駭客新手法 透過竄改文件內容執行惡意攻擊 台灣微軟發佈八月份定期資訊安全公告
(2008年8月13日,台北)文書處理工具是絕大多數民眾與企業每天都需要使用的,但近來發現,駭客透過竄改文件內容,執行惡意攻擊。台灣微軟針對駭客惡意行為主動修正潛在風險,提醒所有Microsoft使用者,盡速下載補充程式,希望在駭客或有心人士藉機利用這些風險進行攻擊之前先行修補,以避免造成財務或機密資料的損失,將風險降到最低。同時,台灣微軟也發出本月11個安全公告,其中有5個是針對Office所發出的修補程式。
過去駭客經常將惡意程式嵌在圖片之中,民眾只要一打開瀏覽器或信件,惡意程式就會自動執行,下載有病毒、惡意程式碼的檔案,或是自動連結到另一個惡意網頁,讓電腦中毒或受駭客控制,造成財務或是個人資料的損失。而現在,駭客的手法再翻新,透過安全漏洞,將惡意程式埋在Word, Excel, PowerPoint, Project等每天常用的文件中,當一打開被駭客竄改過的文件後,惡意程式就會自動執行。
台灣微軟公司今(十三)日發佈2008年8月的安全公告,本次的安全公告有11個新的安全性補充程式MS08-041~ MS08-051。這些補充程式是主動避免駭客透過Microsoft產品惡意使用不當手法,導致遠端執行程式碼問題與資訊揭漏的造成的損失。台灣微軟公司強烈呼籲所有客戶立即使用「Windows Update自動更新」功能隨時更新程式,避免惡意程式攻擊,或是立刻下載補充程式,以確保電腦使用的安全。本月的資訊安全相關摘要說明如下:http://www.microsoft.com/taiwan/technet/security/bulletin/ms08-jun.mspx
由於本月所發現Microsoft可能被攻擊的弱點,會造成有心人士藉由此弱點執行遠端程式碼及資訊揭漏的問題,因此台灣微軟公司已開始積極聯絡相關客戶及合作夥伴,敦促他們立即部署MS08-041~ MS08-051補充程式,將可能對客戶造成的不利影響降至最低。
另外,微軟於Windows Server Update Services (WSUS)、Windows Update(WU)及下載中心發行新版的 Microsoft Windows 惡意軟體移除工具。請注意,本工具將不會經由 Software Update Services (SUS) 散發。請參閱以下網址,取得有關 Microsoft Windows 惡意軟體移除工具的資訊:
http://go.microsoft.com/fwlink/?LinkId=40573
Microsoft 今日也在 WU、MU及 WSUS 上發行非安全性高優先順序更新:如需有關今日發行的非安全性更新詳細資訊,請參閱下列知識庫文件:
http://support.microsoft.com/?id=894199
本月安全公告及補充程式公告如下:
新發行的公告:
最高嚴重性 |
公告編號 |
受影響的產品 |
影響 |
重大 | MS08-041 | napshot Viewer for Access, Office Access 2000, Office Access 2002, and Office Access 2003 | 遠端執行程式碼 |
重要 | MS08-042 | Office Word 2002 and Office Word 2003 | 遠端執行程式碼 |
重大 | MS08-043 | Office Excel 2000, Office Excel 2002, Office Excel 2003, Office Excel 2007, Excel Viewer, Excel Viewer 2003, SharePoint Server 2007, Office 2004 for Mac, Office 2008 for Mac | 遠端執行程式碼 |
重大 | MS08-044 | Office 2000, Office XP, Office 2003, Office Project 2002, Office Converter Pack, Works 8.0. | 遠端執行程式碼 |
重大 | MS08-045 | Internet Explorer on Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008 | 遠端執行程式碼 |
重大 | MS08-046 | Windows 2000, Windows XP, Windows Server 2003 | 遠端執行程式碼 |
重要 | MS08-047 | Windows Vista and Windows Server 2008 | 資訊揭漏 |
重要 | MS08-048 | Outlook Express on Windows 2000, Windows XP, Windows Server 2003. Windows Mail on Windows Vista and Windows Server 2008 | 資訊揭漏 |
重要 | MS08-049 | Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008 | 遠端執行程式碼 |
重要 | MS08-050 | Windows Messenger on Windows 2000, Windows XP and Windows Server 2003 | 資訊揭漏 |
重大 | MS08-051 | Office PowerPoint 2000, Office PowerPoint 2002, Office PowerPoint 2003, Office PowerPoint 2007, Office PowerPoint Viewer 2003, Office Compatibility Pack for 2007 File Formats, and Office 2004 for Mac. | 遠端執行程式碼 |
MS08-41:適用於 Microsoft Access 的 Snapshot Viewer 中,ActiveX 控制項的弱點可能會導致遠端執行程式碼 (955617)。最高嚴重性等級:重大。受影響的軟體:Snapshot Viewer for Microsoft Access, Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 2 and Microsoft Office 2003 Service Pack 3。
用戶可到以下網址下載更新程式:
http://www.microsoft.com/taiwan/technet/security/bulletin/ms08-041.mspx
MS08-042:Microsoft Word 的弱點可能會導致程式碼執行 (955048)。最高嚴重性等級:重要。受影響的軟體:Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 2, Microsoft Office 2003 Service Pack 3。
用戶可到以下網址下載更新程式:
http://www.microsoft.com/taiwan/technet/security/bulletin/ms08-042.mspx
MS08-043:Microsoft Excel 的弱點可能會導致程式碼執行 (954066)。最高嚴重性等級:重大。受影響的軟體:Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 2, Microsoft Office 2003 Service Pack 3, 2007 Microsoft Office System, 2007 Microsoft Office System Service Pack 1, Microsoft Office Excel Viewer 2003, Microsoft Office Excel Viewer 2003 Service Pack 3, Microsoft Office Excel Viewer, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1, Microsoft Office SharePoint Server 2007, Microsoft Office SharePoint Server 2007 Service Pack 1, Microsoft Office SharePoint Server 2007 x64 Edition, Microsoft Office SharePoint Server 2007 x64 Edition Service Pack 1, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac。
用戶可到以下網址下載更新程式:
http://www.microsoft.com/taiwan/technet/security/bulletin/ms08-043.mspx
MS08-044:Microsoft Office Filters 的弱點可能會導致程式碼執行 (924090)。最高嚴重性等級:重大。受影響的軟體:Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 2, Microsoft Office Project 2002 Service Pack 1, Microsoft Office Converter Pack, Microsoft Works 8。
用戶可到以下網址下載更新程式:
http://www.microsoft.com/taiwan/technet/security/bulletin/ms08-044.mspx
MS08-045:Internet Explorer 累積的安全性更新 (953838)。最高嚴重性等級:重大。受影響的軟體:Microsoft Windows 2000 Service Pack 4, Microsoft Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows XP Service Pack 3, Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Windows XP Service Pack 2 and Windows XP Service Pack 3, Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista and Windows Vista Service Pack 1, Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for x64-based Systems, Windows Server 2008 for Itanium-based Systems。
用戶可到以下網址下載更新程式:
http://www.microsoft.com/taiwan/technet/security/bulletin/ms08-045.mspx
MS08-46:Microsoft Windows Image Color Management System 的弱點可能允許遠端程式碼的執行 (952954)。最高嚴重性等級:重大。受影響的軟體:Microsoft Windows 2000 Service Pack 4, Windows XP Service Pack 2 及 Windows XP Service Pack 3, Windows XP Professional x64 Edition 和 Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 1 與 Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition 和 Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 SP1 for Itanium-based Systems 和 Windows Server 2003 SP2 for Itanium-based Systems。
用戶可到以下網址下載更新程式:
http://www.microsoft.com/taiwan/technet/security/bulletin/ms08-046.mspx
MS08-47:IPsec Policy Processing 中的弱點可能導致資訊洩露 (953733)。最高嚴重性等級:重要。受影響的軟體:Windows Vista and Windows Vista Service Pack 1, Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for x64-based Systems, Windows Server 2008 for Itanium-based Systems。
用戶可到以下網址下載更新程式:
http://www.microsoft.com/taiwan/technet/security/bulletin/ms08-047.mspx
MS08-48:Outlook Express 和 Windows Mail 的安全性更新 (951066)。最高嚴重性等級:重要。受影響的軟體:Microsoft Windows 2000 Service Pack 4, Microsoft Windows 2000 Service Pack 4, Windows XP Service Pack 2 and Windows XP Service Pack 3, Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista and Windows Vista Service Pack 1, Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for x64-based Systems, Windows Server 2008 for Itanium-based Systems。
用戶可到以下網址下載更新程式:
http://www.microsoft.com/taiwan/technet/security/bulletin/ms08-048.mspx
MS08-49:Event System 的弱點可能會允許遠端程式碼執行 (950974)。最高嚴重性等級:重要。受影響的軟體:Microsoft Windows 2000 Service Pack 4, Windows XP Service Pack 2 and Windows XP Service Pack 3, Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista and Windows Vista Service Pack 1, Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for x64-based Systems, Windows Server 2008 for Itanium-based Systems。
用戶可到以下網址下載更新程式:
http://www.microsoft.com/taiwan/technet/security/bulletin/ms08-049.mspx
MS08-50:Windows Messenger 中的弱點可能會導致資訊揭漏 (955702)。最高嚴重性等級:重要。受影響的軟體:Windows XP Service Pack 2 and Windows XP Service Pack 3, Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft Windows 2000 Service Pack 4, Windows XP Service Pack 2 and Windows XP Service Pack 3, Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems。
用戶可到以下網址下載更新程式:
http://www.microsoft.com/taiwan/technet/security/bulletin/ms08-050.mspx
MS08-51:Microsoft PowerPoint 中的弱點可能會允許遠端執行程式碼 (949785)。最高嚴重性等級:重大。受影響的軟體:Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 2, Microsoft Office 2003 Service Pack 3, 2007 Microsoft Office System, 2007 Microsoft Office System Service Pack 1, Microsoft Office PowerPoint Viewer 2003, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1, Microsoft Office 2004 for Mac。
用戶可到以下網址下載更新程式:
http://www.microsoft.com/taiwan/technet/security/bulletin/ms08-051.mspx
關於微軟
微軟公司成立於一九七五年,多年來在全球個人電腦與商用軟體、服務與網際網路技術上居領導地位。MS-DOS、.NET、Office XP、 2007 Office system、Windows、Windows Server、Windows 3.0、Windows 95、Windows 98、Windows 2000、Windows XP、與Windows Vista都是微軟公司的註冊商標。此處所提到的其他產品與公司名稱則可能是它們各別擁有者的商標。