Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Click to edit Master title style,十一月份資訊安全公告,Nov,16,2006,Richard Chen,陳政鋒,(Net+,Sec+,MCSE2003+Security,CISSP),資深技術支援工程師台灣微軟技術支援處,Questions and Answers,Submit text questions using the“Ask a Question”button,What We Will Cover,Review Nov.,releases,New security bulletins,High-priority non-security updates,Nov.Known issues,Other security resources,Prepare for new WSUSSCAN.CAB architecture,IE 7 over AU,Lifecycle Information,Windows Malicious Software Removal Tool,Resources,Questions and answers,Nov 2006 Security Bulletins,Summary,On Oct.11,6 New Security Bulletins,5 new Critical,1 new Important,1,High-priority non-security updates,November 2006 Security Bulletins,Overview,Bulletin Number,Title,Maximum Severity Rating,Products Affected,MS06-066,Vulnerability in Netware Client Service Could Allow Remote Code Execution(923980),Important,Windows 2000 SP4,Windows XP SP2,Windows Server 2003,MS06-067,Cumulative Security Update for Internet Explorer(922760),Critical,Current versions of Internet Explorer on current versions of Windows,MS06-068,Vulnerability in Microsoft Agent Could Allow Remote Code Execution(920213),Critical,Windows 2000 SP4,Windows XP SP2,Windows Server 2003,MS06-069,Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution(923789),Critical,Windows XP SP2 only,MS06-070,Vulnerability in Workstation Service Could Allow Remote Code Execution(924270),Critical,Windows 2000 SP4,Windows XP SP2,MS06-071,Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution(928088),Critical,Microsoft XML Core Services,November 2006 Security Bulletins,Severity Summary,Bulletin Number,Windows 2000 SP 4,Windows XP SP 2,Windows Server 2003,Windows Server 2003 SP1,MS06-066,Important,Important,Moderate,Moderate,MS06-067,Critical,Critical,Critical,Critical,MS06-068,Critical,Critical,Moderate,Moderate,MS06-069,None,Critical,None,None,MS06-070,Critical,Low,None,None,Microsoft XML Core Service 4.0,Microsoft XML Core Service 6.0,MS06-071,Critical,Critical,MS06-066 Vulnerability in Netware Client Service Could Allow Remote Code Execution(923980),Important,Vulnerability,One remote code execution vulnerability and one denial of service vulnerability in Microsoft Client Services for NetWare,Possible Attack Vectors,Attacker creates specially formed network packet,Attacker sends packet over TCP/UDP ports 139 and 445 to vulnerable systems,Processed by Server service,Executed in,LocalSystem,context,Systems primarily at risk,Systems with Client Service for NetWare installed,Impact of Attack,Run code in the context of,LocalSystem,Mitigating Factors,On Windows Server 2003 and Windows Server 2003 Service Pack 1 an attacker would need to be an authenticated user with valid logon credentials in order to successfully carry out an attack on an affected system.,For customers who require the affected component firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.,By default,the Client Service for NetWare is not installed on any affected operating system version.Only customers who install this service are likely to be vulnerable to this issue.,MS06-067 Cumulative Security Update for Internet Explorer(922760),Critical,Vulnerabilities,Two remote code execution vulnerabilities in the DirectAnimation ActiveX control and one remote code execution vulnerability in how IE interprets HTML with certain layout combinations.,Possible Attack Vectors,Attacker creates specially formed Web page,Attacker posts page on Web site or sends page as HTML e-mail,Attacker convinces user to visit Web site or view e-mail,Systems primarily at risk,Workstations and terminal servers,Impact of Attack,Run code in context of logged on user,Mitigating Factors,Limits on users account limits attackers code,Vulnerability cannot be exploited automatically through browsing.User must navigate to attackers site manually or through links in e-mail or IM.,Restricted sites zone helps reduce attacks;prevents active scripting in HTML e-mail,Outlook Express 6,Outlook 2002,and Outlook 2003 default,Outlook 2000 with Outlook E-mail Security Update,Outlook Express 5.5 Service Pack 2 with MS05-030(change introduced in MS04-018),Note:MS06-016 also includes this change,Internet Explorer on Windows Server 2003 in Enhanced Security Configuration mitigates the browsing and e-mail vectors on select vulnerabilities.,Additional Information,Addresses issue discussed in,Microsoft Security Advisory(925444),:Security Update implements,killbit,as discussed in advisory,MS06-068 Vulnerability in Microsoft Agent Could Allow Remote Code Execution(920213),Critical,Vulnerability,Remote code execution vulnerability in how Microsoft Agent handles specially crafted.ACF files,Possible