Wednesday, November 15, 2006

Microsoft sửa 9 lổ hổng

Đánh giá của SANS về những miếng vá này:

# Affected Contra Indications Known Exploits Microsoft rating ISC rating(*)
clients servers
MS06-066 Netware client services - remote code execution & DoS

CVE-2006-4688
CVE-2006-4689
No known problems

KB 923980
PoC exploits available in for pay program Important Less Urgent Less Urgent
MS06-067 Internet Explorer - remote code execution

CVE-2006-4446
CVE-2006-4777
CVE-2006-4687
No known problems

KB 922760
Actively exploited on websites in the wild

websense
Critical PATCH NOW Important
MS06-068 Microsoft Agent - remote code execution

CVE-2006-3445
No known problems

KB 920213
No known exploits
Critical Critical Less urgent
MS06-069 Adobe flash player - remote code execution

CVE-2006-3014
CVE-2006-3311
CVE-2006-3587
CVE-2006-3588
CVE-2006-4640
No known problems

KB 923789
No known exploits
Critical Critical Less urgent
MS06-070 Workstation service - remote code execution

CVE-2006-4691
No known problems

KB 924270
Vulnerability details are public ;
Exploit publicly available
Critical Critical Critical
MS06-071 XML Core services

CVE-2006-5745
No known problems

KB 928088
also:
KB 927977
KB 927978
Exploits publicly available
Critical PATCH NOW Important

Security Fix cũng có bài phân tích chi tiết các bảng vá này:

The new patches fix at least three vulnerabilities in Internet Explorer that hackers could use to install malicious software just by getting victims to visit a specially crafted Web site. One of the IE problems also is exploitable if a recipient merely views a tainted HTML message in an e-mail preview pane. Microsoft said the IE flaws are far less of a problem on Windows Server 2003 systems and for users of IE7, as the default security settings on those systems won't allow exploitation of the flaws.

Như thường lệ, bạn có thể cập nhật máy tính của mình bằng cách truy cập vào website Microsoft Update hoặc sử dụng tính năng Automatic Updates có sẵn trong Windows. Quản trị viên hệ thống có thể sử dụng WSUS hay SUS để phân phối các miếng vá xuống hệ thống máy chủ của mình. Hãy nhanh chân!

No comments: