微軟四月安全公告發(fā)布:Win7漏洞需立即修補

2010/4/14 9:47:29    編輯:軟媒 - 笨笨     字體:【

Win7之家afsion.com.cn):微軟四月安全公告發(fā)布:Win7漏洞需立即修補

微軟今天發(fā)布了四月安全公告,共11個公告,5個危急評級,修正25個系統(tǒng)中已知的安全漏洞。

其中兩個更新影響旗艦系統(tǒng)Windows 7和Windows Server 2003 R2,這些漏洞均已經(jīng)出現(xiàn)攻擊代碼,需要立即修補,它們是MS10-019、MS10-026、MS10-027(影響Win2000和XP)。詳細信息請參看微軟相關(guān)頁面。

微軟官方頁面:Microsoft Security Bulletin Summary for April 2010

Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Index Likely first 30 days impact Platform mitigations and key notes
MS10-027

(WMP)

 Victim browses to a malicious webpage. Critical 1 Likely to see reliable exploit code developed Windows Vista, Windows Server 2008, and Windows 7 not affected
MS10-026

(DirectShow)		 Victim browses to a malicious webpage or opens a malicious AVI movie. Critical 1 Likely to see reliable exploit code developed Windows 7 codec is not vulnerable.
MS10-019

(WinVerifyTrust)		 Victim double-clicks a malicious EXE or allows malicious content to run because content claims to be signed by a trusted publisher. Critical 2 Likely to see effective proof-of-concept code released to downgrade Authenticode checks from v2 down to v1. Authenticode v1 is a weaker algorithm. To reach code execution, attackers will need to find an Authenticode v1 bypass. Microsoft Update and Windows Update clients not directly vulnerable to this threat.
MS10-020

(SMB Client)

 Attacker hosts malicious SMB server within enterprise network. Attacker lures victim to click on a link that causes victim to initiate an SMB connection to the malicious SMB server. Critical 2 Proof-of-concept code already exists for denial-of-service vulnerability. May see unreliable exploit code developed for other client-side SMB vulnerabilities that most often results in denial-of-service. Egress filtering at most corporations will limit exposure to attacker within enterprise network.

Several issues with differing exploitability. Please see SRD blog for more information.
MS10-022

(VBScript)

 Victim browses to a malicious webpage and is tricked into clicking F1 on a VBScript messagebox. Important 1 Public exploit code exists for code execution after a user presses F1. Have not heard reports of real-world attacks yet, despite public exploit code. Vulnerability not reachable on Windows 7, Windows Server 2008, and Windows Vista by default. Bulletin rated defense-in-depth for those platforms.

Windows Server 2003 not vulnerable by default due to Enhanced Security Configuration.
MS10-025

(Windows Media Services)		 If a victim Windows 2000 machine has enabled Windows Media Services, an attacker can send network-based attack over port 1755 (TCP or UDP). Critical 1 Likely to see reliable exploit code developed. Only Windows 2000 is affected.
MS10-021

(Kernel)

 Attacker able to run code locally on a machine exploits a vulnerability to run code at a higher privilege level. Important 1 Likely to see reliable exploit code developed for one or more of these eight vulnerabilities. SRD blog post explaining the Windows registry link vulnerabilities.
MS10-024

(SMTP Service)

 Attacker causes SMTP Service running on 64-bit Windows Server 2003 to crash by initiating a DNS lookup handled by a malicious DNS server. Important n/a No chance for code execution. May see proof-of-concept code that crashes SMTP Service but not for Exchange. Exchange Server not directly affected by denial-of-service vulnerability because vulnerable versions never shipped as 64-bit application. Security update applies to 32-bit Exchange Server to add additional DNS protections.
MS10-028

(Visio)

 Victim opens malicious .VSD file Important 1 Visio exploits not often seen in the wild. Unsure whether we will see exploit released. Visio not installed by default with most Office installations.
MS10-023

(Publisher)

 Victim opens malicious .PUB file Important 1 Publisher exploits not often seen in the wild. Unsure whether we will see exploit released.  
MS10-029

(ISATAP)

 Attacker spoofs own source address by encapsulating iPv6 attack packet inside IPv4 wrapper. This may allow attacker to reach IPv6 destination that otherwise would be blocked. Moderate n/a May see proof-of-concept released publicly.  

Windows7之家afsion.com.cn),凝聚你我他