林蔚文
文書處理工具是絕大多數民眾與企業每天都需要使用的,但近來發現,駭客透過竄改文件內容,執行惡意攻擊。台灣微軟針對駭客惡意行為主動修正潛在風險,提醒所有 Microsoft 使用者,盡速下載補充程式,希望在駭客或有心人士藉機利用這些風險進行攻擊之前先行修補,以避免造成財務或機密資料的損失,將風險降到最低。同時,台灣微軟也發出本月 11 個安全公告,其中有 5 個是針對 Office 所發出的修補程式。
過去駭客經常將惡意程式嵌在圖片之中,民眾只要一打開瀏覽器或信件,惡意程式就會自動執行,下載有病毒、惡意程式碼的檔案,或是自動連結到另一個惡意網頁,讓電腦中毒或受駭客控制,造成財務或是個人資料的損失。而現在,駭客的手法再翻新,透過安全漏洞,將惡意程式埋在 Word 、 Excel 、 PowerPoint 、 Project 等每天常用的文件中,當一打開被駭客竄改過的文件後,惡意程式就會自動執行。
台灣微軟公司日前發佈 2008 年 8 月的安全公告,本次的安全公告有 11 個新的安全性補充程式 MS08-041~ MS08-051 。這些補充程式是主動避免駭客透過 Microsoft 產品惡意使用不當手法,導致遠端執行程式碼問題與資訊揭漏的造成的損失。台灣微軟公司強烈呼籲所有客戶立即使用「Windows Update 自動更新」功能隨時更新程式,避免惡意程式攻擊,或是立刻下載補充程式,以確保電腦使用的安全。
由於本月所發現 Microsoft 可能被攻擊的弱點,會造成有心人士藉由此弱點執行遠端程式碼及資訊揭漏的問題,因此台灣微軟公司已開始積極聯絡相關客戶及合作夥伴,敦促他們立即部署 MS08-041~ MS08-051 補充程式,將可能對客戶造成的不利影響降至最低。
另外,微軟於 Windows Server Update Services (WSUS) 、 Windows Update(WU) 及下載中心發行新版的 Microsoft Windows 惡意軟體移除工具。請注意,本工具將不會經由 Software Update Services (SUS) 散發。請至相關網址,取得有關 Microsoft Windows 惡意軟體移除工具的資訊。
本文目錄
本月安全公告及補充程式公告如下:
新發行的公告:
MS08-41:適用於 Microsoft Access 的 Snapshot Viewer 中,ActiveX 控制項的弱點可能會導致遠端執行程式碼 (955617) 。最高嚴重性等級:重大。受影響的軟體:Snapshot Viewer for Microsoft Access, Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 2 and Microsoft Office 2003 Service Pack 3 。
MS08-042:Microsoft Word 的弱點可能會導致程式碼執行 (955048) 。最高嚴重性等級:重要。受影響的軟體:Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 2, Microsoft Office 2003 Service Pack 3 。
MS08-043:Microsoft Excel 的弱點可能會導致程式碼執行 (954066) 。最高嚴重性等級:重大。受影響的軟體:Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 2, Microsoft Office 2003 Service Pack 3, 2007 Microsoft Office System, 2007 Microsoft Office System Service Pack 1, Microsoft Office Excel Viewer 2003, Microsoft Office Excel Viewer 2003 Service Pack 3, Microsoft Office Excel Viewer, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1, Microsoft Office SharePoint Server 2007, Microsoft Office SharePoint Server 2007 Service Pack 1, Microsoft Office SharePoint Server 2007 x64 Edition, Microsoft Office SharePoint Server 2007 x64 Edition Service Pack 1, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac 。
MS08-044:Microsoft Office Filters 的弱點可能會導致程式碼執行 (924090) 。最高嚴重性等級:重大。受影響的軟體:Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 2, Microsoft Office Project 2002 Service Pack 1, Microsoft Office Converter Pack, Microsoft Works 8 。
MS08-045:Internet Explorer 累積的安全性更新 (953838) 。最高嚴重性等級:重大。受影響的軟體:Microsoft Windows 2000 Service Pack 4, Microsoft Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows XP Service Pack 3, Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Windows XP Service Pack 2 and Windows XP Service Pack 3, Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista and Windows Vista Service Pack 1, Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for x64-based Systems, Windows Server 2008 for Itanium-based Systems 。
MS08-46:Microsoft Windows Image Color Management System 的弱點可能允許遠端程式碼的執行 (952954) 。最高嚴重性等級:重大。受影響的軟體:Microsoft Windows 2000 Service Pack 4, Windows XP Service Pack 2 及 Windows XP Service Pack 3, Windows XP Professional x64 Edition 和 Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 1 與 Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition 和 Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 SP1 for Itanium-based Systems 和 Windows Server 2003 SP2 for Itanium-based Systems 。
MS08-47:IPsec Policy Processing 中的弱點可能導致資訊洩露 (953733) 。最高嚴重性等級:重要。受影響的軟體:Windows Vista and Windows Vista Service Pack 1, Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for x64-based Systems, Windows Server 2008 for Itanium-based Systems 。
MS08-48:Outlook Express 和 Windows Mail 的安全性更新 (951066) 。最高嚴重性等級:重要。受影響的軟體:Microsoft Windows 2000 Service Pack 4, Microsoft Windows 2000 Service Pack 4, Windows XP Service Pack 2 and Windows XP Service Pack 3, Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista and Windows Vista Service Pack 1, Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for x64-based Systems, Windows Server 2008 for Itanium-based Systems 。
MS08-49:Event System 的弱點可能會允許遠端程式碼執行 (950974) 。最高嚴重性等級:重要。受影響的軟體:Microsoft Windows 2000 Service Pack 4, Windows XP Service Pack 2 and Windows XP Service Pack 3, Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista and Windows Vista Service Pack 1, Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for x64-based Systems, Windows Server 2008 for Itanium-based Systems 。
MS08-50:Windows Messenger 中的弱點可能會導致資訊揭漏 (955702) 。最高嚴重性等級:重要。受影響的軟體:Windows XP Service Pack 2 and Windows XP Service Pack 3, Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft Windows 2000 Service Pack 4, Windows XP Service Pack 2 and Windows XP Service Pack 3, Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems 。
MS08-51:Microsoft PowerPoint 中的弱點可能會允許遠端執行程式碼 (949785) 。最高嚴重性等級:重大。受影響的軟體:Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 2, Microsoft Office 2003 Service Pack 3, 2007 Microsoft Office System, 2007 Microsoft Office System Service Pack 1, Microsoft Office PowerPoint Viewer 2003, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1, Microsoft Office 2004 for Mac 。