一月份資訊安全公告一月份資訊安全公告JanJan 15, 200715, 2007

Richard Chen Richard Chen 陳政鋒陳政鋒(Net+, Sec+, MCSE2003+Security, CISSP)(Net+, Sec+, MCSE2003+Security, CISSP)資深技術支援工程師資深技術支援工程師台灣微軟技術支援處台灣微軟技術支援處

Questions and AnswersQuestions and Answers

• Submit text questions using the Submit text questions using the “Ask a Question” button “Ask a Question” button

What We Will CoverWhat We Will Cover

• Other security resourcesOther security resources– Prepare for new WSUSSCAN.CAB architecturePrepare for new WSUSSCAN.CAB architecture– Lifecycle InformationLifecycle Information– Windows Malicious Software Removal ToolWindows Malicious Software Removal Tool

• ResourcesResources• Questions and answersQuestions and answers

Recap Dec. security updatesRecap Dec. security updates• MS06-072 MS06-072 Cumulative Security Update for Internet

Explorer – MS06-067 and all previous Cumulative Security Updates for Internet MS06-067 and all previous Cumulative Security Updates for Internet

Explorer.Explorer.

• MS06-073 MS06-073 Vulnerability Visual Studio 2005 Could Allow Remote Code Execution – This update resolves a public vulnerability for This update resolves a public vulnerability for WMI Object Broker.WMI Object Broker.

• MS06-070 MS06-070 Vulnerability in Windows Media Format Could Allow Remote Code Execution

Jan. 2007 Security BulletinsJan. 2007 Security BulletinsSummarySummary

• On Jan 10:On Jan 10:– 4 New Security Bulletins4 New Security Bulletins

• 1 Windows (critical)1 Windows (critical)• 3 Office components3 Office components

– 2 High-priority non-security updates2 High-priority non-security updates

Jan. 2007 Security Bulletins Jan. 2007 Security Bulletins OverviewOverviewBulletin Bulletin NumberNumber

Title Title Maximum Severity Maximum Severity RatingRating

Products AffectedProducts Affected

MS07-001MS07-001 Vulnerability in Microsoft Office 2003 Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Brazilian Portuguese Grammar Checker That Could Allow Remote Code Execution That Could Allow Remote Code Execution (921585)(921585)

ImportantImportant Office 2003, Project 2003, Office 2003, Project 2003, Visio 2003Visio 2003

MS07-002MS07-002 Vulnerabilities in Microsoft Excel Could Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)Allow Remote Code Execution (927198)

CriticalCritical Excel 2000, 2002, 2003, Excel 2000, 2002, 2003, Excel for MacExcel for Mac

MS07-003MS07-003 Vulnerabilities in Microsoft Outlook Could Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938)Allow Remote Code Execution (925938)

CriticalCritical Outlook 2000, 2002, 2003Outlook 2000, 2002, 2003

MS07-004MS07-004 Vulnerability in Vector Markup Language Vulnerability in Vector Markup Language Could Allow Remote Code Execution Could Allow Remote Code Execution (929969)(929969)

CriticalCritical Windows 2000, XP, 2003Windows 2000, XP, 2003

Jan. 2007 Security BulletinsJan. 2007 Security BulletinsSeverity SummarySeverity Summary

Bulletin Bulletin NumberNumber

Microsoft Office Microsoft Office 2003 (Brazilian 2003 (Brazilian Version)Version)

Microsoft Microsoft Office MUI Office MUI 20032003

Microsoft Project MUI Microsoft Project MUI 2003 and Microsoft 2003 and Microsoft Visio MUI 2003Visio MUI 2003

MS07-001MS07-001 ImportantImportant ImportantImportant ImportantImportantMicrosoft Office Microsoft Office Excel 2000Excel 2000

Microsoft Microsoft Office Excel Office Excel 20022002

Microsoft Office Excel Microsoft Office Excel 20032003

Microsoft Microsoft Excel Excel Viewer Viewer 20032003

Microsoft Microsoft Office Office Excel Excel 2004, X 2004, X for Macfor Mac

MS07-002MS07-002 CriticalCritical ImportantImportant ImportantImportant ImportantImportant ImportantImportantMicrosoft Outlook Microsoft Outlook 20002000

Microsoft Microsoft Outlook 2002Outlook 2002

Microsoft Outlook Microsoft Outlook 20032003

MS07-003MS07-003 ModerateModerate ImportantImportant ImportantImportantWindows 2000 Windows 2000 SP4 SP4

Windows XP Windows XP SP2 SP2

Windows Server 2003Windows Server 2003 Windows Windows Server Server 2003 SP12003 SP1

Windows Windows VistaVista

MS07-004MS07-004 CriticalCritical CriticalCritical CriticalCritical ModerateModerate Not Not AffectedAffected

Title:Title: Vulnerability in Microsoft Office 2003 Brazilian Grammar Checker Vulnerability in Microsoft Office 2003 Brazilian Grammar Checker Vulnerability Could Allow Remote Code Execution (921585)Vulnerability Could Allow Remote Code Execution (921585)

Affected Software:Affected Software: • Microsoft Office 2003 Service Pack 2Microsoft Office 2003 Service Pack 2• Microsoft Office Multilingual User Interface 2003Microsoft Office Multilingual User Interface 2003• Microsoft Project Multilingual User Interface 2003Microsoft Project Multilingual User Interface 2003• Microsoft Visio Multilingual User Interface 2003Microsoft Visio Multilingual User Interface 2003

Vulnerabilities:Vulnerabilities: • CVE-2006-5575CVE-2006-5575

Publicly Disclosed:Publicly Disclosed: • YesYes

Known Exploits:Known Exploits: • NoNo

MS07-001: Office - ImportantMS07-001: Office - Important

Issue Summary:Issue Summary: An remote code execution vulnerability in the Office 2003 Brazilian An remote code execution vulnerability in the Office 2003 Brazilian Grammar Checker could allow an attacker to take complete Grammar Checker could allow an attacker to take complete control of the affected system. control of the affected system.

Attack Vectors:Attack Vectors: • Maliciously Crafted Web Page Maliciously Crafted Web Page • Maliciously Crafted Email AttachmentMaliciously Crafted Email Attachment

Mitigations:Mitigations: • Users would have to be persuaded to visit a malicious web siteUsers would have to be persuaded to visit a malicious web site• Exploitation only gains the same user rights as the local userExploitation only gains the same user rights as the local user• User must be convinced to open the attachmentUser must be convinced to open the attachment

Workarounds:Workarounds: • Do not save or open Office files from un-trusted sources or that Do not save or open Office files from un-trusted sources or that are received unexpectedly from trusted sources.are received unexpectedly from trusted sources.

MS07-001: Office-ImportantMS07-001: Office-Important

Replaced Updates:Replaced Updates: • NoneNone

Installation and Installation and Removal Caveats:Removal Caveats:

• Office 2003 SP2 must be applied prior to applying this update.Office 2003 SP2 must be applied prior to applying this update.((Office 2003 SP1 is no longer a supported platform.)Office 2003 SP1 is no longer a supported platform.)

Restart Required:Restart Required: • NoNo

More Information:More Information: • For more Information, please review the FAQ at:For more Information, please review the FAQ at:http://www.microsoft.com/taiwan/technet/security/bulletin/ms07-http://www.microsoft.com/taiwan/technet/security/bulletin/ms07-001.mspx001.mspx

Known IssueKnown Issue • None so far.None so far.

MS07-001: Office-ImportantMS07-001: Office-Important

Title:Title: Vulnerability in Microsoft Excel Could Allow Remote Code Execution Vulnerability in Microsoft Excel Could Allow Remote Code Execution (927198)(927198)

Affected Software:Affected Software: • Microsoft Excel 2000, 2002, 2003Microsoft Excel 2000, 2002, 2003• Microsoft Excel Viewer 2003Microsoft Excel Viewer 2003• Microsoft Works Suite 2004, 2005, 2006Microsoft Works Suite 2004, 2005, 2006• Microsoft Office 2004 for MacMicrosoft Office 2004 for Mac• Microsoft Office X for MacMicrosoft Office X for Mac

Vulnerabilities:Vulnerabilities: • CVE-2006-3432CVE-2006-3432• CVE-2006-3865CVE-2006-3865• CVE-2006-4700CVE-2006-4700• CVE-2006-4701CVE-2006-4701• CVE-2006-5995CVE-2006-5995

Publicly Disclosed:Publicly Disclosed: • NoNo

Known Exploits:Known Exploits: • NoNo

MS07-002: Excel - MS07-002: Excel - CriticalCritical

Issue Summary:Issue Summary: An Remote Code Execution vulnerability in Excel could allow an An Remote Code Execution vulnerability in Excel could allow an attacker to take complete control of the affected system. attacker to take complete control of the affected system.

Attack Vectors:Attack Vectors: • Maliciously Crafted Web Page Maliciously Crafted Web Page • Maliciously Crafted EmailMaliciously Crafted Email• Specially Crafted Network MessageSpecially Crafted Network Message

Mitigations:Mitigations: • Users would have to be persuaded to visit a malicious web siteUsers would have to be persuaded to visit a malicious web site• Exploitation only gains the same user rights as the local userExploitation only gains the same user rights as the local user• The vulnerability cannot be exploited automatically through e-The vulnerability cannot be exploited automatically through e-

mailmail• Users who have installed and are using the Office Document Users who have installed and are using the Office Document

Open Confirmation Tool for Office 2000 will be prompted with Open Confirmation Tool for Office 2000 will be prompted with Open, Save, or Cancel before opening a document.Open, Save, or Cancel before opening a document.

Workarounds:Workarounds: • Do not open or save Microsoft Excel files that you receive from Do not open or save Microsoft Excel files that you receive from untrusted sources or that you receive unexpectedly from untrusted sources or that you receive unexpectedly from trusted sources. trusted sources.

MS07-002: Excel - MS07-002: Excel - CriticalCritical

Replaced Updates:Replaced Updates: • MS06-059MS06-059

Installation and Installation and Removal Caveats:Removal Caveats:

• Excel 2000 update cannot be uninstalled Excel 2000 update cannot be uninstalled • Office 2004 for Mac update cannot be uninstalledOffice 2004 for Mac update cannot be uninstalled• Office X for Mac update cannot be uninstalledOffice X for Mac update cannot be uninstalled

Restart Required:Restart Required: • NoNo

More Information:More Information: • For more Information, please review the FAQ at:For more Information, please review the FAQ at:http://www.microsoft.com/taiwan/technet/security/bulletin/ms0http://www.microsoft.com/taiwan/technet/security/bulletin/ms07-002.mspx7-002.mspx

Known IssueKnown Issue • After you install the Microsoft Excel 2000 version of security After you install the Microsoft Excel 2000 version of security update MS07-002, you can no longer open some files you update MS07-002, you can no longer open some files you created by using Excel 2000 with the Executable Mode set to created by using Excel 2000 with the Executable Mode set to Korean, Chinese, or Japanese.Korean, Chinese, or Japanese.

• Reference: Excel 2000 does not open some files after you Reference: Excel 2000 does not open some files after you install security update 925524 that is documented in security install security update 925524 that is documented in security bulletin MS07-002 bulletin MS07-002 http://support.microsoft.com/kb/931183/en-ushttp://support.microsoft.com/kb/931183/en-us

MS07-002: Excel - MS07-002: Excel - CriticalCritical

MS07-003: Outlook – MS07-003: Outlook – CriticalCritical Title & KB Article:Title & KB Article: Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution

(925938)(925938)Affected Software:Affected Software: • Outlook 2000 SP3Outlook 2000 SP3

• Outlook XP SP3Outlook XP SP3• Outlook 2003 SP2Outlook 2003 SP2

Vulnerabilities:Vulnerabilities: • CVE-2006-4699 Microsoft Outlook VEVENT Vulnerability CVE-2006-4699 Microsoft Outlook VEVENT Vulnerability • CVE-2006-1305 Microsoft Outlook Denial of Service Vulnerability CVE-2006-1305 Microsoft Outlook Denial of Service Vulnerability • CVE-2006-2377 Microsoft Outlook Advanced Find Vulnerability CVE-2006-2377 Microsoft Outlook Advanced Find Vulnerability

Publicly Disclosed:Publicly Disclosed: • CVE-2006-4699 and CVE-2006-2377 NoCVE-2006-4699 and CVE-2006-2377 No• CVE-2006-1305 YesCVE-2006-1305 Yes

Known Exploits?:Known Exploits?: • NoNo

MS07-003: Outlook - MS07-003: Outlook - CriticalCritical Issue Summary:Issue Summary: • CVE-2006-4699 Microsoft Outlook VEVENT Vulnerability - Remote code CVE-2006-4699 Microsoft Outlook VEVENT Vulnerability - Remote code

execution vulnerability that an attacker could exploit and gain the execution vulnerability that an attacker could exploit and gain the same rights as the local user. An attacker could try to exploit the same rights as the local user. An attacker could try to exploit the vulnerability by creating a specially crafted vulnerability by creating a specially crafted .ICS (iCal).ICS (iCal) file or embed the file or embed the contents of an iCal calendar request in the body of a specially crafted contents of an iCal calendar request in the body of a specially crafted e-mail and send it to a user of Outlook who connects to a POP, IMAP or e-mail and send it to a user of Outlook who connects to a POP, IMAP or HTTP server to retrieve their email.HTTP server to retrieve their email.

• CVE-2006-1305 Microsoft Outlook Denial of Service Vulnerability An CVE-2006-1305 Microsoft Outlook Denial of Service Vulnerability An attacker who exploited this denial of service vulnerability could cause attacker who exploited this denial of service vulnerability could cause the affected system to stop responding.the affected system to stop responding.

• CVE-2006-2377 Microsoft Outlook Advanced Find Vulnerability A CVE-2006-2377 Microsoft Outlook Advanced Find Vulnerability A remote code execution vulnerability that an attacker could exploit remote code execution vulnerability that an attacker could exploit when Outlook parses a when Outlook parses a Office Saved Searches (.oss)Office Saved Searches (.oss) file. file.

Attack Vectors:Attack Vectors: • Malicious EmailMalicious Email• Malicious Web PageMalicious Web Page

Mitigations:Mitigations: • Exploitation only allows the same privileges as the logged on user.Exploitation only allows the same privileges as the logged on user.• CVE-2006-4699: MAPI is not a valid attack vector due to Exchange's CVE-2006-4699: MAPI is not a valid attack vector due to Exchange's

handling of iCal calendar data in messages or in .ICS attachments.handling of iCal calendar data in messages or in .ICS attachments.• CVE-2006-2377: No way to force users to visit a malicious Web site CVE-2006-2377: No way to force users to visit a malicious Web site

and the vulnerability cannot be exploited automatically through email.and the vulnerability cannot be exploited automatically through email.

Workarounds:Workarounds: • Modify registry and do not open/save Ofc Saved Searches (.oss) filesModify registry and do not open/save Ofc Saved Searches (.oss) files

MS07-003: Outlook - MS07-003: Outlook - CriticalCritical Replaced Updates:Replaced Updates: • MS06-003 Outlook 2003MS06-003 Outlook 2003

• MS06-012 Outlook 2000 and Outlook 2002MS06-012 Outlook 2000 and Outlook 2002Installation and Installation and Removal Caveats:Removal Caveats:

• Add/Remove Programs Add/Remove Programs • Command line uninstall optionCommand line uninstall option• Scriptable DeploymentScriptable Deployment

Restart Restart Requirement:Requirement:

• This update may require a restart if the affected files are in use.This update may require a restart if the affected files are in use.

More Information:More Information: For more Information, please review the FAQ at:For more Information, please review the FAQ at:http://www.microsoft.com/taiwan/technet/security/bulletin/ms07-http://www.microsoft.com/taiwan/technet/security/bulletin/ms07-

003.mspx003.mspx

Known IssueKnown Issue • Outlook users can no longer open or save the search results as an Outlook users can no longer open or save the search results as an Office Saved Searches (.oss) file. Additionally, you can no longer Office Saved Searches (.oss) file. Additionally, you can no longer open an Office Saved Searches (.oss) file by using Outlook. open an Office Saved Searches (.oss) file by using Outlook.

• The feature was disabled by this patch for security reasons. The feature was disabled by this patch for security reasons. • References: KB925938 and KB925542References: KB925938 and KB925542

Title:Title: Vulnerability in Vector Markup Language Could Allow Remote Code Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969)Execution (929969)

Affected Affected Software:Software:

• Microsoft Windows 2000 SP4Microsoft Windows 2000 SP4• Microsoft Windows XP SP2Microsoft Windows XP SP2• Microsoft Windows XP Professional x64 EditionMicrosoft Windows XP Professional x64 Edition• Microsoft Windows Server 2003 and 2003 SP1Microsoft Windows Server 2003 and 2003 SP1• Microsoft Windows Server 2003 and 2003 SP1 for Itanium-based Microsoft Windows Server 2003 and 2003 SP1 for Itanium-based

Systems Systems • Microsoft Windows Server 2003 x64 EditionMicrosoft Windows Server 2003 x64 Edition• Microsoft Windows Vista RC1Microsoft Windows Vista RC1

VulnerabilitiesVulnerabilities::

• CVE-2007-0024CVE-2007-0024

Publicly Publicly Disclosed:Disclosed:

• This update resolves a public vulnerability as well as additional issues This update resolves a public vulnerability as well as additional issues discovered through internal investigationsdiscovered through internal investigations

Known Known Exploits:Exploits:

• Yes.Yes. When the security bulletin was released, Microsoft had received When the security bulletin was released, Microsoft had received information that this vulnerability was being exploited.information that this vulnerability was being exploited.

MS07-004:MS07-004: VML- VML- CriticalCritical

Issue Issue Summary:Summary:

A remote code execution vulnerability exists in the Vector Markup A remote code execution vulnerability exists in the Vector Markup Language (VML) implementation in Microsoft Windows. It could allow an Language (VML) implementation in Microsoft Windows. It could allow an attacker to take complete control of an affected system. attacker to take complete control of an affected system.

Attack Vectors:Attack Vectors: • Maliciously Crafted Web Page Maliciously Crafted Web Page • Maliciously Crafted EmailMaliciously Crafted Email

Mitigations:Mitigations: • Users would have to be persuaded to visit a malicious web siteUsers would have to be persuaded to visit a malicious web site• Exploitation only gains the same user rights as the local userExploitation only gains the same user rights as the local user• Reading e-mail in plain text mitigates against email attack.Reading e-mail in plain text mitigates against email attack.• By default, IE on Windows Server 2003 runs in a restricted mode By default, IE on Windows Server 2003 runs in a restricted mode

that is known as Enhanced Security Configuration.that is known as Enhanced Security Configuration.• Outlook Express on XP sp2 and Windows server 2003 SP1 open mail Outlook Express on XP sp2 and Windows server 2003 SP1 open mail

in Restricted Sites zone by default.in Restricted Sites zone by default.

Workarounds:Workarounds: • Un-register VGX.DLLUn-register VGX.DLL• Modify the ACL on VGX.DLL to be more restrictiveModify the ACL on VGX.DLL to be more restrictive• Configure IE 6 for XP SP2 to disable Binary and Script behaviors in Configure IE 6 for XP SP2 to disable Binary and Script behaviors in

Intranet zone.Intranet zone.• Read e-mail in plain text.Read e-mail in plain text.• Block VML Vulnerability traffic with ISA ServerBlock VML Vulnerability traffic with ISA Server

MS07-004: VML-MS07-004: VML-CriticalCritical

Replaced Updates:Replaced Updates: • MS06-055MS06-055

Installation and Installation and Removal Caveats:Removal Caveats:

• Some listed mitigations must be undone before the update is Some listed mitigations must be undone before the update is installed.installed.

• Remove through Add\Remove programsRemove through Add\Remove programsRestart Required:Restart Required: • YesYes

More Information:More Information: • For more Information, please review the FAQ at:For more Information, please review the FAQ at:http://www.microsoft.com/taiwan/technet/security/bulletin/ms0http://www.microsoft.com/taiwan/technet/security/bulletin/ms07-004.mspx7-004.mspx

Known IssueKnown Issue • The update bulletin states that a reboot is always required. The update bulletin states that a reboot is always required. However, users are not always prompted to reboot after However, users are not always prompted to reboot after installation. installation.

• If vgx.dll is not loaded in process anywhere on the system, then If vgx.dll is not loaded in process anywhere on the system, then the update will apply and not force a reboot. If you are not the update will apply and not force a reboot. If you are not prompted to reboot after installation, no reboot is necessary. prompted to reboot after installation, no reboot is necessary.

MS07-004: VML- MS07-004: VML- CriticalCritical

Detection and DeploymentDetection and Deployment

WU/SUS/WU/SUS/AUAU

Office Office Update & Update & SMS SMS Microsoft Microsoft Office Office Inventory Inventory Tool for Tool for UpdatesUpdates

MBSA 1.2 & MBSA 1.2 & SMS Security SMS Security Update Update Inventory ToolInventory Tool

Enterprise Enterprise Scan Tool & Scan Tool & SMS SMS Security Security Update Update Scan ToolsScan Tools

MU/WSUS/AU, MU/WSUS/AU, SMS 2003 ITMU, SMS 2003 ITMU, & & MBSA 2.0MBSA 2.0

MS07-MS07-001001

NANA YesYes LocalLocal NANA Yes (except 2000)Yes (except 2000)

MS07-MS07-002002

NANA YesYes LocalLocal NANA Yes (except 2000)Yes (except 2000)

MS07-MS07-003003

NANA YesYes LocalLocal NANA Yes (except 2000)Yes (except 2000)

MS07-MS07-004004

YesYes NANA NoNo YesYes YesYes

Other Update InformationOther Update Information

BulletinBulletin RestartRestart HotpatchingHotpatching UninstallUninstall ReplacesReplaces On productsOn products

MS07-001MS07-001 May be requiredMay be required NANA YesYes NANAMS07-002MS07-002 May be requiredMay be required NANA YesYes MS06-059MS06-059 AllAllMS07-003MS07-003 May be requiredMay be required NANA YesYes MS06-003MS06-003 AllAllMS07-004MS07-004 RequiredRequired NoNo YesYes MS06-055MS06-055 AllAll

January 2007 Non-Security UpdatesJanuary 2007 Non-Security Updates

NUMBERNUMBER TITLETITLE DistributionDistribution925254925254 Update for Outlook Junk Email Filter 2003Update for Outlook Junk Email Filter 2003 MUMU925534925534 Update for Outlook 2003Update for Outlook 2003 WU, MUWU, MU

New WSUSSCAN.CAB architectureNew WSUSSCAN.CAB architecture

• New architecture for wsusscan.cab begins since November 2006• Support for existing wsusscan.cab architecture ends on March 2007• SMS ITMU customers: download and deploy updated version of the

SMS ITMU– http://www.microsoft.com/technet/downloads/sms/2003/tools/msupdates.mspx

• MBSA 2.0 offline scan customers: – Download updated version of MBSA 2.0.1 now– Or download the new offline scan file, wsusscn2.cab, by clicking http://

go.microsoft.com/fwlink/?LinkId=76054. Save this file to C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\MBSA\2.0\Cache\wsusscn2.cab.

• If you only run MBSA 2.0 in the online mode, do anything. • See Microsoft KB Article 926464 for more information

– http://support.microsoft.com/kb/926464

Lifecycle Support InformationLifecycle Support Information

• Software Update Services (SUS) 1.0Software Update Services (SUS) 1.0– Old deadline of 6 December 2006 has CHANGED to 10 July 2007Old deadline of 6 December 2006 has CHANGED to 10 July 2007– Information on upgrading:Information on upgrading:

http://http://www.microsoft.com/windowsserversystem/updateservices/evaluation/previous/default.mspx

• Public security support for Windows XP SP1 and Office Public security support for Windows XP SP1 and Office 2003 SP1 HAS ENDED as of 2003 SP1 HAS ENDED as of 10 October 200610 October 2006– No Security UpdatesNo Security Updates for Windows XP SP1 or Office 2003 SP1 starting in for Windows XP SP1 or Office 2003 SP1 starting in

November 2006November 2006– Remaining Windows XP SP1, Office 2003 SP1 customers should upgrade Remaining Windows XP SP1, Office 2003 SP1 customers should upgrade

to Windows XP SP2, Office 2003 SP2 right awayto Windows XP SP2, Office 2003 SP2 right away• Public security support for Windows 98, 98 SE, and Public security support for Windows 98, 98 SE, and

Millennium Edition Millennium Edition HAS ENDED as of 11 July 2006HAS ENDED as of 11 July 2006– See See www.microsoft.com/lifecyclewww.microsoft.com/lifecycle for more information for more information

• Microsoft Forefront Client Security Beta open to download.Microsoft Forefront Client Security Beta open to download.– http://www.microsoft.com/http://www.microsoft.com/taiwan/forefront/default.mspxtaiwan/forefront/default.mspx

Windows Malicious Software Removal Windows Malicious Software Removal Tool – KB890830Tool – KB890830

• The Jan update adds the ability to remove:The Jan update adds the ability to remove:– Win32/HaxdoorWin32/Haxdoor

• Available as priority update through Windows Update or Available as priority update through Windows Update or Microsoft Update for Windows XP usersMicrosoft Update for Windows XP users– Offered through WSUS; not offered through SUS 1.0Offered through WSUS; not offered through SUS 1.0

• Also as an ActiveX control or download at Also as an ActiveX control or download at www.microsoft.com/malwareremovewww.microsoft.com/malwareremove

• Deployment step-by-stsp: KB891716Deployment step-by-stsp: KB891716

ResourcesResources• Jan. 2007 Security Bulletin Webcast (US)Jan. 2007 Security Bulletin Webcast (US)

http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culturehttp://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-=en-US&EventIDUS&EventID=1032313212=1032313212

• Security Bulletins SummarySecurity Bulletins Summaryhttp://www.microsoft.com/taiwan/technet/security/bulletin/ms07-jan.mspxhttp://www.microsoft.com/taiwan/technet/security/bulletin/ms07-jan.mspx

• Security Bulletins SearchSecurity Bulletins Searchwww.microsoft.com/technet/security/current.aspxwww.microsoft.com/technet/security/current.aspx

• Security AdvisoriesSecurity Advisorieswww.microsoft.com/www.microsoft.com/taiwan/technet/security/advisorytaiwan/technet/security/advisory//

• MSRC BlogMSRC Bloghttp://blogs.technet.com/msrchttp://blogs.technet.com/msrc

• NotificationsNotificationswww.microsoft.com/technet/security/bulletin/notify.mspxwww.microsoft.com/technet/security/bulletin/notify.mspx

• TechNet RadioTechNet Radiowww.microsoft.com/tnradiowww.microsoft.com/tnradio

• IT Pro Security NewsletterIT Pro Security Newsletterwww.microsoft.com/technet/security/secnews/www.microsoft.com/technet/security/secnews/

• TechNet Security CenterTechNet Security Centerwww.microsoft.com/taiwan/technet/securitywww.microsoft.com/taiwan/technet/security

• TechNet Forum ITProTechNet Forum ITProhttp://forums.microsoft.com/technet-cht/default.aspx?siteid=23http://forums.microsoft.com/technet-cht/default.aspx?siteid=23

• Detection and deployment guidance for the Jan 2007 security releaseDetection and deployment guidance for the Jan 2007 security releasehttp://support.microsoft.com/kb/910723http://support.microsoft.com/kb/910723

Questions and AnswersQuestions and Answers

• Submit text questions using the Submit text questions using the “Ask a Question” button “Ask a Question” button

• Don’t forget to fill out the surveyDon’t forget to fill out the survey• For upcoming and previously recorded For upcoming and previously recorded

webcasts: webcasts: http://www.microsoft.com/taiwan/technet/webcast/default.aspxhttp://www.microsoft.com/taiwan/technet/webcast/default.aspx

• Webcast content suggestions:Webcast content suggestions:twwebst@microsoft.comtwwebst@microsoft.com