2011年2月份十大重要安全漏洞分析

2011年01月21日至2月20日,国家计算机网络入侵防范中心发布漏洞总条目为455条,漏洞总数比2011年1月增加了41.30%1]。其中威胁级别为＂紧急＂的有157条,＂高＂的有68条,＂中＂的有199条,＂低＂的有31条。威胁级别为紧急和高的漏洞占到总量的49.45%,从漏洞利用方式来看,远程攻击的有389条,本地攻击的有64条,局域网攻击的有2条。可见,能够从远程进行攻击的漏洞占绝大多数,这使得攻击者利用相应漏洞发动攻击更为容易。本月微软发布12个安全公告,其中3个为严重等级,9个为重要等级,共修复Windows操作系统、IE浏览器等软件中的22个安全漏洞,受影响的操作系统为包括Windows7在内的多个Windows版本。其中,微软发布安全公告修复了InternetExplorer中的一个零日漏洞和Windows图像渲染引擎中的一个零日漏洞,以及潜伏期长达19年的Windows内核漏洞。这些零日漏洞已经被利用进行攻击。建议广大用户及时安装补丁,增强系统安全性,做好安全防范工作,保证信息系统安全。

Ten Critical Vulnerabilities Analysis Report February 2011

From January 21, 2011 to February 20, 2011, the National Computer Networks Intrusion Protection Center （aka NCNIPC） published 455 vulnerabilities, which increased by 41.30%. Among all these vulnerabilities, 157 ones were ＂Critical＂, 68 were ＂Important＂, 199 were ＂Middle＂, and 31 were ＂Low＂. The vulnerabilities at Level ＂Critical＂ and ＂Important＂ accounted for 49.45% of the total. From the access vectors’ perspective, 389 were network exploitable, 64 were locally exploitable and 2 was Local network exploitable. The vast majority could be exploited remotely, which made exploitation easy. Microsoft published twelve security bulletins, of which three were considered critical and nine were important. Three vulnerabilities in Windows Operating System and Internet Explorer were patched. The operating systems affected were some versions of Windows including Windows 7. Besides, Microsoft also patched two 0day vulnerabilities of Internet Explorer and Windows Graphics Rendering Engine in its security advisories. These 0day vulnerabilities have been exploited. NCNIPC would recommend that affected users install patches as soon as possible, enhance the security of systems, and take pre-measures to make sure the security of information.