Presentation is loading. Please wait.

Presentation is loading. Please wait.

二月份資訊安全公告 Feb 16, 2007 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處.

Published byDaniel Booker Modified over 8 years ago

Similar presentations

Presentation on theme: "二月份資訊安全公告 Feb 16, 2007 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處."— Presentation transcript:

1

2 二月份資訊安全公告 Feb 16, 2007 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處

3 Questions and Answers Submit text questions using the “Ask a Question” buttonSubmit text questions using the “Ask a Question” button

4 What We Will Cover Review of February releasesReview of February releases –New security bulletins –High-priority non-security updates Other security resourcesOther security resources –Prepare for new WSUSSCAN.CAB architecture –Lifecycle Information –Windows Malicious Software Removal Tool ResourcesResources Questions and answersQuestions and answers

5 Feb. 2007 Security Bulletins Summary On Feb 14:On Feb 14: –12 New Security Bulletins 6 critical6 critical 6 important6 important –8 High-priority non-security updates

6 Feb. 2007 Security Bulletins Overview Bulletin Number Title Maximum Severity Rating Products Affected MS07-005 Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723) Important Step-by-Step Interactive Training MS07-006 Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) Important Windows XP, Windows Server 2003 MS07-007 Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802) Important Windows XP MS07-008 Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843) Critical Windows 2000, Windows XP, Windows Server 2003 MS07-009 Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779) Critical Microsoft Data Access Components MS07-010 Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution (932135) Critical Microsoft Malware Protection Engine MS07-011 Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436) Important Windows 2000, Windows XP, Windows Server 2003 MS07-012 Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667) Important Windows 2000, Windows XP, Windows Server 2003, Visual Studio.NET

7 Feb. 2007 Security Bulletins Overview (cont.) Bulletin Number Title Maximum Severity Rating Products Affected MS07-013 Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118) Important Windows 2000, Windows XP, Windows Server 2003, Office 2000, Office 2003, Office 2004 for Mac MS07-014 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434) Critical Word 2000, Word 2002, Word 2003, Word 2004 for Mac MS07-015 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554) Critical Office 2000, Office XP, Office 2003, Office 2004 for Mac MS07-016 Cumulative Security Update for Internet Explorer (928090) Critical Windows 2000, Windows XP, Windows Server 2003

8 Feb. 2007 Security Bulletins Severity Summary Bulletin Number Windows 2000 SP 4 Windows XP SP 2Windows Server 2003Windows Server 2003 SP1 Windows Vista MS07-006 Not AffectedImportant Not Affected MS07-007 Not Affected ImportantNot Affected MS07-008 Critical Moderate Not Affected MS07-009 Critical ModerateNot Affected MS07-011 Important Not Affected MS07-012 Important Not Affected MS07-013 Important Not Affected Microsoft Visual Studio.NET 2002 Microsoft Visual Studio.NET 2002 Service Pack 1 Microsoft Visual Studio.NET 2003 Microsoft Visual Studio.NET 2003 Service Pack 1 MS07-012 Important Step-by-Step Interactive Training MS07-005Important

9 Feb. 2007 Security Bulletins Severity Summary (cont.) Microsoft Office 2000 Microsoft Office XP Microsoft Office 2003 Microsoft Office 2004, X for Mac MS07-013Important MS07-015CriticalImportant Microsoft Word 2000 Microsoft Word 2002 Microsoft Word 2003 Microsoft Word 2004 for Mac MS07-014CriticalImportant Windows Live OneCare Microsoft Antigen for Exchange Server 9.x Microsoft Antigen for SMTP Server 9.x Microsoft Windows Defender Microsoft Forefront Security for Exchange Server 10 Microsoft Forefront Security for SharePoint Server 10 MS07-010Critical Internet Explorer 5.01 SP 4 Internet Explorer 6 SP 1 Internet Explorer 6 for Windows Server 2003 & SP1 IE 6.0 for Windows XP SP 2 IE 7.0 For Windows XP SP2 IE 7.0 for Windows Server 2003 MS07-016 Critical ImportantLow

10 MS07-005 – Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723) – Important Vulnerability Remote code execution vulnerability in Step-by-Step Interactive training due to bookmark link file handling Possible Attack Vectors Attacker creates specially formed Step-by-Step Interactive training bookmark link file (.cbo,.cbl and.cbm)Attacker creates specially formed Step-by-Step Interactive training bookmark link file (.cbo,.cbl and.cbm) Attacker posts file on Web site or sends file through e-mailAttacker posts file on Web site or sends file through e-mail Attacker convinces user to visit Web site or open file from e-mailAttacker convinces user to visit Web site or open file from e-mail Impact of Attack Run code in context of logged on user Mitigating Factors Limits on user’s account limits attacker’s code Limits on user’s account limits attacker’s code Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in e-mail or IM. Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in e-mail or IM. Cannot be exploited automatically through e-mail: user must open attached file Cannot be exploited automatically through e-mail: user must open attached file Replaced MS05-031 MS05-031 Public Disclosed /Known Exploits None None

11 MS07-006 – Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) – Important Vulnerability Privilege elevation vulnerability in Windows Shell due to detection and registration of new hardware Possible Attack Vectors Attacker logs on to systemAttacker logs on to system Attacker loads specially crafted applicationAttacker loads specially crafted application Attacker executes specially crafted applicationAttacker executes specially crafted application Impact of Attack Elevation of privilege to LocalSystem security context Mitigating Factors Valid logon credential required Valid logon credential required Windows XP SP2 & Windows Server 2003 SP1: Administrator privileges required to exploit vulnerability remotely Windows XP SP2 & Windows Server 2003 SP1: Administrator privileges required to exploit vulnerability remotely Replaced MS06-045 MS06-045 Public Disclosed /Known Exploits None None

12 MS07-007 – Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802) – Important Vulnerability Privilege elevation vulnerability due to how Windows Image Acquisition service starts applications Possible Attack Vectors Attacker logs on to systemAttacker logs on to system Attacker loads specially crafted applicationAttacker loads specially crafted application Attacker executes specially crafted applicationAttacker executes specially crafted application Impact of Attack Elevation of privilege to LocalSystem security context Mitigating Factors Valid logon credential required Valid logon credential required Replaced None None Public Disclosed /Known Exploits None None

13 MS07-008 – Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843) – Critical Vulnerability Remote code execution vulnerability in HTML Help ActiveX control Possible Attack Vectors Attacker creates specially formed Web pageAttacker creates specially formed Web page Attacker posts page on Web site or sends page as HTML e-mailAttacker posts page on Web site or sends page as HTML e-mail Attacker convinces user to visit Web site or view e-mailAttacker convinces user to visit Web site or view e-mail Impact of Attack Run code in context of logged on user Mitigating Factors Limits on user’s account limits attacker’s code Limits on user’s account limits attacker’s code Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in e-mail or IM. Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in e-mail or IM. All supported versions of Outlook and Outlook Express open HTML e-mail messages in the Restricted sites zone, which helps reduce attacks preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail. All supported versions of Outlook and Outlook Express open HTML e-mail messages in the Restricted sites zone, which helps reduce attacks preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail. Internet Explorer on Windows Server 2003 in Enhanced Security Configuration mitigates the browsing and e-mail vectors on select vulnerabilities. Internet Explorer on Windows Server 2003 in Enhanced Security Configuration mitigates the browsing and e-mail vectors on select vulnerabilities. Replaced MS06-046 MS06-046 Public Disclosed /Known Exploits None None

14 MS07-009 – Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779) – Critical Vulnerability Remote code execution vulnerability in ADODB.Connection ActiveX control Possible Attack Vectors Attacker creates specially formed Web pageAttacker creates specially formed Web page Attacker posts page on Web site or sends page as HTML e-mailAttacker posts page on Web site or sends page as HTML e-mail Attacker convinces user to visit Web site or view e-mailAttacker convinces user to visit Web site or view e-mail Impact of Attack Run code in context of logged on user Mitigating Factors Limits on user’s account limits attacker’s code Limits on user’s account limits attacker’s code Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in e-mail or IM. Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in e-mail or IM. All supported versions of Outlook and Outlook Express open HTML e-mail messages in the Restricted sites zone, which helps reduce attacks preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail. All supported versions of Outlook and Outlook Express open HTML e-mail messages in the Restricted sites zone, which helps reduce attacks preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail. Internet Explorer on Windows Server 2003 in Enhanced Security Configuration mitigates the browsing and e-mail vectors on select vulnerabilities. Internet Explorer on Windows Server 2003 in Enhanced Security Configuration mitigates the browsing and e-mail vectors on select vulnerabilities. Additional Information Addresses issue discussed on Oct. 27, 2006 in MSRC Weblog: http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx Addresses issue discussed on Oct. 27, 2006 in MSRC Weblog: http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx Replaced MS06-014, except MDAC 2.8 SP1 on Windows XP SP2, MDAC 2.8 on Windows 2003 and Windows 2003 ia64 MS06-014, except MDAC 2.8 SP1 on Windows XP SP2, MDAC 2.8 on Windows 2003 and Windows 2003 ia64 Public Disclosed /Known Exploits Public Disclosed but none known exploits. Public Disclosed but none known exploits.

15 MS07-010 – Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution (932135) – Critical Vulnerability Code execution vulnerability in Microsoft Malware Protection Engine when parsing malformed Portable Document Format (.PDF) files Possible Attack Vectors Attacker crafts specially formed.PDF fileAttacker crafts specially formed.PDF file Attacker places.PDF document on web page or includes in e-mail as attachmentAttacker places.PDF document on web page or includes in e-mail as attachment Attacker convinces user to visit Web site or view e-mail and open attachmentAttacker convinces user to visit Web site or view e-mail and open attachment Impact of Attack Run code in context of LocalSystem Mitigating Factors None None Additional Information Products which utilize Microsoft Malware Protection Engine Products which utilize Microsoft Malware Protection Engine Windows Live OneCare Windows Live OneCare Microsoft Antigen for Exchange Server 9.x Microsoft Antigen for Exchange Server 9.x Microsoft Antigen for SMTP Server 9.x Microsoft Antigen for SMTP Server 9.x Microsoft Windows Defender Microsoft Windows Defender Microsoft Windows Defender x64 Edition Microsoft Windows Defender x64 Edition Microsoft Forefront Security for Exchange Server 10 Microsoft Forefront Security for Exchange Server 10 Microsoft Forefront Security for SharePoint Server 10 Microsoft Forefront Security for SharePoint Server 10 Updates to Microsoft Malware Protection provided through automatic updating technologies on a per product basis: see bulletin for details Updates to Microsoft Malware Protection provided through automatic updating technologies on a per product basis: see bulletin for details Replaced None None Public Disclosed /Known Exploits None None

16 MS07-011 – Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436) – Important Vulnerability Windows OLD Dialog component s do not perform sufficient validation when parsing OLD objects embedded in the RTF files that may corrupt system memory and may leads to Remote code execution. Windows OLD Dialog component s do not perform sufficient validation when parsing OLD objects embedded in the RTF files that may corrupt system memory and may leads to Remote code execution. Possible Attack Vectors Attacker creates.RTF file with specially formed embedded OLE objectAttacker creates.RTF file with specially formed embedded OLE object Attacker posts file on Web site or sends file through e-mailAttacker posts file on Web site or sends file through e-mail Attacker convinces user to visit Web site or open file from e-mailAttacker convinces user to visit Web site or open file from e-mail Attacker convinces user to navigate within.RTF document and manipulate embedded OLE objectAttacker convinces user to navigate within.RTF document and manipulate embedded OLE object Impact of Attack Run code in context of logged on user Mitigating Factors Limits on user’s account limits attacker’s code Limits on user’s account limits attacker’s code Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in e-mail or IM. Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in e-mail or IM. Vulnerability requires user to locate and interact with embedded OLE object: vulnerability cannot be exploited just from opening.RTF file Vulnerability requires user to locate and interact with embedded OLE object: vulnerability cannot be exploited just from opening.RTF file Cannot be exploited automatically through e-mail: user must open attached file Cannot be exploited automatically through e-mail: user must open attached file Additional Information Contains defense-in-depth change to help address attack vectors related to MS07-012 Contains defense-in-depth change to help address attack vectors related to MS07-012 Replaced None None Public Disclosed /Known Exploits None None

17 MS07-012 – Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667) – Important Vulnerability Remote code execution vulnerability in MFC component related to OLE object handling Remote code execution vulnerability in MFC component related to OLE object handling Possible Attack Vectors Attacker creates.RTF file with specially formed embedded OLE objectAttacker creates.RTF file with specially formed embedded OLE object Attacker posts file on Web site or sends file through e-mailAttacker posts file on Web site or sends file through e-mail Attacker convinces user to visit Web site or open file from e-mailAttacker convinces user to visit Web site or open file from e-mail Attacker convinces user to navigate within.RTF document and manipulate embedded OLE objectAttacker convinces user to navigate within.RTF document and manipulate embedded OLE object Impact of Attack Run code in context of logged on user Mitigating Factors Limits on user’s account limits attacker’s code Limits on user’s account limits attacker’s code Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in e-mail or IM. Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in e-mail or IM. Vulnerability requires user to locate and interact with embedded OLE object: vulnerability cannot be exploited just from opening.RTF file Vulnerability requires user to locate and interact with embedded OLE object: vulnerability cannot be exploited just from opening.RTF file Cannot be exploited automatically through e-mail: user must open attached file Cannot be exploited automatically through e-mail: user must open attached file Additional Information MS07-011 contains defense-in-depth change to help address attack vectors MS07-011 contains defense-in-depth change to help address attack vectors Updates available for redistributable components within Visual Studio Updates available for redistributable components within Visual Studio mfc70u.dll - Visual Studio.NET 2002 mfc70u.dll - Visual Studio.NET 2002 mfc71u.dll - Visual Studio.NET 2003. mfc71u.dll - Visual Studio.NET 2003. Apply updates to development systems and provide updated versions of applications that use these files Apply updates to development systems and provide updated versions of applications that use these files Contact vendor for questions about applications that use these files Contact vendor for questions about applications that use these files Replaced None None Public Disclosed /Known Exploits None None

18 MS07-013 – Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118) – Important Vulnerability Remote code execution vulnerability in RichEdit components related to OLE object handling Remote code execution vulnerability in RichEdit components related to OLE object handling Possible Attack Vectors Attacker creates.RTF file with specially formed embedded OLE objectAttacker creates.RTF file with specially formed embedded OLE object Attacker posts file on Web site or sends file through e-mailAttacker posts file on Web site or sends file through e-mail Attacker convinces user to visit Web site or open file from e-mailAttacker convinces user to visit Web site or open file from e-mail Attacker convinces user to navigate within.RTF document and manipulate embedded OLE objectAttacker convinces user to navigate within.RTF document and manipulate embedded OLE object Impact of Attack Run code in context of logged on user Mitigating Factors Limits on user’s account limits attacker’s code Limits on user’s account limits attacker’s code Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in e-mail or IM. Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in e-mail or IM. Vulnerability requires user to locate and interact with embedded OLE object: vulnerability cannot be exploited just from opening.RTF file Vulnerability requires user to locate and interact with embedded OLE object: vulnerability cannot be exploited just from opening.RTF file Cannot be exploited automatically through e-mail: user must open attached file Cannot be exploited automatically through e-mail: user must open attached file Replaced None None Public Disclosed /Known Exploits None None

19 MS07-014 – Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434) – Critical Vulnerabilities Six code execution vulnerabilities when processing Word files with malformed data elements Possible Attack Vectors Attacker crafts specially formed Word documentAttacker crafts specially formed Word document Attacker places Word document on web page or includes in e-mail as attachmentAttacker places Word document on web page or includes in e-mail as attachment Attacker convinces user to visit Web site or view e-mail and open attachmentAttacker convinces user to visit Web site or view e-mail and open attachment Impact of Attack Run code in context of logged on user Mitigating Factors Limits on user’s account limits attacker’s code Limits on user’s account limits attacker’s code Word 2002 or Word 2003: cannot be exploited automatically through e-mail. User must open an attachment that is sent in e-mail. Word 2002 or Word 2003: cannot be exploited automatically through e-mail. User must open an attachment that is sent in e-mail. Word 2002 or Word 2003: cannot be exploited automatically through Web page. User must click through trust decision dialog box. Word 2002 or Word 2003: cannot be exploited automatically through Web page. User must click through trust decision dialog box. –Dialog box does not occur in Office 2000. –Dialog box can be added to Office 2000 by installing Office Document Open Confirmation Tool User must navigate to attacker’s site manually or through links in e-mail or IM. Access to sites cannot be automated. User must navigate to attacker’s site manually or through links in e-mail or IM. Access to sites cannot be automated. Additional Information Addresses four publicly disclosed issues; 3 issues subject to very limited, targeted attacks:Addresses four publicly disclosed issues; 3 issues subject to very limited, targeted attacks: CVE-2006-5994 - Dec. 5, 2006CVE-2006-5994 - Dec. 5, 2006 http://blogs.technet.com/msrc/archive/2006/12/06/microsoft-security-advisory-929433-posted.aspxhttp://blogs.technet.com/msrc/archive/2006/12/06/microsoft-security-advisory-929433-posted.aspxhttp://blogs.technet.com/msrc/archive/2006/12/06/microsoft-security-advisory-929433-posted.aspx http://www.microsoft.com/technet/security/advisory/929433.mspxhttp://www.microsoft.com/technet/security/advisory/929433.mspxhttp://www.microsoft.com/technet/security/advisory/929433.mspx CVE-2006-6456 - Dec. 10, 2006CVE-2006-6456 - Dec. 10, 2006 http://blogs.technet.com/msrc/archive/2006/12/10/new-report-of-a-word-zero-day.aspxhttp://blogs.technet.com/msrc/archive/2006/12/10/new-report-of-a-word-zero-day.aspxhttp://blogs.technet.com/msrc/archive/2006/12/10/new-report-of-a-word-zero-day.aspx CVE-2006-6561 - Dec. 15, 2006CVE-2006-6561 - Dec. 15, 2006 http://blogs.technet.com/msrc/archive/2006/12/15/update-on-current-word-vulnerability-reports.aspxhttp://blogs.technet.com/msrc/archive/2006/12/15/update-on-current-word-vulnerability-reports.aspxhttp://blogs.technet.com/msrc/archive/2006/12/15/update-on-current-word-vulnerability-reports.aspx CVE-2007-0515 - Jan. 26, 2007CVE-2007-0515 - Jan. 26, 2007 http://blogs.technet.com/msrc/archive/2007/01/26/microsoft-security-advisory-932114-posted.aspxhttp://blogs.technet.com/msrc/archive/2007/01/26/microsoft-security-advisory-932114-posted.aspxhttp://blogs.technet.com/msrc/archive/2007/01/26/microsoft-security-advisory-932114-posted.aspx http://www.microsoft.com/technet/security/advisory/932114.mspxhttp://www.microsoft.com/technet/security/advisory/932114.mspxhttp://www.microsoft.com/technet/security/advisory/932114.mspx Replaced MS06-060 MS06-060 Public Disclosed /Known Exploits No: CVE-2007-0209/CVE-2007-0209 No: CVE-2007-0209/CVE-2007-0209 Yes: CVE-2006-5994, CVE-2006-6456, CVE-2006-6561 and CVE-2007-0515 Yes: CVE-2006-5994, CVE-2006-6456, CVE-2006-6561 and CVE-2007-0515

20 MS07-015 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554) – Critical Vulnerabilities Two code execution vulnerabilities when processing Office files with malformed data elements Possible Attack Vectors Attacker crafts specially formed Office documentAttacker crafts specially formed Office document Attacker places Office document on web page or includes in e-mail as attachmentAttacker places Office document on web page or includes in e-mail as attachment Attacker convinces user to visit Web site or view e-mail and open attachmentAttacker convinces user to visit Web site or view e-mail and open attachment Impact of Attack Run code in context of logged on user Mitigating Factors Limits on user’s account limits attacker’s code Limits on user’s account limits attacker’s code Office XP or Office 2003: cannot be exploited automatically through e-mail. User must open an attachment that is sent in e-mail. Office XP or Office 2003: cannot be exploited automatically through e-mail. User must open an attachment that is sent in e-mail. Office XP or Office 2003: cannot be exploited automatically through Web page. User must click through trust decision dialog box. Office XP or Office 2003: cannot be exploited automatically through Web page. User must click through trust decision dialog box. –Dialog box does not occur in Office 2000. –Dialog box can be added to Office 2000 by installing Office Document Open Confirmation Tool User must navigate to attacker’s site manually or through links in e-mail or IM. Access to sites cannot be automated User must navigate to attacker’s site manually or through links in e-mail or IM. Access to sites cannot be automated Additional Information Addresses publicly disclosed issue subject to very limited, targeted attacks:Addresses publicly disclosed issue subject to very limited, targeted attacks: CVE-2007-0671 - Feb. 2, 2007:CVE-2007-0671 - Feb. 2, 2007: http://blogs.technet.com/msrc/archive/2007/02/02/microsoft-security-advisory-932553-posted.aspxhttp://blogs.technet.com/msrc/archive/2007/02/02/microsoft-security-advisory-932553-posted.aspxhttp://blogs.technet.com/msrc/archive/2007/02/02/microsoft-security-advisory-932553-posted.aspx http://www.microsoft.com/technet/security/advisory/932553.mspxhttp://www.microsoft.com/technet/security/advisory/932553.mspx CVE-2006-3877CVE-2006-3877 Originally discussed in MS06-058Originally discussed in MS06-058 Update was found to not address issueUpdate was found to not address issue Issue addressed in MS07-015Issue addressed in MS07-015 MS06-058 updated to reflect thisMS06-058 updated to reflect this MS06-058 DOES protect against other three vulnerabilities discussedMS06-058 DOES protect against other three vulnerabilities discussed Replaced MS06-062 MS06-062 Public Disclosed /Known Exploits Public disclosed: CVE-2007-0671 (NOT disclosed: CVE-2006-3877) Public disclosed: CVE-2007-0671 (NOT disclosed: CVE-2006-3877) Known exploits: None Known exploits: None

21 MS07-016 – Cumulative Security Update for Internet Explorer (928090) – Critical Vulnerabilities Three remote code execution vulnerabilities (2 COM object instantiations, 1 FTP server response parsing) Possible Attack Vectors Attacker creates specially formed Web pageAttacker creates specially formed Web page Attacker posts page on Web site or sends page as HTML e-mailAttacker posts page on Web site or sends page as HTML e-mail Attacker convinces user to visit Web site or view e-mailAttacker convinces user to visit Web site or view e-mail Impact of Attack Run code in context of logged on user Mitigating Factors Limits on user’s account limits attacker’s code Limits on user’s account limits attacker’s code Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in e-mail or IM. Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in e-mail or IM. All supported versions of Outlook and Outlook Express open HTML e-mail messages in the Restricted sites zone, which helps reduce attacks preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail. All supported versions of Outlook and Outlook Express open HTML e-mail messages in the Restricted sites zone, which helps reduce attacks preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail. Internet Explorer on Windows Server 2003 in Enhanced Security Configuration mitigates the browsing and e-mail vectors on select vulnerabilities. Internet Explorer on Windows Server 2003 in Enhanced Security Configuration mitigates the browsing and e-mail vectors on select vulnerabilities. Replaced MS06-072 MS06-072 Public Disclosed /Known Exploits Public Disclosed: CVE-2006-4697 (others are not disclosed) Public Disclosed: CVE-2006-4697 (others are not disclosed) Known exploits: None Known exploits: None

22 Detection and Deployment WU/SUS/AUOffice Update & SMS Microsoft Office Inventory Tool for Updates MBSA 1.2 & SMS Security Update Inventory Tool Enterprise Scan Tool & SMS Security Update Scan Tools MU/WSUS/AU, SMS 2003 ITMU, & MBSA 2.0 MS07-005 YesNANoYes MS07-006 NAYesNAYes MS07-007 NAYesNAYes MS07-008 NAYesNAYes MS07-009 NAYes (except Windows 2000)Windows 2000 onlyYes MS07-010 See Bulletin MS07-011 YesNAYesNAYes MS07-012 NAWindows onlyVisual Studio onlyWindows only MS07-013 Office onlyYes (Office: local only)NAYes (except Office 2000) MS07-014 NAYesLocal onlyNAYes (except Office 2000 and Mac) MS07-015 NAYesLocal onlyNAYes (except Office 2000 and Mac) MS07-016 YesNAYesNAYes

23 Other Update Information BulletinRestartHotpatchingUninstallReplaces MS07-005 May be requiredN/AYesMS05-031 MS07-006 RequiredNoYesMS06-045 MS07-007 N/AYesNone MS07-008 N/AYesMS06-046 MS07-009 N/AYesMS06-014 MS07-010 May be requiredN/A No (Except Defender on Vista) None MS07-011 May be requiredNoYesNone MS07-012 RequiredNoYesNone MS07-013 May be requiredNo Yes (except Office 2000) None MS07-014 May be requiredN/A Yes (except 2000 and Mac) MS06-060 MS07-015 May be requiredN/A Yes (except 2000 and Mac) MS06-062 MS07-016 RequiredNoYesMS06-072

24 February 2007 Non-Security Updates NUMBERTITLEDistribution 931836 Update for Windows XP (Daylight Savings Time) WU, MU 925720 February 2007 CardSpace Update for Windows XP WU, MU 924885 Update for Outlook Junk Email Filter 2003 MU 924884 Update for Outlook Junk Email Filter 2007 MU 925251 Update for Office 2003 MU 929058 Update for Excel 2003 MU 929060 Update for PowerPoint 2003 MU 926666 Update for Daylight Saving Time changes in 2007 for Exchange 2003 Update for Daylight Saving Time changes in 2007 for Exchange 2003MU

25 New WSUSSCAN.CAB architecture New architecture for wsusscan.cab begins since November 2006 Support for existing wsusscan.cab architecture ends on March 2007 SMS ITMU customers: download and deploy updated version of the SMS ITMU – –http://www.microsoft.com/technet/downloads/sms/2003/tools/msupdates.mspxhttp://www.microsoft.com/technet/downloads/sms/2003/tools/msupdates.mspx MBSA 2.0 offline scan customers: – –Download updated version of MBSA 2.0.1 now – –Or download the new offline scan file, wsusscn2.cab, by clicking http://go.microsoft.com/fwlink/?LinkId=76054. Save this file to C:\Documents and Settings\ \Local Settings\Application Data\Microsoft\MBSA\2.0\Cache\wsusscn2.cab. http://go.microsoft.com/fwlink/?LinkId=76054 If you only run MBSA 2.0 in the online mode, do anything. See Microsoft KB Article 926464 for more information – –http://support.microsoft.com/kb/926464http://support.microsoft.com/kb/926464

26 US Daylight Savings Time non- security Update Change to comply with US Energy Policy Act of 2005Change to comply with US Energy Policy Act of 2005 –DST starts three weeks earlier: 2:00 am second Sunday in March (11 March 2007) –Ends one week later: 2:00 am first Sunday in November (4 November 2007) Updates to enable thisUpdates to enable this –Windows (931836) –Exchange 2003 (926666) Updates available through AU, WU, SUS, WSUS and ITMUUpdates available through AU, WU, SUS, WSUS and ITMU More informationMore information –http://www.microsoft.com/dst2007

27 Windows Malicious Software Removal Tool – KB890830 The Feb. update adds the ability to remove:The Feb. update adds the ability to remove: –Win32/Stration –Win32/Mitglieder Available as priority update through Windows Update or Microsoft Update for Windows XP usersAvailable as priority update through Windows Update or Microsoft Update for Windows XP users –Offered through WSUS; not offered through SUS 1.0 Also as an ActiveX control or download at www.microsoft.com/malwareremoveAlso as an ActiveX control or download at www.microsoft.com/malwareremove www.microsoft.com/malwareremove Deployment step-by-stsp: KB891716Deployment step-by-stsp: KB891716

28 Resources Feb. 2007 Security Bulletin Webcast (US) http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=103232326 2&EventCategory=4&culture=en-US&CountryCode=USFeb. 2007 Security Bulletin Webcast (US) http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=103232326 2&EventCategory=4&culture=en-US&CountryCode=US http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=103232326 2&EventCategory=4&culture=en-US&CountryCode=US http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=103232326 2&EventCategory=4&culture=en-US&CountryCode=US Security Bulletins Summary http://www.microsoft.com/taiwan/technet/security/bulletin/ms07-jan.mspxSecurity Bulletins Summary http://www.microsoft.com/taiwan/technet/security/bulletin/ms07-jan.mspx http://www.microsoft.com/taiwan/technet/security/bulletin/ms07-jan.mspx Security Bulletins Search www.microsoft.com/technet/security/current.aspxSecurity Bulletins Search www.microsoft.com/technet/security/current.aspx www.microsoft.com/technet/security/current.aspx Security Advisories www.microsoft.com/taiwan/technet/security/advisory/Security Advisories www.microsoft.com/taiwan/technet/security/advisory/ www.microsoft.com/taiwan/technet/security/advisory/ MSRC Blog http://blogs.technet.com/msrcMSRC Blog http://blogs.technet.com/msrc http://blogs.technet.com/msrc Notifications www.microsoft.com/technet/security/bulletin/notify.mspxNotifications www.microsoft.com/technet/security/bulletin/notify.mspx www.microsoft.com/technet/security/bulletin/notify.mspx TechNet Radio www.microsoft.com/tnradioTechNet Radio www.microsoft.com/tnradio www.microsoft.com/tnradio IT Pro Security Newsletter www.microsoft.com/technet/security/secnews/IT Pro Security Newsletter www.microsoft.com/technet/security/secnews/ www.microsoft.com/technet/security/secnews/ TechNet Security Center www.microsoft.com/taiwan/technet/securityTechNet Security Center www.microsoft.com/taiwan/technet/security www.microsoft.com/taiwan/technet/security TechNet Forum ITPro http://forums.microsoft.com/technet-cht/default.aspx?siteid=23TechNet Forum ITPro http://forums.microsoft.com/technet-cht/default.aspx?siteid=23 http://forums.microsoft.com/technet-cht/default.aspx?siteid=23 Detection and deployment guidance for the Feb 2007 security release http://support.microsoft.com/default.aspx?scid=kb;EN-US;910723Detection and deployment guidance for the Feb 2007 security release http://support.microsoft.com/default.aspx?scid=kb;EN-US;910723 http://support.microsoft.com/default.aspx?scid=kb;EN-US;910723

29 Questions and Answers Submit text questions using the “Ask a Question” buttonSubmit text questions using the “Ask a Question” button Don’t forget to fill out the surveyDon’t forget to fill out the survey For upcoming and previously recorded webcasts: http://www.microsoft.com/taiwan/technet/webcast/default.aspxFor upcoming and previously recorded webcasts: http://www.microsoft.com/taiwan/technet/webcast/default.aspx http://www.microsoft.com/taiwan/technet/webcast/default.aspx Webcast content suggestions: twwebst@microsoft.comWebcast content suggestions: twwebst@microsoft.com twwebst@microsoft.com

30

Download ppt "二月份資訊安全公告 Feb 16, 2007 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處."

Similar presentations

Patch Management Patch Management in a Windows based environment

Patch Management Patch Management in a Windows based environment
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Dial In Number 1-877-593-2001 Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.

Dial In Number Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.
ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.

ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.
XP Browser and E-mail Basics1. XP Browser and E-mail Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.

XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
Browser and E-mail Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.

Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.

Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Dial In Number 1-800-227-8104 Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.

Dial In Number Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.
IT:Network:Microsoft Applications

IT:Network:Microsoft Applications
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
Dial In Number 1-800-227-8104 PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Dial In Number PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,

Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.
Information About Microsoft Project and Project Server Cumulative December Update Adrian Jenkins Support Escalation Engineer Microsoft Corporation 1 Brian.

Information About Microsoft Project and Project Server Cumulative December Update Adrian Jenkins Support Escalation Engineer Microsoft Corporation 1 Brian.
九月份資訊安全公告 Sep 14, 2006 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處.

九月份資訊安全公告 Sep 14, 2006 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處.

Similar presentations

Ads by Google