><br/>附加信息:<br/>==========<br/>1. <a href="http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-021.mspx</a><br/>2. <a href="http://www.microsoft.com/technet/security/Bulletin/MS06-022.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-022.mspx</a><br/>3. <a href="http://www.microsoft.com/technet/security/Bulletin/MS06-023.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-023.mspx</a><br/>4. <a href="http://www.microsoft.com/technet/security/Bulletin/MS06-024.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-024.mspx</a><br/>5. <a href="http://www.microsoft.com/technet/security/Bulletin/MS06-025.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-025.mspx</a><br/>6. <a href="http://www.microsoft.com/technet/security/Bulletin/MS06-026.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-026.mspx</a><br/>7. <a href="http://www.microsoft.com/technet/security/Bulletin/MS06-027.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-027.mspx</a><br/>8. <a href="http://www.microsoft.com/technet/security/Bulletin/MS06-028.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-028.mspx</a><br/>9. <a href="http://www.microsoft.com/technet/security/Bulletin/MS06-029.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-029.mspx</a><br/>10. <a href="http://www.microsoft.com/technet/security/Bulletin/MS06-030.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-030.mspx</a><br/>11. <a href="http://www.microsoft.com/technet/security/Bulletin/MS06-031.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-031.mspx</a><br/>12. <a href="http://www.microsoft.com/technet/security/Bulletin/MS06-032.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/MS06-032.mspx</a><br/>13. <a href="http://www.microsoft.com/technet/security/bulletin/ms06-jun.mspx" target="_blank">http://www.microsoft.com/technet/security/...n/ms06-jun.mspx</a><br/>14. <a href="http://www.us-cert.gov/cas/techalerts/TA06-164A.html" target="_blank">http://www.us-cert.gov/cas/techalerts/TA06-164A.html</a><br/>15. <a href="http://www.idefense.com/intelligence/vulnerabilities/display.php?id=406" target="_blank">http://www.idefense.com/intelligence/vulne...play.php?id=406</a><br/>16. <a href="http://www.idefense.com/intelligence/vulnerabilities/display.php?id=407" target="_blank">http://www.idefense.com/intelligence/vulne...play.php?id=407</a><br/>17. <a href="http://www.idefense.com/intelligence/vulnerabilities/display.php?id=408" target="_blank">http://www.idefense.com/intelligence/vulne...play.php?id=408</a><br/>18. <a href="http://www.idefense.com/intelligence/vulnerabilities/display.php?id=409" target="_blank">http://www.idefense.com/intelligence/vulne...play.php?id=409</a><br/>19. <a href="http://www.zerodayinitiative.com/advisories/ZDI-06-017.html" target="_blank">http://www.zerodayinitiative.com/advisories/ZDI-06-017.html</a><br/>20. <a href="http://www.zerodayinitiative.com/advisories/ZDI-06-018.html" target="_blank">http://www.zerodayinitiative.com/advisories/ZDI-06-018.html</a><br/>

页: [1]

Powered by Discuz! Archiver 7.0.0  © 2001-2009 Comsenz Inc.