Wednesday, August 11, 2010

Microsoft Patch Tuesday August 2010 - Fixed 34 holes in Windows, IE, Office and Silverlight

ไมโครซอฟท์ออก Patch จำนวน 14 ตัวเพื่อแก้ 34 ช่องโหว่ความปลอดภัยใน Windows, Internet Explorer, Office และ Microsoft Silverlight
บทความโดย: The Windows Administrator Blog

การอัปเดทระบบวินโดวส์เดือนนี้เป็นงานหนักสำหรับแอดมินเมื่อไมโครซอฟท์ (Microsoft) สร้างสถิติจำนวนแพตซ์ (Patch) ใหม่ โดยออกแพตซ์จำนวนทั้งหมด 14 ตัว เพื่อแก้ 34 ปัญหาช่องโหว่ความปลอดภัยที่พบใน Windows, Internet Explorer, Microsoft Office และ Microsoft Silverlight ซึ่งนับเป็นจำนวนมากที่สุดในการออกแพตซ์ประจำเดือนเท่าที่เคยมีมา ตามรายละเอียดด้านล่าง

Executive Summariess
วันอังคารที่ 10 สิงหาคม 2553 (ตรงกับวันพุธที่ 11 สิงหาคม 2553 ตามเวลาในประเทศไทย) ไมโครซอฟท์ได้ออก "Microsoft Security Update for August 2010" หรือที่เรียกกันในเหล่าแอดมินว่า "Patch Tuesday" จำนวน 14 อัปเดท เป็นแพตซ์ของระบบ Windows, Internet Explorer, Office และ Microsoft Silverlight รายละเอียดดังต่อไปนี้
• มีแพตซ์สำหรับแก้ช่องโหว่ความปลอดภัยของระบบ Windows จำนวน 10 ตัว โดยมีแพตซ์ถึง 5 ตัวที่มีความร้ายแรงระดับวิกฤติ (Critical) และมีแพตซ์ 5 ตัวที่มีความร้ายแรงสูง (Important)
• มีแพตซ์สำหรับแก้ช่องโหว่ความปลอดภัยของ Microsoft Office จำนวน 2 ตัว มีแพตซ์ 1 ตัวที่มีความร้ายแรงระดับวิกฤติ และอีก 1 ตัว มีความร้ายแรงสูง
• มีแพตซ์สำหรับแก้ช่องโหว่ความปลอดภัยของ Internet Explorer จำนวน 1 ตัว เป็นแพตซ์ที่มีความร้ายแรงระดับวิกฤติ
• มีแพตซ์สำหรับแก้ช่องโหว่ความปลอดภัยของ Microsoft Silverlight จำนวน 1 ตัว เป็นแพตซ์ที่มีความร้ายแรงระดับวิกฤติ

แพตซ์สำหรับแก้ปัญหาความปลอดภัยที่มีความร้ายแรงระดับวิกฤติ (Critical)
แพตซ์สำหรับแก้ปัญหาความปลอดภัยที่มีความร้ายแรงระดับวิกฤติมีจำนวน 8 ตัว เป็นแพตซ์สำหรับแก้ช่องโหว่ความปลอดภัยของ Windows จำนวน 5 ตัว ของ Internet Explorer, Microsoft Office และ Microsoft Silverlight อย่างละ 1 ตัว มีรายละเอียดดังต่อไปนี้
MS10-049: Vulnerabilities in SChannel could allow Remote Code Execution (980436)
Update Link: http://www.microsoft.com/technet/security/Bulletin/MS10-049.mspx
Impact: Remote Code Execution
Affected Software:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems (Windows Server 2008 R2 Server Core installation affected)
- Windows Server 2008 R2 for Itanium-based Systems

MS10-051: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403)
Update Link: http://www.microsoft.com/technet/security/Bulletin/MS10-051.mspx
Impact: Remote Code Execution
Affected Software:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems (Windows Server 2008 R2 Server Core installation affected)
- Windows Server 2008 R2 for Itanium-based Systems

MS10-052: Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168)
Update Link: http://www.microsoft.com/technet/security/Bulletin/MS10-052.mspx
Impact: Remote Code Execution
Affected Software:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2

MS10-053: Cumulative Security Update for Internet Explorer (2183461)
Update Link: http://www.microsoft.com/technet/security/Bulletin/MS10-053.mspx
Impact: Remote Code Execution
Affected Software:
- Internet Explorer 6 for Windows XP Service Pack 3
- Internet Explorer 6 for Windows XP Professional x64 Edition Service Pack 2
- Internet Explorer 6 for Windows Server 2003 Service Pack 2
- Internet Explorer 6 for Windows Server 2003 x64 Edition Service Pack 2
- Internet Explorer 6 for Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 7 for Windows XP Service Pack 3
- Internet Explorer 7 for Windows XP Professional x64 Edition Service Pack 2
- Internet Explorer 7 for Windows Server 2003 Service Pack 2
- Internet Explorer 7 for Windows Server 2003 x64 Edition Service Pack 2
- Internet Explorer 7 for Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 7 in Windows Vista Service Pack 1 andWindows Vista Service Pack 2
- Internet Explorer 7 in Windows Vista x64 Edition Service Pack 1 andWindows Vista x64 Edition Service Pack 2
- Internet Explorer 7 in Windows Server 2008 for 32-bit Systems andWindows Server 2008 for 32-bit Systems Service Pack 2(Windows Server 2008 Server Core installation not affected)
- Internet Explorer 7 in Windows Server 2008 for x64-based Systems andWindows Server 2008 for x64-based Systems Service Pack 2(Windows Server 2008 Server Core installation not affected)
- Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems andWindows Server 2008 for Itanium-based Systems Service Pack 2
- Internet Explorer 8 for Windows XP Service Pack 3
- Internet Explorer 8 for Windows XP Professional x64 Edition Service Pack 2
- Internet Explorer 8 for Windows Server 2003 Service Pack 2
- Internet Explorer 8 for Windows Server 2003 x64 Edition Service Pack 2
- Internet Explorer 8 in Windows Vista Service Pack 1 andWindows Vista Service Pack 2
- Internet Explorer 8 in Windows Vista x64 Edition Service Pack 1 andWindows Vista x64 Edition Service Pack 2
- Internet Explorer 8 in Windows Server 2008 for 32-bit Systems andWindows Server 2008 for 32-bit Systems Service Pack 2(Windows Server 2008 Server Core installation not affected)
- Internet Explorer 8 in Windows Server 2008 for x64-based Systems andWindows Server 2008 for x64-based Systems Service Pack 2(Windows Server 2008 Server Core installation not affected)
- Internet Explorer 8 in Windows 7 for 32-bit Systems
- Internet Explorer 8 in Windows 7 for x64-based Systems
- Internet Explorer 8 in Windows Server 2008 R2 for x64-based Systems
(Windows Server 2008 Server Core installation not affected)
- Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Systems

MS10-054: Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214)
Update Link: http://www.microsoft.com/technet/security/Bulletin/MS10-054.mspx
Impact: Remote Code Execution
Affected Software:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2 - Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems (Windows Server 2008 R2 Server Core installation affected) - Windows Server 2008 R2 for Itanium-based Systems

MS10-055: Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665)
Update Link: http://www.microsoft.com/technet/security/Bulletin/MS10-055.mspx
Impact: Remote Code Execution
Affected Software:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems

MS10-056: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)
Update Link: http://www.microsoft.com/technet/security/Bulletin/MS10-056.mspx
Impact: Remote Code Execution
Affected Software:
- Microsoft Office Word 2002 Service Pack 3
- Microsoft Office Word 2003 Service Pack 3
- Microsoft Office Word 2007 Service Pack 2
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
- Microsoft Office Word Viewer
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
- Microsoft Works 9

MS10-060: Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)
Update Link: http://www.microsoft.com/technet/security/Bulletin/MS10-060.mspx
Impact: Remote Code Execution
Affected Software:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation not affected)
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation not affected)
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems (Windows Server 2008 R2 Server Core installation affected)
- Windows Server 2008 R2 for Itanium-based Systems
- Microsoft Silverlight 2
- Microsoft Silverlight 3

แพตซ์สำหรับแก้ปัญหาความปลอดภัยที่มีความร้ายแรงสูง (Important)
แพตซ์สำหรับแก้ปัญหาความปลอดภัยที่มีความร้ายแรงสูงมีจำนวน 6 ตัว เป็นแพตซ์สำหรับแก้ช่องโหว่ความปลอดภัยของ Windows จำนวน 5 ตัว และของ Microsoft Office จำนวน 1 ตัว มีรายละเอียดดังต่อไปนี้
MS10-047: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852)
Update Link: http://www.microsoft.com/technet/security/Bulletin/MS10-047.mspx
Impact: Elevation of Privilege
Affected Software:
- Windows XP Service Pack 3
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems (Windows Server 2008 R2 Server Core installation affected)
- Windows Server 2008 R2 for Itanium-based Systems

MS10-048: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2160329)
Update Link: http://www.microsoft.com/technet/security/Bulletin/MS10-048.mspx
Impact: Elevation of Privilege
Affected Software:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems (Windows Server 2008 R2 Server Core installation affected)
- Windows Server 2008 R2 for Itanium-based Systems

MS10-050: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997)
Update Link: http://www.microsoft.com/technet/security/Bulletin/MS10-050.mspx
Impact: Remote Code Execution
Affected Software:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2

MS10-057: Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707)
Update Link: http://www.microsoft.com/technet/security/Bulletin/MS10-057.mspx
Impact: Remote Code Execution
Affected Software:
- Microsoft Office Excel 2002 Service Pack 3
- Microsoft Office Excel 2003 Service Pack 3
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac

MS10-058: Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886)
Update Link: http://www.microsoft.com/technet/security/Bulletin/MS10-058.mspx
Impact: Elevation of Privilege
Affected Software:
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems (Windows Server 2008 R2 Server Core installation affected)
- Windows Server 2008 R2 for Itanium-based Systems

MS10-059: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799)
Update Link: http://www.microsoft.com/technet/security/Bulletin/MS10-059.mspx
Impact: Elevation of Privilege
Affected Software:
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems (Windows Server 2008 R2 Server Core installation affected)
- Windows Server 2008 R2 for Itanium-based Systems

Severity and Exploitability Index (Credit:Microsoft)

Deployment Priority (Credit:Microsoft)

การออกอัพเดทและการอัพเดทระบบ
ผู้ที่ใช้วินโดวส์และซอฟต์แวร์เวอร์ชันที่ได้รับผลกระทบ สามารถทำการอัปเดทจากเว็บไซต์ Microsoft Update ผ่านทางอินเทอร์เน็ต หรือทำการอัปเดทผ่านทาง Windows Server Update Services (WSUS) สำหรับผู้ใช้แบบองค์กรที่มีการติดตั้งระบบ WSUS Server ทั้งนี้ ตั้งแต่วันที่ 10 สิงหาคม 2553 เป็นต้นไป

ส่งท้ายเอนทรี่
ถึงแม้ว่างานแพตซ์ระบบในเดือนสิงหาคมนี้ถือเป็นงานหนักของแอดมิน แต่เนื่องจากมีแพตซ์ถึง 8 ตัวที่แก้ไขช่องโหว่ความปลอดภัยที่มีความร้ายแรงระดับวิกฤติ ดังนั้นเพื่อความปลอดภัยขอให้ท่านที่เป็นแอดมินทั้งหลายทำการอัปเดทแพตซ์วินโดวส์และซอฟต์แวร์ที่ได้รับผลกระทบให้เรียบร้อยนะครับ

แหล่งข้อมูลอ้างอิง
Microsoft Security Bulletin Summary for August 2010
Technet Blog

ลิงค์ที่เกี่ยวข้อง
Microsoft Security Center

© 2010 TWA Blog. All Rights Reserved.

0 Comment: