Richard Chen Net , Sec , MCSE2003 Security, CISSP - PowerPoint PPT Presentation

1 / 29
About This Presentation
Title:

Richard Chen Net , Sec , MCSE2003 Security, CISSP

Description:

Richard Chen ??? (Net , Sec , MCSE2003 Security, CISSP) ?????? ... User must click through trust decision dialog box. Dialog box does not occur in Office 2000. ... – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 30
Provided by: Micro244
Category:

less

Transcript and Presenter's Notes

Title: Richard Chen Net , Sec , MCSE2003 Security, CISSP


1
Richard Chen ???(Net, Sec, MCSE2003Security,
CISSP)??????????????????
????????? May 10, 2007
2
What Will We cover?
  • Security Bulletins
  • 7 New Critical updates
  • Non-Security Releases
  • 4 Non-security updates
  • Detection and Deployment
  • Other Information
  • Windows Malicious Software Removal Tool
  • LifeCycle Information
  • References

3
Questions and Answers
  • Submit text questions using the Ask a Question
    button

4
Hot issue updates
  • Svchost.exe high CPU (99) when doing update scan
  • Resolution Try to install Windows Update Agent
    v3http//download.windowsupdate.com/v7/windowsupd
    ate/redist/standalone/WindowsUpdateAgent30-x86.exe
    http//download.windowsupdate.com/v7/windowsupdat
    e/redist/standalone/WindowsUpdateAgent30-x64.exeh
    ttp//download.windowsupdate.com/v7/windowsupdate/
    redist/standalone/WindowsUpdateAgent30-ia64.exe
  • Further information can be found at
    http//blogs.technet.com/wsus/archive/2007/04/28/u
    pdate-on.aspx

5
May 2007 Security Bulletins Overview
6
May 2007 Security BulletinsSeverity Summary
7
May 2007 Security BulletinsSeverity Summary (2)
8
MS07-023 Vulnerabilities in Microsoft Excel
Could Allow Remote Code Execution (934233)
Critical
9
MS07-023 Vulnerabilities in Microsoft Excel
Could Allow Remote Code Execution (934233)
Critical
10
MS07-024 Vulnerabilities in Microsoft Word
Could Allow Remote Code Execution (934232)
Critical
11
MS07-024 Vulnerabilities in Microsoft Word
Could Allow Remote Code Execution (934232)
Critical
12
MS07-025 Vulnerability in Microsoft Office
Could Allow Remote Code Execution (934873)
Critical
13
MS07-025 Vulnerability in Microsoft Office
Could Allow Remote Code Execution (934873)
Critical
14
MS07-026 Vulnerabilities in Microsoft Exchange
Could Allow Remote Code Execution (931832)
Critical
15
MS07-027 Cumulative Security Update for
Internet Explorer (931768) Critical
16
MS07-027 Cumulative Security Update for
Internet Explorer (931768) Critical
17
MS07-028 Vulnerability in CAPICOM Could Allow
Remote Code Execution (931906)) Critical
18
MS07-028 Vulnerability in CAPICOM Could Allow
Remote Code Execution (931906)) Critical
19
MS07-029 Situation Overview
  • First obtained partial information of limited
    attacks on April 6, 2007
  • Investigation yielded information about new
    vulnerability on April 11, 2007
  • Workarounds identified and Security Advisory
    935964 released on April 12, 2007
  • Information released to Microsoft Security
    Alliance (MSRA) partners to help provide broader
    protections
  • Ongoing monitoring indicated attacks remained
    limited

20
MS07-029 Vulnerability in RPC on Windows DNS
Server Could Allow Remote Code Execution (935966)
Critical
21
Detection and Deployment
22
Detection and Deployment Support in Windows Vista
  • Supported
  • Windows Update
  • Microsoft Update
  • MBSA 2.1 (beta, remote only)
  • MBSA 2.0.1 (remote only)
  • WSUS
  • SMS 2003 with ITMU V3
  • Not Supported
  • Software update Services
  • MBSA 1.2.1
  • SMS Security Update Inventory Tool
  • SMS 2003 with ITMU earlier than V3

23
Other Update Information
24
May 2007 Non-Security Updates
25
Windows Malicious Software Removal Tool
  • Adds the ability to remove
  • Win32/Renos
  • Available as priority update through Windows
    Update or Microsoft Update for Windows XP users
  • Offered through WSUS not offered through SUS 1.0
  • Also available as a download at
  • www.microsoft.com/malwareremove

26
Lifecycle Support Information
  • April 2007
  • Windows Server 2003 RTM (SP0)
  • July 10, 2007
  • Software Update Services 1.0
  • SQL Server 2000 Service Pack 3a
  • SQL Server 2005 RTM (SP0)

27
Resources
  • Security Bulletins Summary http//www.microsoft.c
    om/taiwan/technet/security/bulletin/ms07-may.mspx
  • Security Bulletins Searchwww.microsoft.com/techne
    t/security/current.aspx
  • Security Advisorieswww.microsoft.com/taiwan/techn
    et/security/advisory/
  • MSRC Bloghttp//blogs.technet.com/msrc
  • Notificationswww.microsoft.com/technet/security/b
    ulletin/notify.mspx
  • TechNet Radiowww.microsoft.com/tnradio
  • IT Pro Security Newsletterwww.microsoft.com/techn
    et/security/secnews/
  • TechNet Security Centerwww.microsoft.com/taiwan/t
    echnet/security
  • TechNet Forum ITProhttp//forums.microsoft.com/te
    chnet-cht/default.aspx?siteid23
  • Detection and deployment guidance for the May
    2007 security releasehttp//support.microsoft.com
    /kb/936981/en-us

28
Questions and Answers
  • Submit text questions using the Ask a Question
    button
  • Dont forget to fill out the survey
  • For upcoming and previously recorded webcasts
    http//www.microsoft.com/taiwan/technet/webcast/de
    fault.aspx
  • Webcast content suggestions http//www.microsoft
    .com/taiwan/technet/forum

29
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com