大家好,我是 Richard Chen。
在此提前通知各位:微软计划于北京时间4月11日清晨发布6个安全补丁,共修复 Microsoft Windows, Microsoft Office, Internet Explorer, Forefront UAG 和 .NET Framework 中的11个安全漏洞。6个补丁的最高严重等级详见下图:
Bulletin ID Maximum Severity Rating and Vulnerability Impact Restart Requirement Affected SoftwareBulletin 1 | Critical Remote Code Execution |
Requires restart | Microsoft Windows, Internet Explorer |
Bulletin 2 | Critical Remote Code Execution |
Requires restart | Microsoft Windows |
Bulletin 3 | Critical Remote Code Execution |
May require restart | Microsoft Windows, Microsoft .NET Framework |
Bulletin 4 | Critical Remote Code Execution |
May require restart | Microsoft Office, Microsoft SQL Server, Microsoft Server Software, Microsoft Developer Tools |
Bulletin 5 | Important Information Disclosure |
May require restart | Microsoft Forefront United Access Gateway |
Bulletin 6 | Important Remote Code Execution |
May require restart | Microsoft Office |
按照受影响的操作系统分类如下:
Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2Bulletin Identifier | Bulletin 1 | Bulletin 2 | Bulletin 3 |
Aggregate Severity Rating | Critical | Critical | Critical |
Windows XP Service Pack 3 | Internet Explorer 6 (Critical) Internet Explorer 7 (Critical) Internet Explorer 8 (Critical) |
Windows XP Service Pack 3 (Critical) |
Windows XP Service Pack 3 (Critical) |
Windows XP Professional x64 Edition Service Pack 2 | Internet Explorer 6 (Critical) Internet Explorer 7 (Critical) Internet Explorer 8 (Critical) |
Windows XP Professional x64 Edition Service Pack 2 (Critical) |
Windows XP Professional x64 Edition Service Pack 2 (Critical) |
Bulletin Identifier | Bulletin 1 | Bulletin 2 | Bulletin 3 |
Aggregate Severity Rating | Moderate | Critical | Critical |
Windows Server 2003 Service Pack 2 | Internet Explorer 6 (Moderate) Internet Explorer 7 (Moderate) Internet Explorer 8 (Moderate) |
Windows Server 2003 Service Pack 2 (Critical) |
Windows Server 2003 Service Pack 2 (Critical) |
Windows Server 2003 x64 Edition Service Pack 2 | Internet Explorer 6 (Moderate) Internet Explorer 7 (Moderate) Internet Explorer 8 (Moderate) |
Windows Server 2003 x64 Edition Service Pack 2 (Critical) |
Windows Server 2003 x64 Edition Service Pack 2 (Critical) |
Windows Server 2003 with SP2 for Itanium-based Systems | Internet Explorer 6 (Moderate) Internet Explorer 7 (Moderate) |
Windows Server 2003 with SP2 for Itanium-based Systems (Critical) |
Windows Server 2003 with SP2 for Itanium-based Systems (Critical) |
Bulletin Identifier | Bulletin 1 | Bulletin 2 | Bulletin 3 |
Aggregate Severity Rating | Critical | Critical | Critical |
Windows Vista Service Pack 2 | Internet Explorer 7 (Critical) Internet Explorer 8 (Critical) Internet Explorer 9 (Critical) |
Windows Vista Service Pack 2 (Critical) |
Windows Vista Service Pack 2 (Critical) |
Windows Vista x64 Edition Service Pack 2 | Internet Explorer 7 (Critical) Internet Explorer 8 (Critical) Internet Explorer 9 (Critical) |
Windows Vista x64 Edition Service Pack 2 (Critical) |
Windows Vista x64 Edition Service Pack 2 (Critical) |
Bulletin Identifier | Bulletin 1 | Bulletin 2 | Bulletin 3 |
Aggregate Severity Rating | Moderate | Critical | Critical |
Windows Server 2008 for 32-bit Systems Service Pack 2 | Internet Explorer 7** (Moderate) Internet Explorer 8** (Moderate) Internet Explorer 9** (Moderate) |
Windows Server 2008 for 32-bit Systems Service Pack 2* (Critical) |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Critical) |
Windows Server 2008 for x64-based Systems Service Pack 2 | Internet Explorer 7** (Moderate) Internet Explorer 8** (Moderate) Internet Explorer 9** (Moderate) |
Windows Server 2008 for x64-based Systems Service Pack 2* (Critical) |
Windows Server 2008 for x64-based Systems Service Pack 2 (Critical) |
Windows Server 2008 for Itanium-based Systems Service Pack 2 | Internet Explorer 7 (Moderate) |
Windows Server 2008 for Itanium-based Systems Service Pack 2 (Critical) |
Windows Server 2008 for Itanium-based Systems Service Pack 2 (Critical) |
Bulletin Identifier | Bulletin 1 | Bulletin 2 | Bulletin 3 |
Aggregate Severity Rating | Critical | Critical | Critical |
Windows 7 for 32-bit Systems | Internet Explorer 8 (Critical) Internet Explorer 9 (Critical) |
Windows 7 for 32-bit Systems (Critical) |
Windows 7 for 32-bit Systems (Critical) |
Windows 7 for 32-bit Systems Service Pack 1 | Internet Explorer 8 (Critical) Internet Explorer 9 (Critical) |
Windows 7 for 32-bit Systems Service Pack 1 (Critical) |
Windows 7 for 32-bit Systems Service Pack 1 (Critical) |
Windows 7 for x64-based Systems | Internet Explorer 8 (Critical) Internet Explorer 9 (Critical) |
Windows 7 for x64-based Systems (Critical) |
Windows 7 for x64-based Systems (Critical) |
Windows 7 for x64-based Systems Service Pack 1 | Internet Explorer 8 (Critical) Internet Explorer 9 (Critical) |
Windows 7 for x64-based Systems Service Pack 1 (Critical) |
Windows 7 for x64-based Systems Service Pack 1 (Critical) |
Bulletin Identifier | Bulletin 1 | Bulletin 2 | Bulletin 3 |
Aggregate Severity Rating | Moderate | Critical | Critical |
Windows Server 2008 R2 for x64-based Systems | Internet Explorer 8** (Moderate) Internet Explorer 9** (Moderate) |
Windows Server 2008 R2 for x64-based Systems* (Critical) |
Windows Server 2008 R2 for x64-based Systems* (Critical) |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Internet Explorer 8** (Moderate) Internet Explorer 9** (Moderate) |
Windows Server 2008 R2 for x64-based Systems Service Pack 1* (Critical) |
Windows Server 2008 R2 for x64-based Systems Service Pack 1* (Critical) |
Windows Server 2008 R2 for Itanium-based Systems | Internet Explorer 8 (Moderate) |
Windows Server 2008 R2 for Itanium-based Systems (Critical) |
Windows Server 2008 R2 for Itanium-based Systems (Critical) |
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 | Internet Explorer 8 (Moderate) |
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (Critical) |
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (Critical) |
Windows Server 2008和 Windows Server 2008 R2注意事项:
*Server Core 安装受影响
**Server Core 安装不受影响
微软 Office 补丁相关信息:
Microsoft Office Suites and Components Microsoft Office Web Components Other Microsoft Office SoftwareBulletin Identifier | Bulletin 4 | Bulletin 6 |
Aggregate Severity Rating | Critical | Important |
Microsoft Office 2003 Service Pack 3 | Microsoft Office 2003 Service Pack 3 (Critical) |
Not applicable |
Microsoft Office 2007 Service Pack 2 | Microsoft Office 2007 Service Pack 2 (Critical) |
Microsoft Office 2007 Service Pack 2 (Important) |
Microsoft Office 2007 Service Pack 3 | Microsoft Office 2007 Service Pack 3 (Critical) |
Not applicable |
Microsoft Office 2010 (32-bit editions) | Microsoft Office 2010 (32-bit editions) (Critical) |
Not applicable |
Microsoft Office 2010 Service Pack 1 (32-bit editions) | Microsoft Office 2010 Service Pack 1 (32-bit editions) (Critical) |
Not applicable |
Bulletin Identifier | Bulletin 4 | Bulletin 6 |
Aggregate Severity Rating | Critical | None |
Microsoft Office 2003 Web Components Service Pack 3 | Microsoft Office 2003 Web Components Service Pack 3 (Critical) |
Not applicable |
Bulletin Identifier | Bulletin 4 | Bulletin 6 |
Aggregate Severity Rating | None | Important |
Microsoft Works 9 | Not applicable | Microsoft Works 9 (Important) |
Microsoft Works 6–9 File Converter | Not applicable | Microsoft Works 6–9 File Converter (Important) |
Bulletin 4 的注释 : 本补丁影响多类软件。
微软服务器软件补丁相关信息:
Microsoft SQL ServerBulletin Identifier | Bulletin 4 |
Aggregate Severity Rating | Critical |
Microsoft SQL Server 2000 Service Pack 4 | Microsoft SQL Server 2000 Service Pack 4 (Critical) |
Microsoft SQL Server 2000 Analysis Services Service Pack 4 | Microsoft SQL Server 2000 Analysis Services Service Pack 4 (Critical) |
Microsoft SQL Server 2005 for 32-bit Systems Service Pack 4 | Microsoft SQL Server 2005 for 32-bit Systems Service Pack 4 (Critical) |
Microsoft SQL Server 2005 for Itanium-based Systems Service Pack 4 | Microsoft SQL Server 2005 for Itanium-based Systems Service Pack 4 (Critical) |
Microsoft SQL Server 2005 for x64-based Systems Service Pack 4 | Microsoft SQL Server 2005 for x64-based Systems Service Pack 4 (Critical) |
Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 4 | Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 4 (Critical) |
Microsoft SQL Server 2008 for 32-bit Systems Service Pack 2 | Microsoft SQL Server 2008 for 32-bit Systems Service Pack 2 (Critical) |
Microsoft SQL Server 2008 for 32-bit Systems Service Pack 3 | Microsoft SQL Server 2008 for 32-bit Systems Service Pack 3 (Critical) |
Microsoft SQL Server 2008 for x64-based Systems Service Pack 2 | Microsoft SQL Server 2008 for x64-based Systems Service Pack 2 (Critical) |
Microsoft SQL Server 2008 for x64-based Systems Service Pack 3 | Microsoft SQL Server 2008 for x64-based Systems Service Pack 3 (Critical) |
Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 2 | Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 2 (Critical) |
Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 3 | Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 3 (Critical) |
Microsoft SQL Server 2008 R2 for 32-bit Systems | Microsoft SQL Server 2008 R2 for 32-bit Systems (Critical) |
Microsoft SQL Server 2008 R2 for x64-based Systems | Microsoft SQL Server 2008 R2 for x64-based Systems (Critical) |
Microsoft SQL Server 2008 R2 for Itanium-based Systems | Microsoft SQL Server 2008 R2 for Itanium-based Systems (Critical) |
Microsoft BizTalk Server Microsoft Commerce ServerBulletin 4 的注释 : 本补丁影响多类软件。
Bulletin Identifier | Bulletin 4 |
Aggregate Severity Rating | Critical |
Microsoft BizTalk Server 2002 Service Pack 1 | Microsoft BizTalk Server 2002 Service Pack 1 (Critical) |
Bulletin Identifier | Bulletin 4 |
Aggregate Severity Rating | Critical |
Microsoft Commerce Server 2002 Service Pack 4 | Microsoft Commerce Server 2002 Service Pack 4 (Critical) |
Microsoft Commerce Server 2007 Service Pack 2 | Microsoft Commerce Server 2007 Service Pack 2 (Critical) |
Microsoft Commerce Server 2009 | Microsoft Commerce Server 2009 (Critical) |
Microsoft Commerce Server 2009 R2 | Microsoft Commerce Server 2009 R2 (Critical) |
Bulletin 4 的注释 : 本补丁影响多类软件。
微软开发者工具与软件补丁相关信息:
Microsoft Visual FoxPro Visual BasicBulletin Identifier | Bulletin 4 |
Aggregate Severity Rating | Critical |
Microsoft Visual FoxPro 8.0 Service Pack 1 | Microsoft Visual FoxPro 8.0 Service Pack 1 (Critical) |
Microsoft Visual FoxPro 9.0 Service Pack 2 | Microsoft Visual FoxPro 9.0 Service Pack 2 (Critical) |
Bulletin Identifier | Bulletin 4 |
Aggregate Severity Rating | Critical |
Visual Basic 6.0 Runtime | Visual Basic 6.0 Runtime (Critical) |
Bulletin 4 的注释 : 本补丁影响多类软件。
微软远程访问软件补丁相关信息:
Microsoft Forefront Unified Access GatewayBulletin Identifier | Bulletin 5 |
Aggregate Severity Rating | Important |
Microsoft Forefront Unified Access Gateway | Microsoft Forefront Unified Access Gateway 2010 Service Pack 1 (Important) Microsoft Forefront Unified Access Gateway 2010 Service Pack 1 Update 1 (Important) |
以下为提前通知的文章全文(英文),请各位先行评估了解受影响的系统。
Microsoft Security Bulletin Advance Notification for April 2012:
http://technet.microsoft.com/en-us/security/bulletin/ms12-apr
谢谢!
Richard Chen
大中华区软件安全项目经理