Presentation is loading. Please wait.

Presentation is loading. Please wait.

十二月份資訊安全公告 Dec 14, 2006 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處.

Published byCamron Willis Little Modified over 8 years ago

Similar presentations

Presentation on theme: "十二月份資訊安全公告 Dec 14, 2006 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處."— Presentation transcript:

1

2 十二月份資訊安全公告 Dec 14, 2006 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處

3 Questions and Answers Submit text questions using the “Ask a Question” buttonSubmit text questions using the “Ask a Question” button

4 What We Will Cover Recap Nov. releases known issuesRecap Nov. releases known issues Review Dec. releasesReview Dec. releases Other security resourcesOther security resources –Prepare for new WSUSSCAN.CAB architecture –IE 7 over AU –Lifecycle Information –Windows Malicious Software Removal Tool ResourcesResources Questions and answersQuestions and answers

5 Recap Nov. Known issues and MS06-066 NetwareMS06-066 Netware –Get offering even no CSNW is installed: Normal proactive patching MS06-067 IE patchMS06-067 IE patch –3rd party AP compatibility issue, see KB922760 MS06-069 Adobe Flash PlayerMS06-069 Adobe Flash Player –Re-offering, install the latest Flash Player to solve the issue MS06-070 Workstation serviceMS06-070 Workstation service –Worm vulnerability, install the patch immediately MS06-071 MSXMLMS06-071 MSXML –WSUS category/description error, fixing now. –MSXML4 install failure, see KB927978

6 Dec 2006 Security Bulletins Summary On Dec 13:On Dec 13: –7 New Security Bulletins 5 Windows (1 critical, 4 important)5 Windows (1 critical, 4 important) 1 Visual Studio (critical)1 Visual Studio (critical) 1 Media Player (critical)1 Media Player (critical) –1 re-release MS06-059 (critical) –5 High-priority non-security updates

7 November 2006 Security Bulletins Overview Bulletin Number Title Maximum Severity Rating Products Affected MS06-072 Cumulative Security Update for Internet Explorer (925454) CriticalInternet Explorer 5.01 & 6 MS06-073 Vulnerability Visual Studio 2005 Could Allow Remote Code Execution (925674) CriticalVisual Studio 2005 MS06-074 Vulnerability in SNMP Could Allow Remote Code Execution (926247) ImportantWindows 2000, XP, 2003 MS06-075 Vulnerability in Windows Could Allow Elevation of Privilege (926255) ImportantWindows XP, 2003 MS06-076 Cumulative Security Update for Outlook Express (923694) ImportantOutlook Express on Windows 2000, XP, 2003 MS06-077 Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121) ImportantWindows 2000 MS06-078Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689) CriticalWindows Media Format 7.1 – 9.5 and Windows Media Player 6.4 on Windows 2000, XP, 2003

8 December 2006 Security Bulletins Severity Summary Bulletin Number Windows 2000 SP4 Windows XP SP2 Windows Server 2003 Windows Server 2003 SP1 MS06-072 CriticalCriticalModerateCritical Windows 2000 SP4 Windows XP SP2 Windows Server 2003 Windows Server 2003 SP1 MS06-074 ImportantImportantImportantImportant MS06-075 Not Affected ImportantImportant MS06-077 Important Visual Studio 2005 MS06-073 Critical Windows Media Player 6.4 Windows 2000 SP4 Windows XP SP2 Windows Server 2003 & SP1 MS06-078 CriticalCriticalCriticalCritical Outlook Express 5.5 Outlook Express 6 Windows Vista MS06-076 ImportantImportant Not Affected

9 MS06-072: Internet Explorer – Critical Title & KB Article: Cumulative Security Update for Internet Explorer (925454) Affected Software: IE 5.01 SP4 on Windows 2000 SP4 IE 5.01 SP4 on Windows 2000 SP4 IE 6 SP1 on Windows 2000 SP4 IE 6 SP1 on Windows 2000 SP4 IE 6 for Windows XP SP2 IE 6 for Windows XP SP2 IE 6 for Windows Server 2003 RTM and SP1 IE 6 for Windows Server 2003 RTM and SP1 IE 6 for Windows Server 2003 RTM ia64 and SP1 ia64 IE 6 for Windows Server 2003 RTM ia64 and SP1 ia64 IE 6 for Windows Server 2003 x64 IE 6 for Windows Server 2003 x64 IE 6 for Windows XP Pro x64 IE 6 for Windows XP Pro x64 Replaced Updates: MS06-067 and all previous Cumulative Security Updates for Internet Explorer MS06-067 and all previous Cumulative Security Updates for Internet Explorer Vulnerabilities: CVE-2006-5577 - TIF Folder Information Disclosure VulnCVE-2006-5577 - TIF Folder Information Disclosure Vuln CVE-2006-5578 - TIF Folder Information Disclosure VulnCVE-2006-5578 - TIF Folder Information Disclosure Vuln CVE-2006-5579 - Script Error Handling Memory Corruption VulnCVE-2006-5579 - Script Error Handling Memory Corruption Vuln CVE-2006-5581 - DHTML Script Function Memory Corruption VulnCVE-2006-5581 - DHTML Script Function Memory Corruption Vuln Publicly Disclosed: No Known Exploits: No

10 MS06-072: Internet Explorer – Critical Issue Summary: Two “Remote Code Exploit” vulnerabilities and two “Information Disclosure” vulnerabilities exist in IE that could allow an attacker to run arbitrary code Fix Description: The fix modifies the handling of DHTML script function calls and script error exceptions. It also restricts OBJECT tags from exposing sensitive paths to scripts and access to cached content in the TIF folder Attack Vectors: Malicious Web Page Malicious Web Page Malicious Email Malicious Email Mitigations: A user would have to be persuaded to visit a malicious Web siteA user would have to be persuaded to visit a malicious Web site Exploitation only allows the privilege level of the logged on userExploitation only allows the privilege level of the logged on user By default, IE on Windows 2003 runs in a restricted modeBy default, IE on Windows 2003 runs in a restricted mode Outlook Express 6, Outlook 2002, and Outlook 2003 open HTML e-mail messages in the Restricted sites zoneOutlook Express 6, Outlook 2002, and Outlook 2003 open HTML e-mail messages in the Restricted sites zone Internet Explorer 7 is not affectedInternet Explorer 7 is not affected Workaround: Disable “Drag and Drop or copy and paste files”Disable “Drag and Drop or copy and paste files” Disable Active Scripting or set to “Prompt”Disable Active Scripting or set to “Prompt” Set IE security to High for Internet and Intranet zonesSet IE security to High for Internet and Intranet zones Open HTML e-mail messages in the Restricted sites zone, apply update 235309 for Outlook 2000Open HTML e-mail messages in the Restricted sites zone, apply update 235309 for Outlook 2000 Restart Requirement: NO Installation and Removal: Add/Remove Programs Add/Remove Programs Command line uninstall option Command line uninstall option Scriptable Deployment Scriptable Deployment More Information: http://www.microsoft.com/taiwan/technet/security/bulletin/ms06-072.mspx

11 MS06-073: WMI Object Broker- Critical Title & KB Article: Vulnerability Visual Studio 2005 Could Allow Remote Code Execution (925674) Affected Software: Microsoft Visual Studio 2005 Microsoft Visual Studio 2005 Replaced Updates: NONE NONE Vulnerabilities: WMI Object Broker Vulnerability - CVE-2006-4704: A remote code execution vulnerability exists in the WMI Object Broker control that the WMI Wizard uses in Visual Studio 2005. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. Publicly Disclosed: Yes Known Exploits?: Yes. CVE-2006-4704.

12 MS06-073: WMI Object Broker- Critical Issue Summary: This update resolves a public vulnerability. An attacker who has successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker who has successfully exploited this vulnerability could take complete control of an affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Fix Description: The update removes the vulnerability by modifying the way that the WMI Object Broker instantiates other controls. Attack Vectors: Malicious Web Page Malicious Web Page Emails with Malicious Components Emails with Malicious Components

13 MS06-073: WMI Object Broker- Critical Mitigations: A user would have to be persuaded to visit a malicious Web siteA user would have to be persuaded to visit a malicious Web site This ActiveX control is not in the default allow-list for ActiveX controls in Internet Explorer 7. Only customers who have explicitly approved this control by using the ActiveX Opt-in Feature are at risk to attempts to exploit this vulnerability.This ActiveX control is not in the default allow-list for ActiveX controls in Internet Explorer 7. Only customers who have explicitly approved this control by using the ActiveX Opt-in Feature are at risk to attempts to exploit this vulnerability. Exploitation only allows the same privileges as the logged on userExploitation only allows the same privileges as the logged on user The Restricted sites zone helps reduce attacks that could try to exploit this vulnerability by preventing Active Scripting/ActiveX controls from being used when reading HTML e-mail.The Restricted sites zone helps reduce attacks that could try to exploit this vulnerability by preventing Active Scripting/ActiveX controls from being used when reading HTML e-mail. The vulnerability could not be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message or must click on a link within an e-mail.The vulnerability could not be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message or must click on a link within an e-mail. By default, Internet Explorer on Windows Server 2003 runs in a restricted mode that is known as Enhanced Security Configuration.By default, Internet Explorer on Windows Server 2003 runs in a restricted mode that is known as Enhanced Security Configuration.Enhanced Security ConfigurationEnhanced Security Configuration Workaround: Disable attempts to instantiate the WMI Object Broker control within Internet Explorer (see Microsoft Knowledge Base Article 240797.)Disable attempts to instantiate the WMI Object Broker control within Internet Explorer (see Microsoft Knowledge Base Article 240797.)Microsoft Knowledge Base Article 240797Microsoft Knowledge Base Article 240797 Configure Internet Explorer to prompt before running ActiveX Controls or disable ActiveX Controls in the Internet and Local intranet security zoneConfigure Internet Explorer to prompt before running ActiveX Controls or disable ActiveX Controls in the Internet and Local intranet security zone Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX Controls and Active Scripting in these zonesSet Internet and Local intranet security zone settings to “High” to prompt before running ActiveX Controls and Active Scripting in these zones For Outlook 2000, install Outlook E-mail Security Update so that Outlook 2000 opens HTML e-mail messages in the Restricted sites zone.For Outlook 2000, install Outlook E-mail Security Update so that Outlook 2000 opens HTML e-mail messages in the Restricted sites zone. For Outlook Express 5.5 Service Pack 2, install Microsoft Security Bulletin MS04- 018 so that Outlook Express 5.5 opens HTML e-mail messages in the Restricted sites zone.For Outlook Express 5.5 Service Pack 2, install Microsoft Security Bulletin MS04- 018 so that Outlook Express 5.5 opens HTML e-mail messages in the Restricted sites zone.MS04- 018MS04- 018

14 MS06-073: WMI Object Broker- Critical Restart Requirement: This update does not require a restart unless the required services cannot be stopped by the installer. Installation and Removal: Add/Remove Programs Add/Remove Programs Command line install/uninstall option Command line install/uninstall option Scriptable Deployment Scriptable Deployment More Information: http://www.microsoft.com/taiwan/technet/security/bulletin/ms06-073.mspx

15 MS06-074: SNMP - Important Title & KB Article: Vulnerability in SNMP Could Allow Remote Code Execution (926247) Affected Software: Windows 2000 SP 4 Windows 2000 SP 4 Windows XP SP 2 Windows XP SP 2 Windows XP Pro x64 Windows XP Pro x64 Windows Server 2003 Windows Server 2003 Windows Server 2003 & Windows Server 2003 SP1 Windows Server 2003 & Windows Server 2003 SP1 Windows Server 2003 ia64 & Windows Server 2003 SP1 ia64 Windows Server 2003 ia64 & Windows Server 2003 SP1 ia64 Windows Server 2003 x64 Windows Server 2003 x64 Replaced Updates: None None Vulnerabilities: CVE-2006-5583 CVE-2006-5583 Publicly Disclosed: No Known Exploits?: No

16 MS06-074: SNMP - Important Issue Summary: A remote code execution vulnerability exists in SNMP Service that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. Fix Description: The update removes the vulnerability by modifying the way that SNMP Service validates the length of a message before it passes the message to the allocated buffer. Attack Vectors: Malicious packet transmission over the network Malicious packet transmission over the network Mitigations: SNMP service is not installed by default. SNMP service is not installed by default. For customers who require the affected component, firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. For customers who require the affected component, firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Workaround: Restrict the IP addresses that are allowed to manage the computer. Restrict the IP addresses that are allowed to manage the computer. Block UDP port 161 at the firewall. Block UDP port 161 at the firewall. To help protect from network-based attempts to exploit this vulnerability, use a personal firewall, such as the Windows Firewall, which is included with Windows XP. To help protect from network-based attempts to exploit this vulnerability, use a personal firewall, such as the Windows Firewall, which is included with Windows XP. Restart Requirement: Yes Installation and Removal: Add/Remove Programs Add/Remove Programs Command line uninstall option Command line uninstall option Scriptable Deployment Scriptable Deployment More Information: http://www.microsoft.com/taiwan/technet/security/bulletin/ms06-074.mspx

17 MS06-075: File Manifest - Important Title & KB Article: Vulnerability in Windows Could Allow Elevation of Privilege (926255) Affected Software: Windows XP SP 2 Windows XP SP 2 Windows Server 2003 Windows Server 2003 Windows Server 2003 ia64 Windows Server 2003 ia64 Replaced Updates: None None Vulnerabilities: File Manifest Corruption Vulnerability - CVE-2006-5585File Manifest Corruption Vulnerability - CVE-2006-5585 Publicly Disclosed: No Known Exploits?: No

18 MS06-075: File Manifest - Important Issue Summary: A privilege elevation vulnerability exists in the way that Microsoft Windows starts applications with specially crafted file manifests. This vulnerability could allow a logged on user to take complete control of the system. privilege elevationprivilege elevation Fix Description: The update removes the vulnerability by modifying the way that Client Server Run- time Subsystem validates embedded file manifests before it passes data to the allocated buffer. This security update corrects an integer overflow in sxs.dll. Any application that uses side-by-side assemblies with Requested Privileges section may BSOD the machine. Compctl32.dll and GDIplus.dll are two side-by-side assemblies commonly used by Microsoft. In the worst case a local authenticated user can run execute code before the machine BSOD; therefore local EoP (from local to system is possible). Attack Vectors: Logged on user Logged on user Mitigations: An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. The vulnerability could not be exploited remotely or by anonymous users. Workaround: None None Restart Requirement: Yes Yes Installation and Removal: Add/Remove Programs Add/Remove Programs Command line uninstall option Command line uninstall option Scriptable Deployment Scriptable Deployment More Information: http://www.microsoft.com/taiwan/technet/security/bulletin/ms06-075.mspx

19 MS06-076: Outlook Express- Important Title & KB Article: Cumulative Security Update for Outlook Express (923694) Affected Software: Win2K SP4 WinXP SP2, x64 Edition Win2K3 and Win2K3 SP1, 2K3 Itanium & Sp1 for Itanium, Win2K3 x64 OE 5.5 SP2 on Win2K SP4 OE 6 SP1 on WinXP SP2 OE 6 on WinXP SP2, x64 Edition OE 6 on Win2K3 and Win2K3 SP1, x64 Edition, Itanium & Itanium SP1 Replaced Updates: MS06-016MS06-016 & MS06-043 with OE6 on WinXP SP2 & x64 and OE6 on Win2K3 Sp1 & x64 MS06-043 MS06-016MS06-043 Vulnerabilities: CVE-2006-2386: Windows Address Book Contact Record Publicly Disclosed: CVE-2006-2386 – No Known Exploits?: No

20 Issue Summary: CVE-2006-2386: An unchecked buffer in the Windows Address Book (WAB) functions within Outlook Express leads a remote code execution attacks Fix Description: CVE-2006-2386: Removes the vulnerability by modifying the way that Outlook Express, when using a.wab file, validates the length of a field before it passes it to the allocated buffer Attack Vectors: Malicious Email Malicious Email Malicious Web Page Malicious Web Page Mitigations: A user would have to be persuaded to visit a malicious Web site A user would have to be persuaded to visit a malicious Web site Exploitation only allows the same privileges as the logged on user Exploitation only allows the same privileges as the logged on user A user must open an attachment that is sent in an e-mail A user must open an attachment that is sent in an e-mail Workaround: Back up and remove the.wab file association Impact of Workaround: Users will not be able to open address books by double clicking them. They will have to manually start the Windows Address Book application and pass the address book to be used as a command line parameter or they can import the address book from the File menu. This does not affect the use of address books in Outlook Express Restart Requirement No No Installation and Removal: Add/Remove Programs, Command line uninstall option Add/Remove Programs, Command line uninstall option Scriptable Deployment Scriptable Deployment More Information: http://www.microsoft.com/taiwan/technet/security/bulletin/ms06-076.mspx MS06-076: Outlook Express- Important

21 MS06-077: RIS - Important Title & KB Article: Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121) Affected Software: Windows 2000 SP4 ONLY Windows 2000 SP4 ONLY Replaced Updates: None None Vulnerabilities: CVE-2006-5584 - RIS Writable Path Vulnerability CVE-2006-5584 - RIS Writable Path Vulnerability Publicly Disclosed: No Known Exploits?: No

22 MS06-077: RIS - Important Issue Summary: RIS allows anonymous access to the file structure of a hosted operating system build through the TFTP service. Fix Description: The update prevents anonymous TFTP users the ability to write to the RIS hosted operating system build’s file structure by adding the registry key identified in the Workarounds section of the bulletin. Attack Vectors: Malicious packet transmission over the network Malicious packet transmission over the network Mitigations: An attacker would need TFTP access to exploit this vulnerability An attacker would need TFTP access to exploit this vulnerability RIS is not installed by default RIS is not installed by default Standard Firewall configurations should block this from the web Standard Firewall configurations should block this from the web Workaround: Configure the TFTP service as read only Configure the TFTP service as read only Disable the TFTP Service Disable the TFTP Service Block UDP port 69 at the firewall Block UDP port 69 at the firewall Restart Requirement: No Installation and Removal: Add/Remove Programs Add/Remove Programs Command line uninstall option Command line uninstall option Scriptable Deployment Scriptable Deployment More Information: http://www.microsoft.com/taiwan/technet/security/bulletin/ms06-077.mspx

23 MS06-078: Windows Media Player - Critical Title & KB Article: Vulnerability in Windows Media Player Could Allow Remote Code Execution KB 925398 addresses Windows Media Player 6.4 KB 925398 addresses Windows Media Player 6.4 KB 923689 addresses Windows Media Format Runtimes KB 923689 addresses Windows Media Format Runtimes Affected Software: Microsoft Windows Media Format 7.1 through 9.5 Series Runtime on the following operating system versions Microsoft Windows Media Format 7.1 through 9.5 Series Runtime on the following operating system versions Microsoft Windows 2000 Service Pack 4 - (KB923689) Microsoft Windows 2000 Service Pack 4 - (KB923689) Microsoft Windows XP Service Pack 2 - (KB923689) Microsoft Windows XP Service Pack 2 - (KB923689) Microsoft Windows XP Professional x64 Edition - (KB923689) Microsoft Windows XP Professional x64 Edition - (KB923689) Microsoft Windows Server 2003 or Microsoft Windows Server 2003 Service Pack 1 - (KB923689) Microsoft Windows Server 2003 or Microsoft Windows Server 2003 Service Pack 1 - (KB923689) Microsoft Windows Server 2003 x64 Edition - (KB923689) Microsoft Windows Server 2003 x64 Edition - (KB923689) Affected Software: Microsoft Windows Media Format 9.5 Series Runtime x64 Edition on the following operating system versions: Microsoft Windows Media Format 9.5 Series Runtime x64 Edition on the following operating system versions: Microsoft Windows XP Professional x64 Edition - (KB923689) Microsoft Windows XP Professional x64 Edition - (KB923689) Microsoft Windows Server 2003 x64 Edition - (KB923689) Microsoft Windows Server 2003 x64 Edition - (KB923689) Microsoft Windows Media Player 6.4 on the following operating system versions: Microsoft Windows Media Player 6.4 on the following operating system versions: Windows 2000 Service Pack 4 - (KB925398) Windows 2000 Service Pack 4 - (KB925398) Microsoft Windows XP Service Pack 2 - (KB925398) Microsoft Windows XP Service Pack 2 - (KB925398) Microsoft Windows XP Professional x64 Edition – (KB925398) Microsoft Windows XP Professional x64 Edition – (KB925398) Microsoft Windows Server 2003 or on Microsoft Windows Server 2003 Service Pack 1 – (KB925398) Microsoft Windows Server 2003 or on Microsoft Windows Server 2003 Service Pack 1 – (KB925398) Microsoft Windows Server 2003 x64 Edition – (KB925398) Microsoft Windows Server 2003 x64 Edition – (KB925398)

24 Replaced Updates: None None Vulnerabilities: CVE-2006-4702 Windows Media Format Vulnerability CVE-2006-4702 Windows Media Format Vulnerability CVE-2006-6134 Windows Media Format WMVCORE ASX Vulnerability CVE-2006-6134 Windows Media Format WMVCORE ASX Vulnerability Publicly Disclosed: No No Known Exploits?: No No MS06-078: Windows Media Player - Critical

25 Issue Summary: Buffer overflow Buffer overflow Remote Code Execution Remote Code Execution WMV Core WMV Core ASF exploited ASF exploited ASX exploited ASX exploited Fix Description: Update modifies WMVCORE validation process. Update modifies WMVCORE validation process. Attack Vectors: Malicious Web Page Malicious Web Page Malicious Email Malicious Email Mitigations: Requires accessing malicious Web site/ opening malicious email Requires accessing malicious Web site/ opening malicious email Exploitation only allows the same privileges as the logged on user Exploitation only allows the same privileges as the logged on user By default, IE on Windows 2003 runs in a restricted mode By default, IE on Windows 2003 runs in a restricted mode Windows Media Format 11 runtime is not affected by this vulnerability and could be used to prevent an attempt to exploit this vulnerability. Windows Media Format 11 runtime is not affected by this vulnerability and could be used to prevent an attempt to exploit this vulnerability. Workaround: Disable the Windows Media Player ActiveX controls from running in Internet Explorer Disable the Windows Media Player ActiveX controls from running in Internet Explorer Modify the Access Control List on Strmdll.dll to prevent shell based attacks on players on Windows 2000 Modify the Access Control List on Strmdll.dll to prevent shell based attacks on players on Windows 2000 Unregister Shmedia.dll to prevent shell based attacks on players Windows XP and Windows 2003 Unregister Shmedia.dll to prevent shell based attacks on players Windows XP and Windows 2003 MS06-078: Windows Media Player - Critical

26 Restart Requirement: None, if required services are terminable. None, if required services are terminable. Installation and Removal: Add/ Remove Programs Add/ Remove Programs Command line uninstall option Command line uninstall option Scriptable Deployment Scriptable Deployment More Information: http://www.microsoft.com/taiwan/technet/security/bulletin/ms06-078.mspx http://www.microsoft.com/taiwan/technet/security/bulletin/ms06-078.mspxhttp://www.microsoft.com/taiwan/technet/security/bulletin/ms06-078.mspx MS06-078: Windows Media Player - Critical

27 Re-Release of MS06-059- Excel Critical Install MS06-059 might fail if ALL conditions are true:Install MS06-059 might fail if ALL conditions are true: –Running Excel 2002 –MSI 2.0 –Previously installed MS06-037 Details:Details: –Basically, because the 059 patch does not contain the MSI 2.0 patch code for 037, installing Excel 2002’s 059 on top of 037 will trigger a Windows Installer 2.0 bug in some cases & result in excel.exe not getting updated to version 6816. Resolution: Install MS06-059 v2Resolution: Install MS06-059 v2

28 Detection and Deployment BulletinComponent Office UpdateWU/MU MBSA 1.2 + ODT MBSA 2.0/ 2.0.1SUSWSUSEST SMS SUIT SMS ITMU Detect and deploy Detect only Detect and deploy Detect only Detect and deploy MS06- 072 Microsoft Internet Explorer Not applicableYes Not applicabl eYes MS06- 073 Microsoft Visual Studio Not applicableYesNoYesNoYes Yes, with ESUITYes MS06- 074SNMP Not applicableYes Not applicabl eYes MS06- 075 File Manifest Not applicableYes Not applicabl eYes MS06- 076 Microsoft Outlook Express Not applicableYesNoYes Yes, with ESUITYes MS06- 077 Remote Installation Services (RIS) Not applicableYesNoYes MS06- 078 Windows Media Player Not applicableYesPartialYes Yes, with ESUITPartial

29 Other Update Information BulletinRestartUninstallReplaces On products MS06-072 YesYes MS06-067 and all previous Cumulative Security Updates for IE IE 5.01SP4, IE6, IE6 SP1 MS06-073 MaybeYesN/A Visual Studio 2005 MS06-074 YesYesN/A Windows 2000 SP4, XPSP2, W2K3, W2K3SP1 MS06-075 YesYesN/A XPSP2 and W2K3 MS06-076 NoYes MS06-016 & MS06-043 with OE 6 on WinXP SP2 & x64 and OE 6 on W2K3 SP1 & x64 OE 5.5 SP2 and OE6 MS06-077 NoYesN/A W2K Only MS06-078 MaybeYesN/A Microsoft Windows Media Format 7.1 through 9.5 Series Runtime on the following operating system versions Microsoft Windows Media Format 7.1 through 9.5 Series Runtime on the following operating system versions Microsoft Windows Media Player 6.4 Microsoft Windows Media Player 6.4

30 December 2006 Non-Security Updates NUMBERTITLEDistribution 911897 Update for Windows Server WU, MU 926251 Update for Windows XP Media Center Edition for 2005 WU, MU 928388 Update for Windows WU, MU 929120 Update for Windows WU, MU 924886 Update for Office 2003 MU

31 New WSUSSCAN.CAB architecture New architecture for wsusscan.cab begins since November 2006 Support for existing wsusscan.cab architecture ends on March 2007 SMS ITMU customers: download and deploy updated version of the SMS ITMU – –http://www.microsoft.com/technet/downloads/sms/2003/tools/msupdates.mspxhttp://www.microsoft.com/technet/downloads/sms/2003/tools/msupdates.mspx MBSA 2.0 offline scan customers: – –Download updated version of MBSA 2.0.1 now – –Or download the new offline scan file, wsusscn2.cab, by clicking http://go.microsoft.com/fwlink/?LinkId=76054. Save this file to C:\Documents and Settings\ \Local Settings\Application Data\Microsoft\MBSA\2.0\Cache\wsusscn2.cab. http://go.microsoft.com/fwlink/?LinkId=76054 If you only run MBSA 2.0 in the online mode, do anything. See Microsoft KB Article 926464 for more information – –http://support.microsoft.com/kb/926464http://support.microsoft.com/kb/926464

32 IE 7 over AU Manual download (EN version) is available.Manual download (EN version) is available. Internet Explorer 7 began distribution over AU in November 2006Internet Explorer 7 began distribution over AU in November 2006 –ZH version schedule see announcement below! Internet Explorer 7 Blocker Toolkit available for enterprise customersInternet Explorer 7 Blocker Toolkit available for enterprise customers –Blocks automatic delivery of Internet Explorer 7 For additional information see:For additional information see: –http://www.microsoft.com/technet/updatemanagement/windowsu pdate/ie7announcement.mspx

33 Lifecycle Support Information Software Update Services (SUS) 1.0Software Update Services (SUS) 1.0 –Old deadline of 6 December 2006 has CHANGED to 10 July 2007 –Information on upgrading: http:// –Information on upgrading: http:// www.microsoft.com/windowsserversystem/updateservices/evaluation/previou s/default.mspx http:// www.microsoft.com/windowsserversystem/updateservices/evaluation/previou s/default.mspx Public security support for Windows XP SP1 and Office 2003 SP1 HAS ENDED as of 10 October 2006Public security support for Windows XP SP1 and Office 2003 SP1 HAS ENDED as of 10 October 2006 –No Security Updates for Windows XP SP1 or Office 2003 SP1 starting in November 2006 –Remaining Windows XP SP1, Office 2003 SP1 customers should upgrade to Windows XP SP2, Office 2003 SP2 right away Public security support for Windows 98, 98 SE, and Millennium Edition HAS ENDED as of 11 July 2006Public security support for Windows 98, 98 SE, and Millennium Edition HAS ENDED as of 11 July 2006 –See www.microsoft.com/lifecycle for more information www.microsoft.com/lifecycle Microsoft Forefront Client Security Beta open to download.Microsoft Forefront Client Security Beta open to download. –http://www.microsoft.com/taiwan/forefront/default.mspx http://www.microsoft.com/taiwan/forefront/default.mspx

34 Windows Malicious Software Removal Tool – KB890830 Twenty-fourth monthly incremental update.Twenty-fourth monthly incremental update. The Oct update adds the ability to remove:The Oct update adds the ability to remove: –Win32/Beenut Available as priority update through Windows Update or Microsoft Update for Windows XP usersAvailable as priority update through Windows Update or Microsoft Update for Windows XP users –Offered through WSUS; not offered through SUS 1.0 Also as an ActiveX control or download at www.microsoft.com/malwareremoveAlso as an ActiveX control or download at www.microsoft.com/malwareremove www.microsoft.com/malwareremove Deployment step-by-stsp: KB891716Deployment step-by-stsp: KB891716

35 Resources Nov. Security Bulletin Webcast (US) http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en- US&EventID=1032313212Nov. Security Bulletin Webcast (US) http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en- US&EventID=1032313212 http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en- US&EventID=1032313212 http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en- US&EventID=1032313212 Security Bulletins Summary http://www.microsoft.com/taiwan/technet/security/bulletin/ms06-nov.mspxSecurity Bulletins Summary http://www.microsoft.com/taiwan/technet/security/bulletin/ms06-nov.mspx http://www.microsoft.com/taiwan/technet/security/bulletin/ms06-nov.mspx Security Bulletins Search www.microsoft.com/technet/security/current.aspxSecurity Bulletins Search www.microsoft.com/technet/security/current.aspx www.microsoft.com/technet/security/current.aspx Security Advisories www.microsoft.com/taiwan/technet/security/advisory/Security Advisories www.microsoft.com/taiwan/technet/security/advisory/ www.microsoft.com/taiwan/technet/security/advisory/ MSRC Blog http://blogs.technet.com/msrcMSRC Blog http://blogs.technet.com/msrc http://blogs.technet.com/msrc Notifications www.microsoft.com/technet/security/bulletin/notify.mspxNotifications www.microsoft.com/technet/security/bulletin/notify.mspx www.microsoft.com/technet/security/bulletin/notify.mspx TechNet Radio www.microsoft.com/tnradioTechNet Radio www.microsoft.com/tnradio www.microsoft.com/tnradio IT Pro Security Newsletter www.microsoft.com/technet/security/secnews/IT Pro Security Newsletter www.microsoft.com/technet/security/secnews/ www.microsoft.com/technet/security/secnews/ TechNet Security Center www.microsoft.com/taiwan/technet/securityTechNet Security Center www.microsoft.com/taiwan/technet/security www.microsoft.com/taiwan/technet/security TechNet Forum ITPro http://forums.microsoft.com/technet-cht/default.aspx?siteid=23TechNet Forum ITPro http://forums.microsoft.com/technet-cht/default.aspx?siteid=23 http://forums.microsoft.com/technet-cht/default.aspx?siteid=23 Detection and deployment guidance for the December 2006 security release http://support.microsoft.com/kb/929656Detection and deployment guidance for the December 2006 security release http://support.microsoft.com/kb/929656 http://support.microsoft.com/kb/929656

36 Questions and Answers Submit text questions using the “Ask a Question” buttonSubmit text questions using the “Ask a Question” button Don’t forget to fill out the surveyDon’t forget to fill out the survey For upcoming and previously recorded webcasts: http://www.microsoft.com/taiwan/technet/webcast/default.aspxFor upcoming and previously recorded webcasts: http://www.microsoft.com/taiwan/technet/webcast/default.aspx http://www.microsoft.com/taiwan/technet/webcast/default.aspx Webcast content suggestions: twwebst@microsoft.comWebcast content suggestions: twwebst@microsoft.com twwebst@microsoft.com

37

Download ppt "十二月份資訊安全公告 Dec 14, 2006 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處."

Similar presentations

Patch Management Patch Management in a Windows based environment

Patch Management Patch Management in a Windows based environment
Dial In Number 1-877-593-2001 Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.

Dial In Number Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.
IMS Client Installation Procedures 1. Copy the Voicemail Pro from the shared folder on the Voicemail Pro server. Go to Start, Run, and \\ or \\

IMS Client Installation Procedures 1. Copy the Voic Pro from the shared folder on the Voic Pro server. Go to Start, Run, and \\ or \\
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Changes in Windows XP Service Pack 2

Changes in Windows XP Service Pack 2
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.
Information for Developers Windows XP Service Pack 2 Information for Developers.

Information for Developers Windows XP Service Pack 2 Information for Developers.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.
Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.

Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Dial In Number 1-800-227-8104 Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.

Dial In Number Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.
Group Policy in Microsoft Windows Active Directory.

Group Policy in Microsoft Windows Active Directory.

Similar presentations

Ads by Google