大家好,我是 Richard Chen。
在此提前通知各位:微软计划于北京时间6月13日清晨发布7个安全补丁,共修复 Microsoft Windows, Internet Explorer, Visual Basic for Applications, Dynamics AX, 和 .NET Framework 中的25个安全漏洞。 7个补丁的最高严重等级详见下图:
Bulletin ID Maximum Severity Rating and Vulnerability Impact Restart Requirement Affected Software Bulletin 1 Critical Remote Code Execution Requires restart Microsoft Windows Bulletin 2 Critical Remote Code Execution Requires restart Microsoft Windows, Internet Explorer Bulletin 3 Critical Remote Code Execution May require restart Microsoft Windows, Microsoft .NET Framework Bulletin 4 Important Remote Code Execution May require restart Microsoft Office, Microsoft Visual Basic for Applications Bulletin 5 Important Elevation of Privilege May require restart Microsoft Dynamics AX Bulletin 6 Important Elevation of Privilege Requires restart Microsoft Windows Bulletin 7 Important Elevation of Privilege Requires restart Microsoft Windows
按照受影响的操作系统分类如下:
Windows XP Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 3 Bulletin 6 Bulletin 7 Aggregate Severity Rating Moderate Critical Critical Important Important Windows XP Service Pack 3 Windows XP Service Pack 3 (Moderate) Internet Explorer 6 (Critical) Internet Explorer 7 (Critical) Internet Explorer 8 (Critical) Windows XP Service Pack 3 (Critical) Windows XP Service Pack 3 (Important) Windows XP Service Pack 3 (Important) Windows XP Professional x64 Edition Service Pack 2 Windows XP Professional x64 Edition Service Pack 2 (Moderate) Internet Explorer 6 (Critical) Internet Explorer 7 (Critical) Internet Explorer 8 (Critical) Windows XP Professional x64 Edition Service Pack 2 (Critical) Windows XP Professional x64 Edition Service Pack 2 (Important) Not applicable Windows Server 2003 Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 3 Bulletin 6 Bulletin 7 Aggregate Severity Rating Critical Moderate Critical Important Important Windows Server 2003 Service Pack 2 Windows Server 2003 Service Pack 2 (Critical) Internet Explorer 6 (Moderate) Internet Explorer 7 (Moderate) Internet Explorer 8 (Moderate) Windows Server 2003 Service Pack 2 (Critical) Windows Server 2003 Service Pack 2 (Important) Windows Server 2003 Service Pack 2 (Important) Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 (Critical) Internet Explorer 6 (Moderate) Internet Explorer 7 (Moderate) Internet Explorer 8 (Moderate) Windows Server 2003 x64 Edition Service Pack 2 (Critical) Windows Server 2003 x64 Edition Service Pack 2 (Important) Not applicable Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2003 with SP2 for Itanium-based Systems (Critical) Internet Explorer 6 (Moderate) Internet Explorer 7 (Moderate) Windows Server 2003 with SP2 for Itanium-based Systems (Critical) Windows Server 2003 with SP2 for Itanium-based Systems (Important) Not applicable Windows Vista Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 3 Bulletin 6 Bulletin 7 Aggregate Severity Rating Moderate Critical Critical Important None Windows Vista Service Pack 2 Windows Vista Service Pack 2 (Moderate) Internet Explorer 7 (Critical) Internet Explorer 8 (Critical) Internet Explorer 9 (Critical) Windows Vista Service Pack 2 (Critical) Windows Vista Service Pack 2 (Important) Not applicable Windows Vista x64 Edition Service Pack 2 Windows Vista x64 Edition Service Pack 2 (Moderate) Internet Explorer 7 (Critical) Internet Explorer 8 (Critical) Internet Explorer 9 (Critical) Windows Vista x64 Edition Service Pack 2 (Critical) Windows Vista x64 Edition Service Pack 2 (Important) Not applicable Windows Server 2008 Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 3 Bulletin 6 Bulletin 7 Aggregate Severity Rating Critical Moderate Critical Important None Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Critical) Internet Explorer 7 (Moderate) Internet Explorer 8 (Moderate) Internet Explorer 9 (Moderate) Windows Server 2008 for 32-bit Systems Service Pack 2 (Critical) Windows Server 2008 for 32-bit Systems Service Pack 2 (Important) Not applicable Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Critical) Internet Explorer 7 (Moderate) Internet Explorer 8 (Moderate) Internet Explorer 9 (Moderate) Windows Server 2008 for x64-based Systems Service Pack 2 (Critical) Windows Server 2008 for x64-based Systems Service Pack 2 (Important) Not applicable Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 (Critical) Internet Explorer 7 (Moderate) Windows Server 2008 for Itanium-based Systems Service Pack 2 (Critical) Windows Server 2008 for Itanium-based Systems Service Pack 2 (Important) Not applicable Windows 7 Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 3 Bulletin 6 Bulletin 7 Aggregate Severity Rating Critical Critical Critical Important Important Windows 7 for 32-bit Systems Windows 7 for 32-bit Systems (Moderate) Internet Explorer 8 (Critical) Internet Explorer 9 (Critical) Windows 7 for 32-bit Systems (Critical) Windows 7 for 32-bit Systems (Important) Not applicable Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 (Critical) Internet Explorer 8 (Critical) Internet Explorer 9 (Critical) Windows 7 for 32-bit Systems Service Pack 1 (Critical) Windows 7 for 32-bit Systems Service Pack 1 (Important) Not applicable Windows 7 for x64-based Systems Windows 7 for x64-based Systems (Moderate) Internet Explorer 8 (Critical) Internet Explorer 9 (Critical) Windows 7 for x64-based Systems (Critical) Windows 7 for x64-based Systems (Important) Windows 7 for x64-based Systems (Important) Windows 7 for x64-based Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 (Critical) Internet Explorer 8 (Critical) Internet Explorer 9 (Critical) Windows 7 for x64-based Systems Service Pack 1 (Critical) Windows 7 for x64-based Systems Service Pack 1 (Important) Windows 7 for x64-based Systems Service Pack 1 (Important) Windows Server 2008 R2 Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 3 Bulletin 6 Bulletin 7 Aggregate Severity Rating Critical Moderate Critical Important Important Windows Server 2008 R2 for x64-based Systems Windows Server 2008 R2 for x64-based Systems (Critical) Internet Explorer 8 (Moderate) Internet Explorer 9 (Moderate) Windows Server 2008 R2 for x64-based Systems (Critical) Windows Server 2008 R2 for x64-based Systems (Important) Windows Server 2008 R2 for x64-based Systems (Important) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Critical) Internet Explorer 8 (Moderate) Internet Explorer 9 (Moderate) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Critical) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Important) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Important) Windows Server 2008 R2 for Itanium-based Systems Windows Server 2008 R2 for Itanium-based Systems (Critical) Internet Explorer 8 (Moderate) Windows Server 2008 R2 for Itanium-based Systems (Critical) Windows Server 2008 R2 for Itanium-based Systems (Important) Not applicable Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (Critical) Internet Explorer 8 (Moderate) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (Critical) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (Important) Not applicable Server Core installation option Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 3 Bulletin 6 Bulletin 7 Aggregate Severity Rating Critical None Critical Important Important Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Critical) Not applicable Not applicable Windows Server 2008 for 32-bit Systems Service Pack 2 (Important) Not applicable Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Critical) Not applicable Not applicable Windows Server 2008 for x64-based Systems Service Pack 2 (Important) Not applicable Windows Server 2008 R2 for x64-based Systems Windows Server 2008 R2 for x64-based Systems (Critical) Not applicable Windows Server 2008 R2 for x64-based Systems (Critical) Windows Server 2008 R2 for x64-based Systems (Important) Windows Server 2008 R2 for x64-based Systems (Important) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Critical) Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Critical) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Important) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Important)
微软 Office 补丁相关信息:
Microsoft Office Software Bulletin Identifier Bulletin 4 Aggregate Severity Rating Important Microsoft Office 2003 Service Pack 3 Microsoft Office 2003 Service Pack 3 (Important) Microsoft Office 2007 Service Pack 2 Microsoft Office 2007 Service Pack 2 (Important) Microsoft Office 2007 Service Pack 3 Microsoft Office 2007 Service Pack 3 (Important) Microsoft Office 2010 (32-bit editions) Microsoft Office 2010 (32-bit editions) (No severity rating [1] ) Microsoft Office 2010 Service Pack 1 (32-bit editions) Microsoft Office 2010 Service Pack 1 (32-bit editions) (No severity rating [1] ) Microsoft Office 2010 (64-bit editions) Microsoft Office 2010 (64-bit editions) (No severity rating [1] ) Microsoft Office 2010 Service Pack 1 (64-bit editions) Microsoft Office 2010 Service Pack 1 (64-bit editions) (No severity rating [1] )
Bulletin 4 的注释 : 严重等级不适用于本补丁。目前尚未发现针对此漏洞的攻击方式,但仍建议用户部署此安全更新,防范于未然。本补丁涉及多类软件。
微软开发者工具与软件补丁相关信息:
Microsoft Visual Basic for Applications Bulletin Identifier Bulletin 4 Aggregate Severity Rating Important Microsoft Visual Basic for Applications Microsoft Visual Basic for Applications (Important) Microsoft Visual Basic for Applications SDK Microsoft Visual Basic for Applications SDK (Important)
Bulletin 4 的注释 : 本补丁涉及多类软件。
微软微软企业资源规划(ERP) 解决方案相关信息:
Microsoft Dynamics ERP Bulletin Identifier Bulletin 5 Aggregate Severity Rating Important Microsoft Dynamics AX 2012 Microsoft Dynamics AX 2012 Enterprise Portal (Important) Microsoft Dynamics AX 2012 Enterprise Portal (Important) Microsoft Dynamics AX 2012 Enterprise Portal (Important)
以下为提前通知的文章全文(英文),请各位先行评估了解受影响的系统。
Microsoft Security Bulletin Advance Notification for June 2012:
http://technet.microsoft.com/en-us/security/bulletin/ms12-jun
谢谢!
Richard Chen
大中华区软件安全项目经理