微软今日发布了6个补丁，其中三个为“危机”。

微软今日发布了6个补丁，其中三个为“危机”。

----- Original Message -----
From: "Microsoft" <10_18703_1YWTWhPnb6hODlYKDIJr1g@newsletters.microsoft.com>
To: <civilink@tom.com>
Sent: Wednesday, August 10, 2005 9:48 AM
Subject: Microsoft Security Bulletin Summary for August 2005


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ********************************************************************
> Title: Microsoft Security Bulletin Summary for August 2005
> Issued: August 09, 2005
> Version Number: 1.0
> Bulletin: http://go.microsoft.com/fwlink/?LinkId=51160
> ********************************************************************
>
> Summary:
> ========
> This advisory contains information about all security updates
> released this month. It is broken down by security bulletin severity.
>
> Critical Security Bulletins
> ===========================
>
> MS05-038 - Cumulative Security Update for Internet Explorer (896727)
>
>   - Affected Software:
>     - Windows 2000 Service Pack 4
>     - Windows XP Service Pack 1
>     - Windows XP Service Pack 2
>     - Windows XP Professional x64 Edition
>     - Windows Server 2003
>     - Windows Server 2003 Service Pack 1
>     - Windows Server 2003 for Itanium-based Systems
>     - Windows Server 2003 with SP1 for Itanium-based Systems
>     - Windows Server 2003 x64 Edition
>
>     - Review the FAQ section of bulletin MS05-O38 for information
>       about these operating systems:
>         - Windows 98
>         - Windows 98 Second Edition (SE)
>         - Windows Millennium Edition (ME)
>
>     - Impact: Remote Code Execution
>     - Version Number: 1.0  
>
>
> MS05-039 - Vulnerability in Plug and Play Could Allow Remote Code
>        Execution and Elevation of Privilege (899588)
>
>   - Affected Software:
>     - Windows 2000 Service Pack 4
>     - Windows XP Service Pack 1
>     - Windows XP Service Pack 2
>     - Windows XP Professional x64 Edition
>     - Windows Server 2003
>     - Windows Server 2003 Service Pack 1
>     - Windows Server 2003 for Itanium-based Systems
>     - Windows Server 2003 with SP1 for Itanium-based Systems
>     - Windows Server 2003 x64 Edition
>
>     - Impact: Remote Code Execution
>     - Version Number: 1.0  
>
>
> MS05-043 - Vulnerability in Print Spooler Service Could Allow Remote
>        Code Execution (896423)
>
>   - Affected Software:
>     - Windows 2000 Service Pack 4
>     - Windows XP Service Pack 1
>     - Windows XP Service Pack 2
>     - Windows Server 2003
>     - Windows Server 2003 for Itanium-based Systems
>
>     - Impact: Remote Code Execution
>     - Version Number: 1.0  
>
>
>
> Important Security Bulletins
> ============================
>
> MS05-040 - Vulnerability in Telephony Service Could Allow Remote
>        Code Execution (893756)
>
>
>   - Affected Software:
>     - Windows 2000 Service Pack 4
>     - Windows XP Service Pack 1
>     - Windows XP Service Pack 2
>     - Windows XP Professional x64 Edition
>     - Windows Server 2003
>     - Windows Server 2003 Service Pack 1
>     - Windows Server 2003 for Itanium-based Systems
>     - Windows Server 2003 with SP1 for Itanium-based Systems
>     - Windows Server 2003 x64 Edition
>
>     - Review the FAQ section of bulletin MS05-O38 for information
>       about these operating systems:
>         - Windows 98
>         - Windows 98 Second Edition (SE)
>         - Windows Millennium Edition (ME)
>
>     - Impact: Remote Code Execution
>     - Version Number: 1.0  
>
>     - Impact: Remote Code Execution
>     - Version Number: 1.0  
>
>
> Moderate Security Bulletins
> ===========================
>
> MS05-041 - Vulnerability in Remote Desktop Protocol Could Allow
>        Denial of Service (899591)
>
>
>   - Affected Software:
>     - Windows XP Service Pack 1
>     - Windows XP Service Pack 2
>     - Windows XP Professional x64 Edition
>     - Windows Server 2003
>     - Windows Server 2003 Service Pack 1
>     - Windows Server 2003 for Itanium-based Systems
>     - Windows Server 2003 with SP1 for Itanium-based Systems
>     - Windows Server 2003 x64 Edition
>
>     - Impact: Denial of Service
>     - Version Number: 1.0  
>
>
> MS05-042 - Vulnerabilities in Kerberos Could Allow Denial of Service,
> Information Disclosure, and Spoofing (899587)
>
>
>   - Affected Software:
>     - Windows 2000 Service Pack 4
>     - Windows XP Service Pack 1
>     - Windows XP Service Pack 2
>     - Windows XP Professional x64 Edition
>     - Windows Server 2003
>     - Windows Server 2003 Service Pack 1
>     - Windows Server 2003 for Itanium-based Systems
>     - Windows Server 2003 with SP1 for Itanium-based Systems
>     - Windows Server 2003 x64 Edition
>
>     - Impact: Remote Code Execution
>     - Version Number: 1.0  
>
>
> Update Availability:
> ===================
> Updates are available to address these issues.
> For additional information, including Technical Details,
> Workarounds, answers to Frequently Asked Questions,
> and Update Deployment Information please read
> the Microsoft Security Bulletin Summary for this
> month at: http://go.microsoft.com/fwlink/?LinkId=51160
> Support:
> ========
> Technical support is available from Microsoft Product Support
> Services at 1-866-PC SAFETY (1-866-727-2338). There is no
> charge for support calls associated with security updates.
> International customers can get support from their local Microsoft
> subsidiaries. Phone numbers for international support can be found
> at: http://support.microsoft.com/common/international.aspx
>  
> Additional Resources:
> =====================
> * Microsoft has created a free monthly e-mail newsletter containing
>   valuable information to help you protect your network. This
>   newsletter provides practical security tips, topical security
>   guidance, useful resources and links, pointers to helpful
>   community resources, and a forum for you to provide feedback
>   and ask security-related questions.
>   You can sign up for the newsletter at:
>
>   http://www.microsoft.com/technet/security/secnews/default.mspx
>
> * Microsoft has created a free e-mail notification service that
>   serves as a supplement to the Security Notification Service
>   (this e-mail). The Microsoft Security Notification Service:
>   Comprehensive Version. It provides timely notification of any
>   minor changes or revisions to previously released Microsoft
>   Security Bulletins and Security Advisories. This new service
>   provides notifications that are written for IT professionals and
>   contain technical information about the revisions to security
>   bulletins. To register visit the following Web site:
>
>   http://www.microsoft.com/technet/security/bulletin/notify.mspx
>
> * Join Microsoft's webcast for a live discussion of the technical
>   details of these security bulletins and steps you can take
>   to protect your environment. Details about the live webcast
>   can be found at:  
>
>   www.microsoft.com/technet/security/bulletin/summary.mspx
>
>   The on-demand version of the webcast will be available 24 hours
>   after the live webcast at:
>
>   www.microsoft.com/technet/security/bulletin/summary.mspx
>
> * Protect your PC: Microsoft has provided information on how you
>   can help protect your PC at the following locations:
>
>   http://www.microsoft.com/security/protect/
>
>   If you receive an e-mail that claims to be distributing a
>   Microsoft security update, it is a hoax that may be distributing a
>   virus. Microsoft does not distribute security updates through
>   e-mail. You can learn more about Microsoft's software distribution
>   policies here:
>   
> http://www.microsoft.com/technet/security/topics/policy/swdist.mspx
>
> Acknowledgments:
> ================
> Microsoft thanks the following for working with us to protect
> customers:
>
> - - Bernhard Mueller and Martin Eiszner of SEC Consult <http://www.sec-
> consult.com/>  for reporting an issue described in MS05-038
>
> - - The NSFOCUS Security Team <http://www.nsfocus.com/>  for reporting
> an issue
> described in MS05-038
>
> - - Neel Mehta of ISS X-Force <http://www.iss.net/>  for reporting an
> issue
> described in MS05-039
>
> - - Jean-Baptiste Marchand of Herve Schauer Consultants
> <http://www.hsc.fr/>  for
> working with us on MS05-039
>
> - - Kostya Kortchinsky <mailto:kostya.kortchinsky@renater.fr>  from
> CERT RENATER
> for reporting an issue described in MS05-040 and MS05-043
>
> - - Tom Ferris of Security Protocols
> <http://www.security-protocols.com/>  for
> reporting an issue described in MS05-041.
>
> - - Tony Chin <mailto:Tony.Chin@shell.com>  of Shell, Inc. for
> reporting an issue
> described in MS05-042.
>
> - - Andre Scedrov <http://www.cis.upenn.edu/~scedrov/> and his team;
> Iliano
> Cervesato, Aaron Jaggard, Joe-Kai Tsay, and Chris Walstad, for
> reporting an
> issue described in MS05-042
>
> ********************************************************************
> THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
> PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
> DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
> THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
> PURPOSE.
> IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
> LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
> INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
> DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
> ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
> SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
> FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
> LIMITATION MAY NOT APPLY.
> ********************************************************************
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.1
>
> iQIUAwUBQvkQ64reEgaqVbxmAQKOfA/1E4ZoSPnBqllxJFxdbPo3IZiZIFZ+HTW7
> YJxQzha3CX7usmKrDgSmqdDa4RWyoGF2Rs2hUTglJfvb6E8Ds0CkFtrEzO/ms9ql
> 0gELiERwxraCWWldyCOqzSQTFwWv+dHSBLrIiqonQZfje+XL1QFRy5UH50jZEsqn
> Em0cHqp5HlPZT6UNQdGZCOpIzbylNuB5G3P/wKK4/mikGS16LHOJBnRxxJo/BoqD
> By8g5N2sPYaR349WQf2yirNE8cN0XVpPp7REWYI0U1NjqM5a56EW/IL07oEFX1wa
> tq6sTCbInsZi9f6tVPngZaUVIG9z4Cb9c5NiW/BO5PPBQe8VKK71xCCspfkCUQV/
> oAP6+YJ81bq+OaRaqmsuu9hX8efnhoVpGRHqal5cS+MIuRFHgUl9M7aRTLG2YZ1a
> rigChGV+tjc5l2sQWGIF83WoNs25ERkTXgsM5F9zBl2XA4uLW+XaxA0h6vUEdGIe
> fkHk9kd845htjOatrnIjjMMgbkZvxzg4kwaOBiMa/39D8MBrn2Mgbf00YPserQKg
> 5grhXouy/0+yluEssBPfh+ndho5N+Z79Ez8hoZfzDLTAYcEpAamFMGiG0wzW5klo
> Hl86fz+GUXiwmH5yIuVYNhfFoXyYMwrQmMf3/U7FPKHRukSHF8g/8vcLpmh7x+jh
> WCtR+ymRmA==
> =HPC2
> -----END PGP SIGNATURE-----
> To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at the Microsoft.com web site <http://www.microsoft.com/misc/unsubscribe.htm>. You can manage all your Microsoft.com communication preferences at this site.
>
> Legal Information <http://www.microsoft.com/info/legalinfo/default.mspx>.
>
> This newsletter was sent by the Microsoft Corporation
> 1 Microsoft Way
> Redmond, Washington, USA
> 98052
>
>