![:-) [filip's blog]](http://photos1.blogger.com/x/blogger2/4548/661/1600/z/959843/gse_multipart7904.png)
微軟公佈3個Windows/Office重大漏洞
「本次漏洞最嚴重的要數 Windows工作站服務的記憶體錯誤。Windows工作站服務用來幫助用戶存取印表機,檔案等網路資源,別有用心者能夠利用這個漏洞透過網際網路控制電腦,其工作方式和今年8月爆發的疾風波病毒類似。
如果用戶使用未安裝修正程式的Outlook 98 或者 Outlook 2000,IE瀏覽器上存在的幾個安全漏洞還可以讓用戶在訪問一些有毒網站或者打開電子郵件時候危害電腦,這種名為「跨網域漏洞」(cross-domain vulnerabilities)的系統缺陷主要影響除 Windows Server 2003以外的Windows所有平台上的IE 5.01, 5.5 和 6瀏覽器。」
"Perhaps the most serious flaw is a memory error in the Windows Workstation service, a software component that facilitates access to network resources such as printers and files. The vulnerability could allow an attacker to gain control of a person's PC via the Internet in much the same way the MSBlast worm was spread to hundreds of thousands of computers in August.
The patches fix several flaws in Internet Explorer that could allow an attacker to compromise a person's PC by drawing the user to a Web site designed for that purpose or with an e-mail, if the victim is using an unpatched version of Outlook 98 or Outlook 2000. Called cross-domain vulnerabilities, the flaws affect Internet Explorer 5.01, 5.5 and 6 on every Windows platform, except for Windows Server 2003. That latest version of Microsoft's enterprise operating system has default settings that limit the effect of the flaws. "
沒有留言:
張貼留言