微软4月安全公告发布三紧急补丁请尽快更新

告诉您的位置：首页 > 资讯中心 > 安全漏洞 > 正文

微软4月安全公告发布三紧急补丁请尽快更新

2004年04月14日14:52:24　金山毒霸编译　

　　金山毒霸报道 13日，微软安全中心发布了4月份的漏洞安全公告：MS04-011、MS04-012、MS04-013、MS04-014。其中MS04-011、MS04-012、MS04-013危害等级都为“危急！”，请广大用户尽快到微软官方网站下载微软最新补丁。

目录： · MS04-011：Windows 综合安全更新
　　　 · MS04-012：Microsoft RPC/DCOM 积累安全更新
　　　 · MS04-013：Outlook Express 积累安全更新
　　　 · MS04-014：Microsoft Jet Database Engine任意代码执行漏洞

编号：MS04-011
名称：Windows 综合安全更新
KB编号：835732
等级：危急！

漏洞描述：
此补丁修复了近期发现的几个Windows漏洞。攻击者成功利用这几个漏洞后，可对受感染的系统进行完全控制，包括：安装删除应用程序、浏览删除文件数据、新建管理员帐号等。

受影响的系统：
· Microsoft Windows NT® Workstation 4.0 Service Pack 6a – 补丁下载
· Microsoft Windows NT Server 4.0 Service Pack 6a – 补丁下载
· Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 – 补丁下载
· Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3,
　和 Microsoft Windows 2000 Service Pack 4 – 补丁下载
· Microsoft Windows XP and Microsoft Windows XP Service Pack 1 – 补丁下载
· Microsoft Windows XP 64-Bit Edition Service Pack 1 – 补丁下载
· Microsoft Windows XP 64-Bit Edition Version 2003 – 补丁下载
· Microsoft Windows Server™ 2003 – 补丁下载
· Microsoft Windows Server 2003 64-Bit Edition – 补丁下载
· Microsoft NetMeeting
· Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),
　和 Microsoft Windows Millennium Edition (ME)

各版本危害等级列表：

Vulnerability Identifiers	Impact of Vulnerability	Win 98, 98 SE,ME	Win NT 4.0	Win 2000	Win XP	Win Server 2003
LSASS Vulnerability- CAN-2003-0533	Remote Code Execution	None	None	Critical	None	Low
LDAP Vulnerability – CAN-2003-0663	Denial Of Service	None	None	Important	None	None
PCT Vulnerability - CAN-2003-0719	Remote Code Execution	None	Critical	Critical	Important	Low
Winlogon Vulnerability - CAN-2003-0806	Remote Code Execution	None	Moderate	Moderate	Moderate	None
Metafile Vulnerability - CAN-2003-0906	Remote Code Execution	None	Critical	Critical	Critical	None
Help and Support Center Vulnerability - CAN-2003-0907	Remote Code Execution	None	None	None	Critical	Critical
Utility Manager Vulnerability - CAN-2003-0908	Privilege Elevation	None	None	Important	None	None
Windows Management Vulnerability - CAN-2003-0909	Privilege Elevation	None	None	None	Important	None
Local Descriptor Table Vulnerability - CAN-2003-0910	Privilege Elevation	None	Important	Important	None	None
H.323 Vulnerability* - CAN-2004-0117	Remote Code Execution	Not Critical	None	Important	Important	Important
Virtual DOS Machine Vulnerability - CAN-2004-0118	Privilege Elevation	None	Important	Important	None	None
Negotiate SSP Vulnerability - CAN-2004-0119	Remote Code Execution	None	None	Critical	Critical	Critical
SSL Vulnerability - CAN-2004-0120	Denial Of Service	None	None	Important	Important	Important
ASN.1 “Double Free” Vulnerability - CAN-2004-0123	Remote Code Execution	Not Critical	Critical	Critical	Critical	Critical
Aggregate Severity of All Vulnerabilities		Not Critical	Critical	Critical	Critical	Critical

---------------------------------------------------------------------------------------

编号：MS04-012
名称：Microsoft RPC/DCOM 积累安全更新
KB编号：828741
等级：危急！

漏洞描述：
此补丁修复了近期发现的几个RPC/DCOM漏洞。攻击者成功利用这几个漏洞后，可对受感染的系统进行完全控制，包括：安装删除应用程序、浏览删除文件数据、新建管理员帐号等。

受影响的系统：
· Microsoft Windows NT© Workstation 4.0 Service Pack 6a - 补丁下载
· Microsoft Windows NT Server 4.0 Service Pack 6a - 补丁下载
· Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 - 补丁下载
· Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3,
　和 Microsoft Windows 2000 Service Pack 4 - 补丁下载
· Microsoft Windows XP and Microsoft Windows XP Service Pack 1 - 补丁下载
· Microsoft Windows XP 64-Bit Edition Service Pack 1 - 补丁下载
· Microsoft Windows XP 64-Bit Edition Version 2003 - 补丁下载
· Microsoft Windows Server™ 2003 - 补丁下载
· Microsoft Windows Server 2003 64-Bit Edition - 补丁下载
· Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE)
　和 Microsoft Windows Millennium Edition (ME)

各版本危害等级列表：

Vulnerability Identifiers	Impact of Vulner- -ability	Win 98, 98SE, ME	Win NT Work station 4.0	Win NT Server 4.0	Win NT Server 4.0, Terminal Server Edition	Win 2000	Win XP	Win Server 2003
RPC Runtime Library Vulnerability - CAN-2003-0813	Remote Code Execution	None	None	None	None	Low	Critical	Critical
RPCSS Service Vulnerability - CAN-2004-0116	Denial Of Service	None	None	None	None	None	Important	Important
COM Internet Services (CIS) – RPC over HTTP Vulnerability - CAN-2003-0807	Denial Of Service	None	Critical	Low	None	Low	None	Low
Object Identity Vulnerability - CAN-2004-0124	Information Disclosure	Not Critical	Low	Low	Low	None	Low	Low
Aggregate Severity of All Vulnerabilities		Not Critical	Low	Low	Low	Critical	Critical	Critical

---------------------------------------------------------------------------------------

编号：MS04-013
名称：Outlook Express 积累安全更新
KB编号：837009
等级：危急！

漏洞描述：
此次“Outlook Express 积累安全更新”囊括了Outlook Express 5.5 和 Outlook Express 6早期发布的所有安全补丁，同时还修复了一个新的漏洞。攻击者利用此漏洞可进入受感染的系统，实现系统完全控制。即使Outlook Express不是系统缺省的邮件客户端时，这个情况也可能发生。

受影响的系统：
· Microsoft Outlook Express 5.5 SP2 - 补丁下载
· Microsoft Outlook Express 6 - 补丁下载
· Microsoft Outlook Express 6 SP1 - 补丁下载
· Microsoft Outlook Express 6 SP1 (64 bit Edition) - 补丁下载
· Microsoft Outlook Express 6 on Windows Server 2003 - 补丁下载
· Microsoft Outlook Express 6 on Windows Server 2003 (64 bit edition) - 补丁下载

各版本危害等级列表：

Vulnerability
Identifiers Impact of Vulner-
-ability Outlook Express 5.5 SP2 Outlook Express 6 Outlook Express 6 SP1 Outlook Express 6 (64 bit Edition) Microsoft Outlook Express 6 for Windows Server 2003 Microsoft Outlook Express 6 for Windows Server 2003 (64-bit Edition)

MHTML URL Processing Vulnerability - CAN-2004-0380
Remote Code Execution
Critical
Critical
Critical
Critical
Critical Critical

编号：MS04-014
名称：Microsoft Jet Database Engine任意代码执行漏洞
KB编号：837001
等级：重要

漏洞描述：
此漏洞存在于Microsoft Jet Database Engine (Jet)中，会导致远程任意代码执行。成功利用此漏洞的攻击者可对受感染的系统进行完全控制，包括：安装删除应用程序、浏览删除文件数据、新建管理员帐号等。

受影响的系统：
· Microsoft Windows NT© Workstation 4.0 Service Pack 6a - 补丁下载
· Microsoft Windows NT Server 4.0 Service Pack 6a - 补丁下载
· Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 - 补丁下载
· Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3,
　和 Microsoft Windows 2000 Service Pack 4 - 补丁下载
· Microsoft Windows XP and Microsoft Windows XP Service Pack 1 - 补丁下载
· Microsoft Windows XP 64-Bit Edition Service Pack 1 - 补丁下载
· Microsoft Windows XP 64-Bit Edition Version 2003 - 补丁下载
· Microsoft Windows Server™ 2003 - 补丁下载
· Microsoft Windows Server 2003 64-Bit Edition - 补丁下载
· Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),
　和 Microsoft Windows Millennium Edition (ME)

各版本危害等级列表：

Vulnerability Identifiers	Impact of Vulnerability	Win 98, 98 SE,ME	Win NT 4.0	Win 2000	Win XP	Win Server 2003
Jet Vulnerability - CAN-2004-0197	Remote Code Execution	Not Critical	Moderate	Important	Important	Important