首页 -> 安全研究

安全研究

紧急通告
绿盟科技紧急通告(Alert2007-07)

NSFOCUS安全小组(security@nsfocus.com)
http://www.nsfocus.com

微软发布6月份安全公告 修复多个严重安全漏洞

发布日期:2007-06-13


综述:
======
微软发布了6月份的6篇安全公告,这些公告描述并修复了15个安全漏洞,其中7个漏洞属于“紧急”风险级别。攻击者利用这些漏洞可能远程入侵并完全控制客户端或服务器系统。

我们强烈建议使用Windows操作系统的用户立刻检查一下您的系统是否受此漏洞影响,并按照我们提供的解决方法予以解决。

分析:
======
微软发布了6月份的6篇最新的安全公告:MS07-030到MS07-035。这些安全公告分别描述了15个安全问题,分别是有关各版本的Microsoft Windows、IE、Outlook Express和Windows Mail等产品和服务中的漏洞。

1. MS07-030 Microsoft Visio中的安全漏洞可能允许远程代码执行(927051)

    - 受影响软件:
    
    Microsoft Visio 2002 Service Pack 2 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=FC1D0483-27E8-4541-B81D-4A47973BEA30    
    
    Microsoft Visio 2003 Service Pack 2 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=C47F432E-8538-42FD-92C9-7E0F1D643E8E
        
    - 漏洞描述:

    Microsoft Visio处理Visio(.VSD、VSS或.VST)文件中的特制版本号及Visio文
    件格式中的打包对象的方式存在远程代码执行漏洞。帐号配置为较少权限的用户
    比以管理员权限运行的用户所受影响要低,必须要求用户交互才能利用这些漏洞。
    
    风险级别和漏洞标识
______________________________________________________________________
|受影响软件   |Visio版本内存破坏漏洞 |Visio文档封装漏洞 |所有漏洞总体|
|             |CVE-2007-0934         |CVE-2007-0936     |风险级别    |
|_____________|______________________|__________________|____________|
|Microsoft    |                      |                  |            |
|Visio 2002   |重要                  | 重要             |  重要      |
|             |远程执行代码          | 远程执行代码     |            |
|_____________|______________________|__________________|____________|
|Microsoft    |                      |                  |            |
|Visio 2003   |重要                  | 重要             |  重要      |
|             |远程执行代码          | 远程执行代码     |            |
|_____________|______________________|__________________|____________|

    
    - 临时解决方案:

    * 使用Microsoft Visio Viewer 2003或Microsoft Visio Viewer 2007打开和查
    看文件。
    * 不要打开或保存从不受信任来源或从受信任来源意外收到的Microsoft Visio文件。
                  
    - 厂商补丁:                

    微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带的
    "Windows update"功能下载最新补丁。
    
    您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:
    http://www.microsoft.com/china/technet/security/bulletin/MS07-030.mspx
    
2. MS07-031 - Windows Schannel安全软件包中的漏洞可能允许远程执行代码(935840)

    - 受影响系统:
    
    Microsoft Windows 2000 Service Pack 4 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=5b8e728c-cb9f-4176-93a0-bf42d6387f93
    
    Windows XP Service Pack 2 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=8615e6f3-415b-4c23-ba52-7eef70a11d77
    
    Windows XP Professional x64 Edition和Windows XP Professional x64 Edition
    Service Pack 2 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=7e994340-c616-4f66-845b-7eaf095e968a

    Microsoft Windows Server 2003 Service Pack 1和Microsoft Windows Server
    2003 Service Pack 2 — 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=39e6c6d2-7e6f-4992-a731-36f44fe2d87f

    Microsoft Windows Server 2003 x64 Edition Service Pack 1和Microsoft Windows
    Server 2003 x64 Edition Service Pack 2 — 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=da424772-079c-4351-9759-8886e0f1ba79
    
    Microsoft Windows Server 2003 with SP1 for Itanium-based Systems和Microsoft
    Windows Server 2003 with SP2 for Itanium-based Systems — 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=028592ff-2b69-472e-b186-bd2cc76bdfa4

    - 漏洞描述:

    Schannel安全软件包实现安全套接字层(SSL)和传输层安全(TLS)Internet标
    准认证协议。如果用户使用Internet Web浏览器查看特制网页或使用利用SSL/TLS
    的应用程序,则此漏洞可能允许远程执行代码。但是,利用此漏洞的尝试最有可
    能导致Internet Web浏览器或应用程序退出。重新启动系统之前,系统不能使用
    SSL或TLS连接到网站或资源。

    风险级别和漏洞标识
__________________________________________________
|受影响软件       |Windows Schannel |总体风险级别 |
|                 |安全软件包漏洞   |             |
|                 |CVE-2007-2218    |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows 2000     |中等             | 中等        |
|SP4              |拒绝服务         |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows XP       |紧急             | 紧急        |
|SP2              |远程代码执行     |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows XP Pro   |紧急             | 紧急        |
|x64版和XP Pro x64|远程代码执行     |             |
|版SP2            |                 |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows Server   |重要             | 重要        |
|2003 SP1和Windows|拒绝服务         |             |
|Server 2003 SP2  |                 |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows Server   |重要             | 重要        |
|2003 x64版和     |拒绝服务         |             |
|Windows Server   |                 |             |
|2003 x64版SP2    |                 |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows Server   |重要             | 重要        |
|2003 with SP1    |拒绝服务         |             |
|for Itanium-based|                 |             |
|Systems和Windows |                 |             |
|Server 2003 with |                 |             |
|SP2 for Itanium- |                 |             |
|based Systems    |                 |             |
|_________________|_________________|_____________|            
    
    - 临时解决方案:
    
    无
    
    - 厂商补丁:                

    微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带
    的"Windows update"功能下载最新补丁。

    您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:
    http://www.microsoft.com/china/technet/security/bulletin/MS07-031.mspx
    
3. MS07-032 Windows Vista中的漏洞可能导致信息泄露(931213)

    - 受影响软件:
  
    Windows Vista — 下载更新:
    http://www.microsoft.com/downloads/details.aspx?displaylang=zh-cn&FamilyID=cdf79d00-6f34-404b-8ad5-a2801ff35443
    
    Windows Vista x64 Edition — 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=89dde3f4-4123-4c97-86d8-00a83462c34b

    - 漏洞描述:

    Windows Vista中存在一个信息泄露漏洞,可能允许非特权用户访问本地用户信息
    存储,包括注册表和本地文件系统中包含的管理密码。该漏洞可能允许本地攻击
    者访问用户帐户数据,然后使用该数据来尝试获得受影响系统的完全访问权限。

    风险级别和漏洞标识
__________________________________________________
|受影响软件       |宽松的用户信息存 |总体风险级别 |
|                 |储ACL信息泄露漏洞|             |
|                 |CVE-2007-2229    |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows Vista    |中等             | 中等        |
|                 |信息泄露         |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows Vista    |中等             | 中等        |
|x64版            |信息泄露         |             |
|_________________|_________________|_____________|
  
    - 临时解决方案:
    
    无
    
    - 厂商补丁:                

    微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带的
    "Windows update"功能下载最新补丁。

    您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:
    http://www.microsoft.com/china/technet/security/bulletin/MS07-025.mspx
    
4. MS07-033 - Internet Explorer累计安全更新(933566)
  
    - 受影响软件:
    
    操作系统:Microsoft Windows 2000 Service Pack 4
    组件:
    Microsoft Internet Explorer 5.01 Service Pack 4 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?displaylang=zh-cn&FamilyID=3B49F1ED-ABE3-4DBD-A91D-973415658F6B
    
    Microsoft Internet Explorer 6 Service Pack 1 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=5C958650-28D2-4DD0-96A8-DBFE79CE3F68
    
    操作系统:Windows XP Service Pack 2
    组件:Microsoft Internet Explorer 6 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=60FB294E-A8E1-405E-A289-2D2723EDF7EE
    
    操作系统:Windows XP Professional x64 Edition和Windows XP Professional
    x64 Edition Service Pack 2
    组件:Microsoft Internet Explorer 6 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=086D6D6E-4703-4C6C-A7AF-B6DAFEEEDE5D
    
    操作系统:Windows Server 2003 Service Pack 1和Windows Server 2003 Service
    Pack 2
    组件:Microsoft Internet Explorer 6 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=7ED19127-5C2D-48E4-A8D1-090DC69FD68B
        
    操作系统:Windows Server 2003 x64 Edition和Windows Server 2003 x64 Edition
    Service Pack 2
    组件:Microsoft Internet Explorer 6 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=1449EB5D-6E4C-4332-8CB6-AB9EE59C9A95
        
    操作系统:Windows Server 2003 with SP1 for Itanium-based Systems和Windows
    Server 2003 with SP2 for Itanium-based Systems
    组件:Microsoft Internet Explorer 6 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=B628A3CC-A70C-478A-A10C-EEE254EE34AB
    
    操作系统:Windows XP Service Pack 2
    组件:Microsoft Internet Explorer 7 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=C2191703-8CBD-4959-9F84-E13F21173926
    
    操作系统:Windows XP Professional x64 Edition和Windows XP Professional
    x64 Edition Service Pack 2
    组件:Microsoft Internet Explorer 7 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=69C526B8-8B07-42BC-9BED-E18DEAE21C8E
    
    操作系统:Windows Server 2003 Service Pack 1和Windows Server 2003 Service
    Pack 2
    组件:Microsoft Internet Explorer 7 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=A074D9C0-1FED-4753-845E-073CFCE99F45
        
    操作系统:Windows Server 2003 x64 Edition和Windows Server 2003 x64 Edition
    Service Pack 2
    组件:Microsoft Internet Explorer 7 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=744ACB43-64DA-48CC-AE69-9386B597EABC
        
    操作系统:Windows Server 2003 with SP1 for Itanium-based Systems和Windows
    Server 2003 with SP2 for Itanium-based Systems
    组件:Microsoft Internet Explorer 7 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=069C1560-B5E5-4DFE-A18D-E0507D406028
    
    操作系统:Windows Vista
    组件:Microsoft Internet Explorer 7 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=9B4D2FA7-D81E-499D-93C7-F64DC53B11B2
        
    操作系统:Windows Vista x64 Edition    
    组件:Microsoft Internet Explorer 7 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=77287386-48EB-4AA9-9537-626A3093AAF7

    - 漏洞描述:

    Internet Explorer中存在多个安全漏洞。如果用户使用Internet Explorer查看
    了特制网页,那么其中一个漏洞可能允许远程执行代码,一个漏洞可能允许欺骗,
    也可能涉及某特制网页。在所有远程执行代码情形中,帐户被配置为拥有较少用
    户权限的用户比具有管理用户权限的用户受到的影响要小。对于欺骗情形来说,
    漏洞利用需要用户交互。

    风险级别和漏洞标识
________________________________________________________________________________________________________
|受影响软件|COM对象实例化|CSS标记内存  |语言安装包   |未初始化     |导航取消页   |语音控制     |所有漏洞|
|          |内存破坏漏洞 |破坏漏洞     |漏洞         |内存破坏漏洞 |欺骗漏洞     |内存破坏漏洞 |总体风险|
|          |CVE-2007-0218|CVE-2007-1750|CVE-2007-3027|CVE-2007-1751|CVE-2007-1752|CVE-2007-2222|级别    |
|__________|_____________|_____________|_____________|_____________|_____________|_____________|________|
|          |             |             |             |             |             |             |        |
|IE 5.01和 |             |             |             |             |             |             |        |
|6 SP1     |             |             |             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|_____________|_____________|________|
|          |             |             |             |             |             |             |        |
|2000 SP4  |紧急         | 无          |紧急         |紧急         | 无          |紧急         | 紧急   |
|上的IE    |远程执行代码 |             |远程执行代码 |远程执行代码 |             |远程执行代码 |        |
|5.01 SP4  |             |             |             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|_____________|_____________|________|
|          |             |             |             |             |             |             |        |
|2000 SP4  |紧急         | 紧急        |紧急         |紧急         | 无          |紧急         | 紧急   |
|上的IE 6  |远程执行代码 |远程执行代码 |远程执行代码 |远程执行代码 |             |远程执行代码 |        |
|SP1       |             |             |             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|_____________|_____________|________|
|          |             |             |             |             |             |             |        |
|IE 6      |             |             |             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|_____________|_____________|________|
|          |             |             |             |             |             |             |        |
|XP SP2上的|紧急         |紧急         |紧急         |紧急         | 无          |紧急         | 紧急   |
|IE 6      |远程执行代码 |远程执行代码 |远程执行代码 |远程执行代码 |             |远程执行代码 |        |
|__________|_____________|_____________|_____________|_____________|_____________|_____________|________|
|          |             |             |             |             |             |             |        |
|XP x64版和|紧急         |紧急         |紧急         |紧急         | 无          |紧急         | 紧急   |
|XP x64 SP2|远程执行代码 |远程执行代码 |远程执行代码 |远程执行代码 |             |远程执行代码 |        |
|的IE 6    |             |             |             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|_____________|_____________|________|
|Server    |             |             |             |             |             |             |        |
|2003 SP1  |中等         |紧急         |紧急         |中等         | 无          |中等         | 紧急   |
|和Server  |远程执行代码 |远程执行代码 |远程执行代码 |远程执行代码 |             |远程执行代码 |        |
|2003 SP2  |             |             |             |             |             |             |        |
|的IE 6    |             |             |             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|_____________|_____________|________|
|Server    |             |             |             |             |             |             |        |
|2003 x64  |中等         |紧急         |紧急         |中等         | 无          |中等         | 紧急   |
|和Server  |远程执行代码 |远程执行代码 |远程执行代码 |远程执行代码 |             |远程执行代码 |        |
|2003 x64  |             |             |             |             |             |             |        |
|SP2的IE 6 |             |             |             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|_____________|_____________|________|
|Server    |             |             |             |             |             |             |        |
|2003 SP1  |中等         |紧急         |紧急         |中等         | 无          |中等         | 紧急   |
|(基于     |远程执行代码 |远程执行代码 |远程执行代码 |远程执行代码 |             |远程执行代码 |        |
|Itanium的 |             |             |             |             |             |             |        |
|系统)和   |             |             |             |             |             |             |        |
|Server2003|             |             |             |             |             |             |        |
|SP2(基于  |             |             |             |             |             |             |        |
|Itanium的 |             |             |             |             |             |             |        |
|系统的IE 6|             |             |             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|_____________|_____________|________|
|          |             |             |             |             |             |             |        |
|IE 7      |             |             |             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|_____________|_____________|________|
|          |             |             |             |             |             |             |        |
|XP SP2的  |无           |无           |紧急         |紧急         |中等         |紧急         | 紧急   |
|IE 7      |             |             |远程执行代码 |远程执行代码 |欺骗         |远程执行代码 |        |
|__________|_____________|_____________|_____________|_____________|_____________|_____________|________|
|          |             |             |             |             |             |             |        |
|XP x64版和|无           |无           |紧急         |紧急         |中等         |紧急         | 紧急   |
|XP x64 SP2|             |             |远程执行代码 |远程执行代码 |欺骗         |远程执行代码 |        |
|的IE 7    |             |             |             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|_____________|_____________|________|
|Server    |             |             |             |             |             |             |        |
|2003 SP1  |无           |无           |中等         |中等         |中等         |中等         | 中等   |
|和Server  |             |             |远程执行代码 |远程执行代码 |欺骗         |远程执行代码 |        |
|2003 SP2  |             |             |             |             |             |             |        |
|的IE 7    |             |             |             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|_____________|_____________|________|
|Server    |             |             |             |             |             |             |        |
|2003 x64  |无           |无           |中等         |中等         |中等         |中等         | 中等   |
|和Server  |             |             |远程执行代码 |远程执行代码 |欺骗         |远程执行代码 |        |
|2003 x64  |             |             |             |             |             |             |        |
|SP2的IE 7 |             |             |             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|_____________|_____________|________|
|Server    |             |             |             |             |             |             |        |
|2003 SP1  |无           |无           |中等         |中等         |中等         |低           | 中等   |
|(基于     |             |             |远程执行代码 |远程执行代码 |欺骗         |远程执行代码 |        |
|Itanium的 |             |             |             |             |             |             |        |
|系统)和   |             |             |             |             |             |             |        |
|Server2003|             |             |             |             |             |             |        |
|SP2(基于  |             |             |             |             |             |             |        |
|Itanium的 |             |             |             |             |             |             |        |
|系统的IE 7|             |             |             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|_____________|_____________|________|
|          |             |             |             |             |             |             |        |
|Vista中的 |无           |无           |无           |紧急         |中等         |紧急         | 紧急   |
|IE 7      |             |             |             |远程执行代码 |欺骗         |远程执行代码 |        |
|__________|_____________|_____________|_____________|_____________|_____________|_____________|________|
|          |             |             |             |             |             |             |        |
|Vista x64 |无           |无           |无           |紧急         |中等         |紧急         | 紧急   |
|版中的IE 7|             |             |             |远程执行代码 |欺骗         |远程执行代码 |        |
|__________|_____________|_____________|_____________|_____________|_____________|_____________|________|
              
    - 临时解决方案:
    
    * 将Internet Explorer配置为在Internet和本地Intranet安全区域中运行ActiveX
    控件之前进行提示    
    * 将Internet 和本地Intranet安全区域设置设为“高”,以便在这些区域中运行
    ActiveX控件和活动脚本之前进行提示
    * 禁止在Internet Explorer中运行COM对象
    * 以纯文本格式阅读电子邮件可帮助保护您免受来自HTML电子邮件攻击媒介的攻击
    * 阻止语言包安装,
      
      Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International]
"W2KLpk"=dword:00000000

      可以通过双击此.reg文件将其应用到各个系统。

    - 厂商补丁:                

     微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带
     的"Windows update"功能下载最新补丁。

     您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:
     http://www.microsoft.com/china/technet/security/bulletin/MS07-033.mspx
    
5. MS07-034 - Outlook Express和Windows Mail累积安全更新(929123)

    - 受影响软件:
    
    操作系统:Windows XP Service Pack 2
    组件:Microsoft Outlook Express 6 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?displaylang=zh-cn&FamilyID=27cca556-0872-4803-b610-4c895ceb99aa
    
    操作系统:Windows XP Professional x64 Edition
    组件:Microsoft Outlook Express 6 - 下载更新:
    http://www.microsoft,com/downloads/details.aspx?FamilyId=1ea813bf-bddb-40f0-8960-b9debc8413e7
    
    操作系统:Windows XP Professional x64 Edition Service Pack 2
    组件:Microsoft Outlook Express 6 - 下载更新:
    http://www.microsoft,com/downloads/details.aspx?FamilyId=1ea813bf-bddb-40f0-8960-b9debc8413e7
    
    操作系统:Windows Server 2003 Service Pack 1
    组件:Microsoft Outlook Express 6 - 下载更新:
    http://www.microsoft,com/downloads/details.aspx?FamilyId=93808a74-035c-4ab7-9283-c693d7bd82be

    操作系统:Windows Server 2003 Service Pack 2
    组件:Microsoft Outlook Express 6 - 下载更新:
    http://www.microsoft,com/downloads/details.aspx?FamilyId=93808a74-035c-4ab7-9283-c693d7bd82be
            
    操作系统:Windows Server 2003 x64 Edition
    组件:Microsoft Outlook Express 6 - 下载更新:
    http://www.microsoft,com/downloads/details.aspx?FamilyId=f63323a9-e285-45e5-84bd-71ae9da126e3
            
    操作系统:Windows Server 2003 x64 Edition Service Pack 2
    组件:Microsoft Outlook Express 6 - 下载更新:
    http://www.microsoft,com/downloads/details.aspx?FamilyId=f63323a9-e285-45e5-84bd-71ae9da126e3
            
    操作系统:Windows Server 2003 with SP1 for Itanium-based Systems
    组件:Microsoft Outlook Express 6 - 下载更新:
    http://www.microsoft,com/downloads/details.aspx?FamilyId=2e62e96e-6571-437d-a612-99175ac39025

    操作系统:Windows Server 2003 with SP2 for Itanium-based Systems
    组件:Microsoft Outlook Express 6 - 下载更新:
    http://www.microsoft,com/downloads/details.aspx?FamilyId=2e62e96e-6571-437d-a612-99175ac39025
        
    操作系统:Windows Vista
    组件:Windows Mail - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=ee57de19-44ea-48f2-ae28-e76fd2018633
        
    操作系统:Windows Vista x64 Edition    
    组件:Windows Mail - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=343db20f-7794-4423-b11d-885329fbdf78

    - 漏洞描述:

    如果用户使用Windows Vista中的Windows Mail查看特制的电子邮件,则可能允许
    远程执行代码。如果用户使用Internet Explorer访问特制网页,则可能允许信息
    泄露,但该漏洞不能在Outlook Express中直接被利用。 对于信息泄露漏洞,帐
    户被配置为拥有较少用户权限的用户比具有管理用户权限的用户受到的影响要小。
    
    风险级别和漏洞标识
_____________________________________________________________________________
|受影响软件|URL重定向跨域|Windows Mail |URL解析跨域  |内容处置解析 |所有漏洞|
|          |信息泄露漏洞 |UNC导航请求远|信息泄露漏洞 |跨域信息泄露 |总体风险|
|          |CVE-2006-2111|程代码执行   |CVE-2007-2225|CVE-2007-2227|级别    |
|          |             |CVE-2007-1658|             |             |        |
|__________|_____________|_____________|_____________|_____________|________|
|          |             |             |             |             |        |
|Windows XP|             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|________|
|          |             |             |             |             |        |
|XP SP2上的|重要         |无           |重要         |中等         | 重要   |
|Outlook   |信息泄露     |             |信息泄露     |信息泄露     |        |
|Express 6 |             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|________|
|          |             |             |             |             |        |
|XP x64版和|重要         |无           |重要         |中等         | 重要   |
|XP x64 SP2|信息泄露     |             |信息泄露     |信息泄露     |        |
|上的      |             |             |             |             |        |
|Outlook   |             |             |             |             |        |
|Express 6 |             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|________|
|Windows   |             |             |             |             |        |
|Server    |             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|________|
|Server    |             |             |             |             |        |
|2003 SP1  |低           |无           |低           |低           | 低     |
|和Server  |信息泄露     |             |信息泄露     |信息泄露     |        |
|2003 SP2  |             |             |             |             |        |
|上的      |             |             |             |             |        |
|Outlook   |             |             |             |             |        |
|Express 6 |             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|________|
|Server    |             |             |             |             |        |
|2003 x64  |低           |无           |低           |中等         | 中等   |
|和Server  |信息泄露     |             |信息泄露     |信息泄露     |        |
|2003 x64  |             |             |             |             |        |
|SP2上的   |             |             |             |             |        |
|Outlook   |             |             |             |             |        |
|Express 6 |             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|________|
|Server    |             |             |             |             |        |
|2003 SP1  |低           |无           |低           |低           | 低     |
|(基于     |信息泄露     |             |信息泄露     |信息泄露     |        |
|Itanium的 |             |             |             |             |        |
|系统)和   |             |             |             |             |        |
|Server2003|             |             |             |             |        |
|SP2(基于  |             |             |             |             |        |
|Itanium的 |             |             |             |             |        |
|系统上的  |             |             |             |             |        |
|Outlook   |             |             |             |             |        |
|Express 6 |             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|________|
|Windows   |             |             |             |             |        |
|Vista     |             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|________|
|Vista中的 |             |             |             |             |        |
|Windows   |重要         |紧急         |重要         |中等         | 紧急   |
|Mail      |信息泄露     |远程代码执行 |信息泄露     |信息泄露     |        |
|__________|_____________|_____________|_____________|_____________|________|
|          |             |             |             |             |        |
|Vista x64 |重要         |紧急         |重要         |中等         | 紧急   |
|版中的    |信息泄露     |远程代码执行 |信息泄露     |信息泄露     |        |
|Windows   |             |             |             |             |        |
|Mail      |             |             |             |             |        |
|__________|_____________|_____________|_____________|_____________|________|

    - 临时解决方案:

    * 禁用MHTML协议处理程序。
    
    要禁用协议处理程序,请按照下列步骤执行操作:
    
    1. 单击“开始”,然后单击“运行 ”。在文本框中输入regedit.exe,然后单击“确定”。
    2. 导航到HKEY_CLASSES_ROOT\CLSID\{05300401-BCBC-11d0-85E3-00C04FD85AB4}。
    3. 右键单击{05300401-BCBC-11d0-85E3-00C04FD85AB4},然后选择“权限”。
    4. 单击“高级”。
    5. 取消选中“允许将来自父级的可继承权限传播给该对象
    6. 单击“删除”,然后单击“确定”。 在后续屏幕上单击“是”和“确定”。
    
    * 将Internet Explorer配置为在Internet和本地Intranet安全区域中运行活动脚
    本或禁用活动脚本之前进行提示。
    * 以纯文本格式阅读电子邮件可帮助防范来自HTML电子邮件攻击媒介的攻击。
    * 将Internet和本地Intranet安全区域设置设为“高”,以便在这些区域中运行活
    动脚本之前进行提示。
    
    - 厂商补丁:                

    微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带
    的"Windows update"功能下载最新补丁。

    http://www.microsoft.com/china/technet/security/bulletin/MS07-034.mspx
    
6. Win 32 API中的漏洞可能允许远程代码执行(935839)

    - 受影响软件:
  
    Microsoft Windows 2000 Service Pack 4 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=3918ac76-ebb6-4886-9a9e-808eafb96b1b
    
    Windows XP Service Pack 2 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?displaylang=zh-cn&FamilyID=27c7f1b9-2d1d-40cb-ad7e-bfedb6156a9c
    
    Windows XP Professional x64 Edition和Windows XP Professional x64 Edition
    Service Pack 2 - 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=0ba12191-1e6f-443b-9150-7ab8b2deb7c2

    Microsoft Windows Server 2003 Service Pack 1和Microsoft Windows Server
    2003 Service Pack 2 — 下载更新:
    http://www.microsoft.com/downloads/details.aspx?displaylang=zh-cn&FamilyID=d554dff4-bcfb-4bbc-8fa0-af2f939d2610

    Microsoft Windows Server 2003 x64 Edition Service Pack 1和Microsoft Windows
    Server 2003 x64 Edition Service Pack 2 — 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=170473d8-6bb1-4fbd-8494-a059dbfdf182
    
    Microsoft Windows Server 2003 with SP1 for Itanium-based Systems和Microsoft
    Windows Server 2003 with SP2 for Itanium-based Systems — 下载更新:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=f5e45e3c-4cac-41a5-99f7-42c2c2c73e99

    - 漏洞描述:

    这个紧急安全更新修复了Win32 API中秘密报告的漏洞,如果特制的应用程序本地
    使用了受影响的API的话,该漏洞可能允许远程代码执行或权限提升。因此,使用
    Win32这个组件的应用程序可能被用作漏洞的攻击载体。例如,Internet Explorer
    在解析特制的网页时使用这个Win32 API函数。

    风险级别和漏洞标识
__________________________________________________
|受影响软件       |Win32 API漏洞 –  |总体风险级别 |
|                 |CVE-2007-2219    |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows 2000     |紧急             | 紧急        |
|SP4              |远程代码执行     |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows XP       |紧急             | 紧急        |
|SP2              |远程代码执行     |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows XP Pro   |紧急             | 紧急        |
|x64版和XP Pro x64|远程代码执行     |             |
|版SP2            |                 |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows Server   |紧急             | 紧急        |
|2003 SP1和Windows|远程代码执行     |             |
|Server 2003 SP2  |                 |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows Server   |紧急             | 紧急        |
|2003 x64版和     |远程代码执行     |             |
|Windows Server   |                 |             |
|2003 x64版SP2    |                 |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows Server   |紧急             | 紧急        |
|2003 with SP1    |远程代码执行     |             |
|for Itanium-based|                 |             |
|Systems和Windows |                 |             |
|Server 2003 with |                 |             |
|SP2 for Itanium- |                 |             |
|based Systems    |                 |             |
|_________________|_________________|_____________|            
  
    - 临时解决方案:
    
    * 以纯文本格式阅读邮件消息以防范HTML邮件攻击。
    
    - 厂商补丁:                

    微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带的
    "Windows update"功能下载最新补丁。

    您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:
    http://www.microsoft.com/china/technet/security/bulletin/MS07-035.mspx

附加信息:
==========
1. http://www.microsoft.com/china/technet/security/bulletin/MS07-030.mspx
2. http://www.microsoft.com/china/technet/security/bulletin/MS07-031.mspx
3. http://www.microsoft.com/china/technet/security/bulletin/MS07-032.mspx
4. http://www.microsoft.com/china/technet/security/bulletin/MS07-033.mspx
5. http://www.microsoft.com/china/technet/security/bulletin/MS07-034.mspx
6. http://www.zerodayinitiative.com/advisories/ZDI-07-037.html
7. http://www.zerodayinitiative.com/advisories/ZDI-07-038.html
8. http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=542
9. http://secunia.com/advisories/25619/
10. http://secunia.com/advisories/25620/
11. http://secunia.com/advisories/25623/
12. http://secunia.com/advisories/25627/
13. http://secunia.com/advisories/25639/
14. http://secunia.com/advisories/25640/
15. http://marc.info/?l=bugtraq&m=118167832705224&w=2

声 明
==========

本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。

关于绿盟科技
============

绿盟科技(NSFOCUS Co., Ltd.)是中国网络安全领域的领导企业,致力于网络和系统安全问题的研究、高端网络安全产品的研发、销售与网络安全服务,在入侵检测/保护、远程评估、 DDoS攻击防护等方面提供具有国际竞争能力的先进产品,是国内最具安全服务经验的专业公司。有关绿盟科技的详情请参见: http://www.nsfocus.com

© 2024 绿盟科技