频道栏目
首页 > 资讯 > 安全公告 > 正文

微软2009年2月安全公告发布

2009-02-12 00:08:16      个评论      
收藏   我要投稿

微软公布了今年第二批安全公告,本次安全公告包含四个更新,分别影响Windows,IE,Exchange,SQL和Office.
四个安全公告中有两个处于高位评级,特别是一个IE漏洞可能被滥用导致恶意软件传播,因此请各位务必注意更新.

查看:Microsoft Security Bulletin Summary for February 2009

Bulletin ID Bulletin Title and Executive Summary Maximum Severity Rating and Security Impact Restart Requirement Affected Software

MS09-002

Cumulative Security Update for Internet Explorer (961260)

This security update resolves two privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Critical
Remote Code Execution

Requires restart

Microsoft Windows, Internet Explorer

MS09-003

Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)

This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding.

Critical
Remote Code Execution

May require restart

Microsoft Exchange Server

MS09-004

Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)

This security update resolves a privately reported vulnerability in Microsoft SQL Server. The vulnerability could allow remote code execution if untrusted users access an affected system or if a SQL injection attack occurs to an affected system. Systems with SQL Server 7.0 Service Pack 4, SQL Server 2005 Service Pack 3, and SQL Server 2008 are not affected by this issue.

Important
Remote Code Execution

May require restart

Microsoft SQL Server

MS09-005

Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)

This security update resolves three privately reported vulnerabilities in Microsoft Office Visio that could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights

相关TAG标签 公告发布 微软
上一篇:挂马网站“标题党” 称奥巴马拒绝就任总统 趁机传播病毒
下一篇:ProFTPD字符编码SQL注入漏洞
相关文章
图文推荐

关于我们 | 联系我们 | 广告服务 | 投资合作 | 版权申明 | 在线帮助 | 网站地图 | 作品发布 | Vip技术培训 | 举报中心

版权所有: 红黑联盟--致力于做实用的IT技术学习网站