Microsoft 本月不發佈安全性修正
在 Microsoft 昨日發佈的通知中表示,本月不會發佈任何安全性修正程式。按慣例,微軟在每月的第二個星期二都會發佈修正程式,而下週二也預定發佈6個,但均與安全無關,上一次未發佈安全性修正已經是18個月前的事了。而消息傳出後,一些資安機構自然感到十分訝異,因為目前關於 Office 及 IE 的漏洞至少還有 9 個尚未修補。
Microsoft Security Bulletin Advance Notification
Updated: March 8, 2007
|
In addition, to help customers prioritize monthly security updates with any non-security updates on Microsoft Update, Windows Update, Windows Server Update Services, and Software Update Services that are being released on the same day as the monthly security updates, we also provide:
Note that this information will pertain only to non-security, high-priority updates on Microsoft Update, Windows Update, Windows Server Update Services, and Software Update Services that are being released on the same day as the security updates. Information will not be provided about non-security updates released on other days. On March 13, 2007 Microsoft is planning to release: Security Updates
Microsoft Windows Malicious Software Removal Tool
Note that this tool will not be distributed using Software Update Services (SUS). Non-security High Priority updates on MU, WU, WSUS and SUS
Because there are no new security bulletins, Microsoft will not host a webcast on March 14, 2007 . |
Microsoft Security Bulletin Summary for February, 2007
Published: February 12, 2007
Version: 1.0
An end-user version of this information is available by visiting the following Web site.
Protect Your PC: Microsoft has provided information about how you can help protect your PC at the following locations:
| • | End-users can visit the Protect Your PC Web site. |
| • | IT Professionals can visit the Security Guidance Center Web site. |
Update Management Strategies: The Patch Management, Security Updates, and Downloads Web site provides additional information about Microsoft’s best practices recommendations for applying security updates.
IT Pro Security Zone Community: Learn to improve security and optimize your IT infrastructure, and participate with other IT Pros on security topics in the IT Pro Security Zone Web site.
Microsoft Security Notification Service: To receive automatic e-mail notifications whenever Microsoft security bulletins are issued, subscribe to the Microsoft Security Notification Service.
sID='l1-E2C' Summary
Included in this advisory are updates for newly discovered vulnerabilities. These vulnerabilities, broken down by severity are:
| startA('s'+sID) Critical (6) |
chkHide('s'+sID);
| Bulletin Identifier | Microsoft Security Bulletin MS07-008 |
| Bulletin Title | Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843) |
| Executive Summary | This update resolves a vulnerability in HTML Help that could allow remote code execution. |
| Maximum Severity Rating | |
| Impact of Vulnerability | Remote Code Execution |
| Affected Software | Windows. For more information, see the Affected Software and Download Locations section. |
| Bulletin Identifier | Microsoft Security Bulletin MS07-009 |
| Bulletin Title | Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution(927779) |
| Executive Summary | This update resolves a vulnerability in Microsoft Data Access Components that could allow remote code execution. |
| Maximum Severity Rating | |
| Impact of Vulnerability | Remote Code Execution |
| Affected Software | Windows. For more information, see the Affected Software and Download Locations section. |
| Bulletin Identifier | Microsoft Security Bulletin MS07-010 |
| Bulletin Title | Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution (932135) |
| Executive Summary | This update resolves a vulnerability in the Microsoft Malware Protection Engine that could allow remote code execution. |
| Maximum Severity Rating | |
| Impact of Vulnerability | Remote Code Execution |
| Affected Software | Microsoft Antivirus. For more information, see the Affected Software and Download Locations section. |
| Bulletin Identifier | Microsoft Security Bulletin MS07-014 |
| Bulletin Title | Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434) |
| Executive Summary | This update resolves vulnerabilities in Microsoft Word that could allow remote code execution. |
| Maximum Severity Rating | |
| Impact of Vulnerability | Remote Code Execution |
| Affected Software | Office. For more information, see the Affected Software and Download Locations section. |
| Bulletin Identifier | Microsoft Security Bulletin MS07-015 |
| Bulletin Title | Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554) |
| Executive Summary | This update resolves vulnerabilities in Microsoft Office that could allow remote code execution. |
| Maximum Severity Rating | |
| Impact of Vulnerability | Remote Code Execution |
| Affected Software | Office. For more information, see the Affected Software and Download Locations section. |
| Bulletin Identifier | Microsoft Security Bulletin MS07-016 |
| Bulletin Title | |
| Executive Summary | This update resolves vulnerabilities in Internet Explorer that could allow remote code execution. |
| Maximum Severity Rating | |
| Impact of Vulnerability | Remote Code Execution |
| Affected Software | Windows, Internet Explorer. For more information, see kthe Affected Software and Download Locations section. |
| startA('s'+sID) Important (6) |
chkHide('s'+sID);
| Bulletin Identifier | Microsoft Security Bulletin MS07-005 |
| Bulletin Title | Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723) |
| Executive Summary | This update resolves a vulnerability in Step-by-Step Interactive Training that could allow remote code execution. User interaction is required to exploit this vulnerability. |
| Maximum Severity Rating | |
| Impact of Vulnerability | Remote Code Execution |
| Affected Software | Windows, Interactive Training. For more information, see the Affected Software and Download Locations section. |
| Bulletin Identifier | Microsoft Security Bulletin MS07-006 |
| Bulletin Title | Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) |
| Executive Summary | This update resolves a vulnerability in Windows Shell that could allow elevation of privilege. |
| Maximum Severity Rating | |
| Impact of Vulnerability | Elevation of Privilege |
| Affected Software | Windows. For more information, see the Affected Software and Download Locations section. |
| Bulletin Identifier | Microsoft Security Bulletin MS07-007 |
| Bulletin Title | Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802) |
| Executive Summary | This update resolves a vulnerability in the Windows Image Acquisition Service that could allow elevation of privilege. |
| Maximum Severity Rating | |
| Impact of Vulnerability | Elevation of Privilege |
| Affected Software | Windows. For more information, see the Affected Software and Download Locations section. |
| Bulletin Identifier | Microsoft Security Bulletin MS07-011 |
| Bulletin Title | Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436) |
| Executive Summary | This update resolves a vulnerability in Microsoft OLE Dialog that could allow remote code execution. User interaction is required to exploit this vulnerability. |
| Maximum Severity Rating | |
| Impact of Vulnerability |
留言列表
