Presentation is loading. Please wait.

Presentation is loading. Please wait.

九月份資訊安全公告 Sep 14, 2006 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處.

Published byDennis Gibbs Modified over 8 years ago

Similar presentations

Presentation on theme: "九月份資訊安全公告 Sep 14, 2006 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處."— Presentation transcript:

1

2 九月份資訊安全公告 Sep 14, 2006 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處

3 Questions last time When will XPSP3 release?When will XPSP3 release? Answer: SP3 for Windows XP Professional is currently planned for 2H 2007. This date is preliminary.Answer: SP3 for Windows XP Professional is currently planned for 2H 2007. This date is preliminary. Check the following: http://www.microsoft.com/windows/lifecycle/servicepacks.mspxCheck the following: http://www.microsoft.com/windows/lifecycle/servicepacks.mspx http://www.microsoft.com/windows/lifecycle/servicepacks.mspx

4 What We Will Cover Review Sep. releasesReview Sep. releases –Re-released bulletins –New security bulletins –High-priority non-security updates Other security resourcesOther security resources –Windows Malicious Software Removal Tool ResourcesResources Questions and answersQuestions and answers

5 Questions and Answers Submit text questions using the “Ask a Question” buttonSubmit text questions using the “Ask a Question” button

6 Sep 2006 Security Bulletins Summary 3 New Security Bulletins for September3 New Security Bulletins for September –1 new critical –1 new moderate –1 new important 2 Re-released Bulletins2 Re-released Bulletins –both critical 2 Security Advisories2 Security Advisories

7 Sep 2006 Security Bulletins Overview Bulletin Number Title Maximum Severity Rating Products Affected MS06-040v2Vulnerability in Server Service Could Allow Remote Code Execution (921883) CriticalAll currently supported versions of Windows MS06-042v3Cumulative Security Update for Internet Explorer (918899) CriticalInternet Explorer on all currently supported versions of Windows MS06-052Pragmatic General Multicast (PGM) (919007) ImportantWindows XP SP1/SP2 with MSMQ installed MS06-053Indexing Service (920685)ModerateAll currently supported versions of Windows MS06-054Office Publisher (910729)CriticalOffice 2000/2002/2003

8 MS06-040v2: Windows - Critical Title Vulnerability in Server Service Could Allow Remote Code Execution (KB 921883) The Problem: A remote code execution vulnerability is exposed in the Server service, which could allow an attacker to take complete control of the an unprotected system by sending an unauthenticated, specially crafted message to the Server service. Vulnerabilities: Server Service Vulnerability - CVE-2006-3439 Affected Versions: All supported versions of Windows: Microsoft Windows 2000 Service Pack 4Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 Microsoft Windows XP Professional x64 EditionMicrosoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based SystemsMicrosoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems Microsoft Windows Server 2003 x64 EditionMicrosoft Windows Server 2003 x64 Edition

9 MS06-040v2: Windows - Critical Title Vulnerability in Server Service Could Allow Remote Code Execution (KB 921883) Attack Vectors/Impact: Any unpatched system with the Server service’s listening port (TCP 139, 445) exposed to a potentially compromised network is susceptible to an unauthenticated attack.Any unpatched system with the Server service’s listening port (TCP 139, 445) exposed to a potentially compromised network is susceptible to an unauthenticated attack. Systems compromised by this vulnerability could be used to propagate a Blaster-style internet wormSystems compromised by this vulnerability could be used to propagate a Blaster-style internet worm The Fix: The update removes the vulnerability by modifying the way that Server service validates the length of a message it receives in RPC communications before it passes the message to the allocated buffer. Mitigations: Systems with the Server service disabled will not be exposed (NOTE: this is an extremely rare case in most enterprise environments) Workaround: Block TCP 139 and TCP 445 at perimeter and on hosts connected to untrusted networks

10 MS06-040v2: Windows - Critical Title Vulnerability in Server Service Could Allow Remote Code Execution (KB 921883) Detection and Deployment: Detectable via MBSA 1.2 *, MBSA 2.0, SMS 2.0 *, SMS 2003 Detectable via MBSA 1.2 *, MBSA 2.0, SMS 2.0 *, SMS 2003 Deployable via WU, MU, SUS *, WSUS, SMS 2.0*, SMS 2003 Deployable via WU, MU, SUS *, WSUS, SMS 2.0*, SMS 2003 * does not support x64 and ia64 versions of Windows * does not support x64 and ia64 versions of Windows Does this supersede any updates? NoNo Publicly Disclosed (?) This vulnerability was initially reported through responsible disclosure, but was later disclosed publiclyThis vulnerability was initially reported through responsible disclosure, but was later disclosed publicly MSRC was made aware of public exploitation prior to bulletin releaseMSRC was made aware of public exploitation prior to bulletin release Reboot and Uninstall Information: Installing the update requires a reboot of the systemInstalling the update requires a reboot of the system This update is uninstallableThis update is uninstallable

11 MS06-040v2: Windows - Critical Title Vulnerability in Server Service Could Allow Remote Code Execution (KB 921883) What is this reason for this re-release? Initial building of WS03 SP1 updates for MS06-040 required netapi32.dll be loaded at a different base address in memory due to increase in code sizeInitial building of WS03 SP1 updates for MS06-040 required netapi32.dll be loaded at a different base address in memory due to increase in code size Re-basing can cause applications that reserve large amounts of contiguous memory to fail.Re-basing can cause applications that reserve large amounts of contiguous memory to fail. Subsequent code changes allowed the base address for netapi32.dll to be changed back to its original location.Subsequent code changes allowed the base address for netapi32.dll to be changed back to its original location. 921883 has been updated to include the original pre- MS06-040 base address that was included in hotfix 924054.921883 has been updated to include the original pre- MS06-040 base address that was included in hotfix 924054. Other information: 921883 v2 will automatically upgrade systems requiring the new update (ie. uninstall of 921883 v1 is not required)921883 v2 will automatically upgrade systems requiring the new update (ie. uninstall of 921883 v1 is not required) Only WS03 SP1 systems (and systems that use the WOW64 components from that OS) are affected:Only WS03 SP1 systems (and systems that use the WOW64 components from that OS) are affected: –WS03 SP1 (x86/x64/ia64) –WinXP x64 More Information: For more Information, please review the FAQ at: For more Information, please review the FAQ at: http://support.microsoft.com/kb/921883 http://www.microsoft.com/taiwan/technet/security/bulletin/ms06-040.mspx

12 Questions about MS06-040v2?

13 MS06-042v3: IE Cumulative (Critical) Title MS06-042v3 Cumulative Security Update for Internet Explorer (918899) Re- release The Problem: This update resolves several newly discovered, publicly and privately reported vulnerabilities. This update resolves several newly discovered, publicly and privately reported vulnerabilities. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. New Vulnerabilities Long URL Buffer Overflow Vulnerability CVE-2006-3869 Long URL Buffer Overflow Vulnerability CVE-2006-3869 Long URL Buffer Overflow Vulnerability CVE-2006-3873 Long URL Buffer Overflow Vulnerability CVE-2006-3873

14 MS06-042v3: IE Cumulative (Critical) Title MS06-042v3 Cumulative Security Update for Internet Explorer (918899) Re- release Affected Software Microsoft Windows 2000 Service Pack 4Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 Microsoft Windows XP Professional x64 EditionMicrosoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 and Microsoft Windows Server 2003 SP1Microsoft Windows Server 2003 and Microsoft Windows Server 2003 SP1 Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based SystemsMicrosoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems Microsoft Windows Server 2003 x64 EditionMicrosoft Windows Server 2003 x64 Edition

15 MS06-042v3: IE Cumulative (Critical) Title MS06-042v3 Cumulative Security Update for Internet Explorer (918899) Re- release Who needs to install MS06-042v3? If v1 or v2 is NOT installed: All Affected Software (above) … If v1 or v2 is NOT installed: All Affected Software (above) … If v1 or v2 is installed, the following still need to install MS06-042: If v1 or v2 is installed, the following still need to install MS06-042: – IE 5.01 SP4 on Windows 2000 SP4 – IE 6 SP1 for Windows XP SP1 and Windows 2000 SP4 – IE 6 for Windows Server 2003 Who does NOT needs to install MS06-042v3? If v1 or v2 is installed, the following does NOT need to install MS06-042: If v1 or v2 is installed, the following does NOT need to install MS06-042: – IE 6 for Windows XP SP2 – IE 6 for Windows Server 2003 SP1

16 MS06-042v3: New Vulnerabilities Vulnerability Long URL Buffer Overflow Vulnerability - CVE-2006-3869 Possible Attack Vectors Remote code Execution: From a malicious web site with a specially crafted Web page (via Email attachment or IM request etc) Impact of Attack Attackers could take complete control of an affected system The Fix: Modified the way IE handles long URLs when navigating to websites using the HTTP 1.1 protocol and compression. Vulnerability Long URL Buffer Overflow Vulnerability CVE-2006-3873 Possible Attack Vectors Remote code Execution: From a malicious web site with a specially crafted Web page (via Email attachment or IM request etc) Impact of Attack Attackers could take complete control of an affected system The Fix: Modified the way IE handles long URLs when navigating to websites using the HTTP 1.1 protocol and compression.

17 MS06-042v3: IE Cumulative (Critical) Title MS06-042v3 Cumulative Security Update for Internet Explorer (918899) Re- release Mitigations Web based attacks require user to visit malicious webs Web based attacks require user to visit malicious webs Html email is opened in restricted zone: OE6, OL2002, Html email is opened in restricted zone: OE6, OL2002, OL2003, and OL2002 w/OL email security update OL2003, and OL2002 w/OL email security update LUA: Attackers who successfully exploited these vulns could gain LUA: Attackers who successfully exploited these vulns could gain the same user rights as the local user. the same user rights as the local user. IE on Windows Server 2003 – Enhanced Security Configuration IE on Windows Server 2003 – Enhanced Security Configuration Workaround (New) Disable the HTTP 1.1 protocol in Internet Explorer. (New) Disable the HTTP 1.1 protocol in Internet Explorer. Disable caching of your Web site’s content Disable caching of your Web site’s content Set Active Scripting to Disabled or Prompt in the Internet Zone Set Active Scripting to Disabled or Prompt in the Internet Zone Set Internet and Local intranet security zone settings to “High” Set Internet and Local intranet security zone settings to “High” Add Trusted sites to the trusted site zone Add Trusted sites to the trusted site zone Read email in plain text format Read email in plain text format Disable Com Object instantiation (set kill bit) Disable Com Object instantiation (set kill bit) Detection and Deployment Next Page… Next Page…

18 MS06-042v3: IE Cumulative (Critical) Title MS06-042v3 Cumulative Security Update for Internet Explorer (918899) Re- release Does this supersede any updates? MS06-021MS06-021 Other information: Is a Restart required? YESIs a Restart required? YES Is there an uninstall option? YESIs there an uninstall option? YES Are the new vulnerabilities publicly known?Are the new vulnerabilities publicly known? – CVE-2006-3869: Publicly Known: YESPublicly Known: YES Publicly Exploited: NOPublicly Exploited: NO – CVE-2006-3873: Publicly Known: NOPublicly Known: NO Publicly Exploited: NOPublicly Exploited: NO More Information: FAQ:FAQ: http://support.microsoft.com/kb/918899http://support.microsoft.com/kb/918899http://support.microsoft.com/kb/918899 http://www.microsoft.com/taiwan/technet/security/bulletin/ms06-042.mspxhttp://www.microsoft.com/taiwan/technet/security/bulletin/ms06-042.mspxhttp://www.microsoft.com/taiwan/technet/security/bulletin/ms06-042.mspx

19 Questions about MS06-042v3?

20 MS06-052: Pragmatic General Multicast (PGM) - Important Title Vulnerability in Pragmatic General Multicast (PGM) Could Result in Remote Code Execution KB919007 The Problem This update resolves a newly discovered, privately reported, vulnerability which is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited the vulnerability could take complete control of the affected system Vulnerabilities PGM Code Execution Vulnerability - CVE-2006-3442 CVE-2006-3442 Affected versions Microsoft Windows XP Service Pack 1 Microsoft Windows XP Service Pack 2 Attack Vectors/Impact There is a remote code execution vulnerability that could allow an attacker to send a specially crafted multicast message to an affected system and execute code on the affected system.

21 MS06-052: Pragmatic General Multicast (PGM) - Important Title Vulnerability in Pragmatic General Multicast (PGM) Could Result in Remote Code Execution KB919007 The Fix The update removes the vulnerability by modifying the way that the MSMQ Service validates a PGM message before it passes the message to the allocated buffer. Mitigations For customers who require the affected component, firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.For customers who require the affected component, firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. Pragmatic General Multicast (PGM) is only supported when Microsoft Message Queuing (MSMQ) 3.0 is installed. The MSMQ service is not installed by default.Pragmatic General Multicast (PGM) is only supported when Microsoft Message Queuing (MSMQ) 3.0 is installed. The MSMQ service is not installed by default. Workaround We have not identified any workarounds for this vulnerability.

22 MS06-052: Pragmatic General Multicast (PGM) - Important Title Vulnerability in Pragmatic General Multicast (PGM) Could Result in Remote Code Execution KB919007 Does this supersede any updates? No Other information Was the vulnerability publicly known? No Was the vulnerability publicly known? No Are there any known exploits? No Are there any known exploits? No Is a Restart required? Yes Is a Restart required? Yes Is there an uninstall option? Yes Is there an uninstall option? Yes More Information For more Information, please review the FAQ at: For more Information, please review the FAQ at: http://support.microsoft.com/?id=919007http://support.microsoft.com/?id=919007http://support.microsoft.com/?id=919007 http://www.microsoft.com/taiwan/technet/security/bulletin/ms06-052.mspxhttp://www.microsoft.com/taiwan/technet/security/bulletin/ms06-052.mspxhttp://www.microsoft.com/taiwan/technet/security/bulletin/ms06-052.mspx

23 Questions on MS06-052?

24 MS06-053: Indexing Service - Moderate Title Vulnerability in Indexing Service Could Allow Cross-Site Scripting (KB920685) The Problem There is an information disclosure vulnerability in Indexing Service because of the way that it handles query validation, creating the possibility of cross-site scripting.There is an information disclosure vulnerability in Indexing Service because of the way that it handles query validation, creating the possibility of cross-site scripting. The vulnerability could allow an attacker to run client-side script on behalf of a user. The script could spoof content, disclose information, or take any action that the user could take on the affected web siteThe vulnerability could allow an attacker to run client-side script on behalf of a user. The script could spoof content, disclose information, or take any action that the user could take on the affected web site Vulnerabilities Microsoft Indexing Service Vulnerability - CVE-2006-0032 CVE-2006-0032 Affected versions Microsoft Windows 2000 Service Pack 4Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 Microsoft Windows XP Professional x64 EditionMicrosoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based SystemsMicrosoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems Microsoft Windows Server 2003 x64 EditionMicrosoft Windows Server 2003 x64 Edition

25 MS06-053: Indexing Service - Moderate Title Vulnerability in Indexing Service Could Allow Cross-Site Scripting KB920685 Attack Vectors /Impact: A user would have to be enticed to click on a URL which goes to a malicious web site which hosts the exploit. The Fix: The update removes the vulnerability by modifying the way that Indexing Service validates the length of a message before it passes the message to the allocated buffer. Mitigations: By default, Internet Information Services 6.0 is not enabled on Windows ServerBy default, Internet Information Services 6.0 is not enabled on Windows Server On Windows Server 2003, if the Internet Information Services (IIS) has been enabled, the Indexing Service is not enabled by default.On Windows Server 2003, if the Internet Information Services (IIS) has been enabled, the Indexing Service is not enabled by default. When Indexing Service is installed, web-based query pages must be created or installed manually that will allow IIS to receive queries from anonymous users and pass those queries to the Indexing Service.When Indexing Service is installed, web-based query pages must be created or installed manually that will allow IIS to receive queries from anonymous users and pass those queries to the Indexing Service. (Continued on the next slide)(Continued on the next slide)

26 MS06-053: Indexing Service - Moderate Title Vulnerability in Indexing Service Could Allow Cross-Site Scripting KB920685 Mitigations (Continued): The attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or instant messenger message that takes users to the attacker's Web site.The attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or instant messenger message that takes users to the attacker's Web site. Firewall best practices and standard default firewall configurations (E.g. systems that connected to the Internet have a minimal number of ports) can help protect networks from attacks that originate outside the enterprise perimeter.Firewall best practices and standard default firewall configurations (E.g. systems that connected to the Internet have a minimal number of ports) can help protect networks from attacks that originate outside the enterprise perimeter. Workarounds: Firewall best practices and standard default firewall configurations (E.g. systems that connected to the Internet have a minimal number of ports) can help protect networks from attacks that originate outside the enterprise perimeter. Block at the firewall: UDP ports 137 and 138 and TCP ports 139 and 44.Firewall best practices and standard default firewall configurations (E.g. systems that connected to the Internet have a minimal number of ports) can help protect networks from attacks that originate outside the enterprise perimeter. Block at the firewall: UDP ports 137 and 138 and TCP ports 139 and 44. To help protect from network-based attempts to exploit this vulnerability, use a personal firewall, such as the Internet Connection Firewall, enable advanced TCP/IP filtering on systems that support this feature, block the affected ports by using IPSec on the affected systems.To help protect from network-based attempts to exploit this vulnerability, use a personal firewall, such as the Internet Connection Firewall, enable advanced TCP/IP filtering on systems that support this feature, block the affected ports by using IPSec on the affected systems.Internet Connection FirewallInternet Connection Firewall Remove the Indexing ServiceRemove the Indexing Service

27 MS06-053: Indexing Service - Moderate Title Vulnerability in Indexing Service Could Allow Cross-Site Scripting KB920685 Does this supersede any updates? No Other information Was the vulnerability publicly known? No Was the vulnerability publicly known? No Are there any known exploits? No Are there any known exploits? No Is a Restart required? No Is a Restart required? No Is there an uninstall option? Yes Is there an uninstall option? Yes More Information For more Information, please review the FAQ at: http://support.microsoft.com/?id=920685 For more Information, please review the FAQ at: http://support.microsoft.com/?id=920685 http://support.microsoft.com/?id=920685 http://www.microsoft.com/taiwan/technet/security/bulletin/ms06-053.mspx

28 Questions about MS06-053?

29 MS06-054: Office - Critical Title Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729) The Problem A remote code execution vulnerability exists in Publisher, and could be exploited when a malformed string included in a Publisher file is parsed. An attacker could exploit the vulnerability by constructing a specially crafted Publisher file that could allow remote code execution. Vulnerabilities Microsoft Publisher Vulnerability - CVE-2006-0001 Affected versions Office Publisher 2000 Office Publisher 2002 Office Publisher 2003 Attack Vectors/Impact For an attack to be successful a user must open an attachment that is sent in an e-mail message or visit a Web site that contains a Web page that is used to exploit this vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. The Fix The update removes the vulnerability by modifying the way that Publisher parses the file and validates the length of a string before passing it to the allocated buffer.

30 MS06-054: Office - Critical Title Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729) Mitigations Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. an attacker would have to persuade users to visit the Web sitean attacker would have to persuade users to visit the Web site The vulnerability cannot be exploited automatically through e-mailThe vulnerability cannot be exploited automatically through e-mail For Office 2000, you may install the Office Document Open Confirmation Tool for Office 2000 and you will then be prompted with Open, Save, or Cancel before opening a document. Office 2002 and 2003 include this feature by default.For Office 2000, you may install the Office Document Open Confirmation Tool for Office 2000 and you will then be prompted with Open, Save, or Cancel before opening a document. Office 2002 and 2003 include this feature by default.Office Document Open Confirmation ToolOffice Document Open Confirmation Tool Workaround Do not open or save Publisher files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources Do not open or save Publisher files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources Detection and Deployment Software MBSA 1.2.1 MBSA 2.0 SMS 2.0 SMS 2003 Microsoft Publisher 2000 Yes No Yes Yes Microsoft Publisher 2002 Yes Yes Yes Yes Microsoft Publisher 2003 Yes Yes Yes Yes

31 MS06-054: Office - Critical Title Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729) Does this supersede any updates? NoneNone Other information Was the vulnerability publicly known? NO Was the vulnerability publicly known? NO Are there any known exploits? NO Are there any known exploits? NO Is a Restart required? YES, this update changes shared Office dll files in addition to Publisher files. Although the security vulnerability only exists in Publisher a reboot is required to complete the installation of all files in the update. Is a Restart required? YES, this update changes shared Office dll files in addition to Publisher files. Although the security vulnerability only exists in Publisher a reboot is required to complete the installation of all files in the update. Is there an uninstall option? NO Is there an uninstall option? NO More Information For more Information, please review the FAQ at: For more Information, please review the FAQ at: http://support.microsoft.com/?id=910729http://support.microsoft.com/?id=910729http://support.microsoft.com/?id=910729 http://www.microsoft.com/taiwan/technet/security/bulletin/ms06-054.mspxhttp://www.microsoft.com/taiwan/technet/security/bulletin/ms06-054.mspxhttp://www.microsoft.com/taiwan/technet/security/bulletin/ms06-054.mspx

32 Questions about MS06-054?

33 Security Advisory (1 of 2) Security Advisory 922582 - Minifilter can block AU and WSUS Non-security updateNon-security update This update addresses an error that could result when using a minifilter-based application on a system.This update addresses an error that could result when using a minifilter-based application on a system. Specific Error Code: 0x80070002Specific Error Code: 0x80070002 This error code could occur when updating any of the following Microsoft tools:This error code could occur when updating any of the following Microsoft tools: –Automatic Updates –WU Web site –MU Web site –Inventory Tool for Microsoft Updates (ITMU) for Microsoft Systems Management Server (SMS) 2003 –SUS –WSUS Windows Server 2003 R2 is the only version of Windows that ships with a minifilter-based application, but it is not installed by default.Windows Server 2003 R2 is the only version of Windows that ships with a minifilter-based application, but it is not installed by default. ISVs are building new applications using the minifilter technology; this error could affect any systems in the future.ISVs are building new applications using the minifilter technology; this error could affect any systems in the future. Customers should evaluate and deploy the update.Customers should evaluate and deploy the update. More information: http://support.microsoft.com/?id=922582More information: http://support.microsoft.com/?id=922582 http://support.microsoft.com/?id=922582

34 Security Advisory (2 of 2) Security Advisory 925143 – Adobe Security Bulletin: APSB06-11 Flash Player Update to Address Security Vulnerabilities Recent security vulnerabilities in Macromedia Flash Player from Adobe redistributed with Microsoft Windows XP SP1 & SP2.Recent security vulnerabilities in Macromedia Flash Player from Adobe redistributed with Microsoft Windows XP SP1 & SP2. The Microsoft Security Response Center is in communication with Adobe.The Microsoft Security Response Center is in communication with Adobe. Adobe has made updates available on their Web site.Adobe has made updates available on their Web site. Customers who use Flash Player should follow the Adobe guidance.Customers who use Flash Player should follow the Adobe guidance. For more information please see Adobe Security Bulletin located at: http://www.adobe.com/go/apsb06-11/For more information please see Adobe Security Bulletin located at: http://www.adobe.com/go/apsb06-11/ http://www.adobe.com/go/apsb06-11/ KB925143: http://www.microsoft.com/technet/security/advisory/925143.mspxKB925143: http://www.microsoft.com/technet/security/advisory/925143.mspx http://www.microsoft.com/technet/security/advisory/925143.mspx

35 Sep 2006 Non-Security Updates NUMBERTITLEDistribution 922582 Update for Windows MU, WU 920872 Update for Windows XP MU, WU 912580 Update for Outlook 2003 Junk E-mail Filter MU

36 Detection and Deployment SUSMUWSUSMBSA2MBSAESTCSASMS MS06-040 Server Service ●●●● MS06-042 IE Cumulative ●●●●● MS06-052 PGM ●●●● MS06-053 Index Server ●●●● MS06-054 Publisher ●*●*●*●*●● MU does not support detection for vulnerable Office 2000 productsMU does not support detection for vulnerable Office 2000 products For Office 2000, use SMS/WSUS/MBSA1.2/OfficeUpdateToolFor Office 2000, use SMS/WSUS/MBSA1.2/OfficeUpdateTool

37 Other Update Information BulletinRestartUninstallReplaces On products MS06-040v2RequiredYesNone All products MS06-042v3RequiredYesMS06-021 All products MS06-052RequiredYesNone Windows XP SP1/XP2 MS06-053NoYesNone All products MS06-054RequiredNoNone Office Publisher 2000/2002/2003

38 Windows Malicious Software Removal Tool Twenty-first monthly incremental update.Twenty-first monthly incremental update. The September update adds the ability to remove:The September update adds the ability to remove: –Win32/Bancos –Win32/Haxdoor –Win32/Sinteri Available as priority update through Windows Update or Microsoft Update for Windows XP usersAvailable as priority update through Windows Update or Microsoft Update for Windows XP users –Offered through WSUS; not offered through SUS 1.0 Also as an ActiveX control or download at www.microsoft.com/malwareremoveAlso as an ActiveX control or download at www.microsoft.com/malwareremove www.microsoft.com/malwareremove

39 Lifecycle Support Information End of public security support for Windows XP SP 1End of public security support for Windows XP SP 1 –10 October 2006 Support EOL for Software Update Services (SUS) 1.0Support EOL for Software Update Services (SUS) 1.0 –6 December 2006 www.microsoft.com/windowsserversystem/updates ervices/evaluation/previous/default.mspxwww.microsoft.com/windowsserversystem/updates ervices/evaluation/previous/default.mspxwww.microsoft.com/windowsserversystem/updates ervices/evaluation/previous/default.mspxwww.microsoft.com/windowsserversystem/updates ervices/evaluation/previous/default.mspx –Public security support for Windows 98, 98 SE, and Millennium Edition HAS ENDED as of 11 July 2006. See www.microsoft.com/lifecycle for more informationSee www.microsoft.com/lifecycle for more informationwww.microsoft.com/lifecycle

40 Resources September Security Bulletin Webcast (US) http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032305653&Culture= en-USSeptember Security Bulletin Webcast (US) http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032305653&Culture= en-US http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032305653&Culture= en-US http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032305653&Culture= en-US Security Bulletins Summary http://www.microsoft.com/taiwan/technet/security/bulletin/ms06-aug.mspxSecurity Bulletins Summary http://www.microsoft.com/taiwan/technet/security/bulletin/ms06-aug.mspx http://www.microsoft.com/taiwan/technet/security/bulletin/ms06-aug.mspx Security Bulletins Search www.microsoft.com/technet/security/current.aspxSecurity Bulletins Search www.microsoft.com/technet/security/current.aspx www.microsoft.com/technet/security/current.aspx Security Advisories www.microsoft.com/taiwan/technet/security/advisory/Security Advisories www.microsoft.com/taiwan/technet/security/advisory/ www.microsoft.com/taiwan/technet/security/advisory/ MSRC Blog http://blogs.technet.com/msrcMSRC Blog http://blogs.technet.com/msrc http://blogs.technet.com/msrc Notifications www.microsoft.com/technet/security/bulletin/notify.mspxNotifications www.microsoft.com/technet/security/bulletin/notify.mspx www.microsoft.com/technet/security/bulletin/notify.mspx TechNet Radio www.microsoft.com/tnradioTechNet Radio www.microsoft.com/tnradio www.microsoft.com/tnradio SearchSecurity Column http://searchsecurity.techtarget.com/news/0,289141,sid14,00.htmlSearchSecurity Column http://searchsecurity.techtarget.com/news/0,289141,sid14,00.html http://searchsecurity.techtarget.com/news/0,289141,sid14,00.html IT Pro Security Newsletter www.microsoft.com/technet/security/secnews/IT Pro Security Newsletter www.microsoft.com/technet/security/secnews/ www.microsoft.com/technet/security/secnews/ TechNet Security Center www.microsoft.com/taiwan/technet/securityTechNet Security Center www.microsoft.com/taiwan/technet/security www.microsoft.com/taiwan/technet/security

41 Questions and Answers Submit text questions using the “Ask a Question” buttonSubmit text questions using the “Ask a Question” button Don’t forget to fill out the surveyDon’t forget to fill out the survey For upcoming and previously recorded webcasts: http://www.microsoft.com/taiwan/technet/webcas t/default.aspxFor upcoming and previously recorded webcasts: http://www.microsoft.com/taiwan/technet/webcas t/default.aspx http://www.microsoft.com/taiwan/technet/webcas t/default.aspx http://www.microsoft.com/taiwan/technet/webcas t/default.aspx Got webcast content ideas? E-mail us at: twwebst@microsoft.comGot webcast content ideas? E-mail us at: twwebst@microsoft.comtwwebst@microsoft.com

42

Download ppt "九月份資訊安全公告 Sep 14, 2006 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處."

Similar presentations

Patch Management Patch Management in a Windows based environment

Patch Management Patch Management in a Windows based environment
Dial In Number 1-877-593-2001 Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.

Dial In Number Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
WSUS Presented by: Nada Abdullah Ahmed.

WSUS Presented by: Nada Abdullah Ahmed.
NETOP REMOTE CONTROL What’s new in version 9.5? DECEMBER 09 NETOP REMOTE CONTROL1.

NETOP REMOTE CONTROL What’s new in version 9.5? DECEMBER 09 NETOP REMOTE CONTROL1.
NetAcumen ActiveX Download Instructions

NetAcumen ActiveX Download Instructions
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Changes in Windows XP Service Pack 2

Changes in Windows XP Service Pack 2
Information for Developers Windows XP Service Pack 2 Information for Developers.

Information for Developers Windows XP Service Pack 2 Information for Developers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Windows XP Service Pack 2 and the Microsoft Virtual Machine: Developer Implications Rudi Larno Developer & Platform Group Microsoft BeLux.

Windows XP Service Pack 2 and the Microsoft Virtual Machine: Developer Implications Rudi Larno Developer & Platform Group Microsoft BeLux.
Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.

Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
Dial In Number 1-800-227-8104 PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Dial In Number PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

Similar presentations

Ads by Google