查看文章 |
UPDATE(2008.10.28) Microsoft Security Advisory (958963) http://www.microsoft.com/technet/security/advisory/958963.mspx
Microsoft is aware that detailed exploit code demonstrating code execution has been published on the Internet for the vulnerability that is addressed by security update MS08-067. This exploit code demonstrates code execution on Windows 2000, Windows XP, and Windows Server 2003. Microsoft is aware of limited, targeted active attacks that use this exploit code. At this time, there are no self-replicating attacks associated with this vulnerability. Microsoft has activated its Software Security Incident Response Process (SSIRP) and is continuing to investigate this issue. Our investigation of this exploit code has verified that it does not affect customers who have installed the updates detailed in MS08-067 on their computers. Microsoft continues to recommend that customers apply the updates to the affected products by enabling the Automatic Updates feature in Windows. We continue to work with our Microsoft Security Response Alliance (MSRA) and Microsoft Active Protections Program (MAPP) partners so that their products can provide additional protections for customers. We have updated our Windows Live Safety Scanner, Windows Live One Care, and Forefront security products with protections for customers. We have also been working with our partners in the Global Infrastructure Alliance for Internet Safety (GIAIS) program to take steps to help keep attacks from spreading. Customers who believe they are affected can contact Customer Service and Support. Contact CSS in North America for help with security update issues or viruses at no charge using the PC Safety line (1-866-PCSAFETY). International customers may request help by using any method found at this location: http://www.microsoft.com/protect/support/default.mspx (click on the select your region hyperlink in the first paragraph). Mitigating Factors: Customers who have installed the MS08-067 security update are not affected by this vulnerability. General Information Purpose of Advisory: Notification of the availability of a security update to help protect against this potential threat. Advisory Status: As this issue is already addressed as part of the MS08-067 security bulletin, no additional update is required. Recommendation: Install the MS08-067 security update to help protect against this vulnerability. References Identification This advisory discusses the following software. Related Software Top of section What is the scope of the advisory? Is this a security vulnerability that requires Microsoft to issue a security update? What causes the vulnerability? What might an attacker use the vulnerability to do? What is the Server service? What is RPC? Are there any known issues with installing the Microsoft Security Update that protects against this threat? Top of section If you have installed the update released with Security Bulletin MS08-067, you are already protected from the attack identified in the publicly posted proof of concept code. If you have not installed the update, you are encouraged to apply the workarounds identified in MS08-067. Protect Your PC We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates and installing antivirus software. Customers can learn more about these steps by visiting Protect Your Computer. All Windows users should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Windows Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have Automatic Updates enabled, the updates are delivered to you when they are released, but you have to make sure you install them. Security Bulletin MS08-067 lists the applicable workarounds that can be used to protect systems from this vulnerability. Top of section You can provide feedback by completing the form by visiting Microsoft Help and Support: Contact Us. Disclaimer: The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Revisions: October 27, 2008: Advisory published http://blogs.technet.com/msrc/archive/2008/10/27/microsoft-security-advisory-958963.aspx
It’s been almost five days since we originally released MS08-067, and our tracking shows that security deployments remain strong. We’re also still unaware of any application compatibility issues with this update. Like we’ve said, we’re continuing to watch the threat environment. Yesterday, we said that our analysis of public exploit code that was available showed it would always result in a denial of service. Today, we’ve identified the public availability of exploit code that now shows code execution for the vulnerability addressed by MS08-067. This exploit code has been shown to result in remote code execution on Windows Server 2003, Windows XP, and Windows 2000 systems. Our investigation has shown that it does not affect customers who have installed the update. We’ve just published Microsoft Security Advisory 958963 to let customers know about this new development. At this time, attacks are still limited and targeted, even with the release of this new exploit code. The malware situation remains the same, as we’ve not seen any self-replicating worms, but instead malware that would be classified as Trojans -- specifically the malware we discussed when we released the security update on Thursday. While there are no new broad attacks from this public exploit code now, we do expect that over the next few days and weeks this public exploit code may likely be used to create new versions of malware that could be used for broader attacks, possibly including self-replicating worms. Therefore, we continue to strongly encourage customers to test and deploy the security update as quickly as possible. We will continue to monitor the situation via our ongoing Software Security Incident Response Process (SSIRP) and post updates to the Advisory and the MSRC Blog as we become aware of malware that significantly changes the threat environment. In the meantime, we continue to urge customers to continue to test and deploy the security update. -Mike Reavey McAfee:http://vil.nai.com/vil/content/v_152892.htm dc3fdfde66fffb6cfbec946a237787d8 n1.exe_ http://hi.baidu.com/micropoint/blog/item/176ed10983e66784d1581b11.html |
