2011年1月份十大重要安全漏洞分析

Ten Critical Vulnerabilities Analysis Report January 2011

2010年12月21日至2011年1月20日,国家计算机网络入侵防范中心发布漏洞总条目为322条,漏洞总数比上月增加了2.55%。其中威胁级别为"紧急"级别的有64条,"高"级别的有68条,"中"级别的有168条,"低"的有22条。威胁级别为紧急和高的漏洞占到总量的40.99%,从漏洞利用方式来看,远程攻击有276条,本地攻击有44条,局域网攻击有2条。可见,能够从远程进行攻击的漏洞占绝大多数,这使得攻击者利用相应漏洞发动攻击更为容易。本月微软发布2个安全公告,其中1个为严重等级,1个为重要等级,共修复Windows Backup Manager和Microsoft Data Access Components(MDAC)中的3个安全漏洞,受影响的操作系统为包括Windows7在内的多个Windows版本。此外,微软发布安全通告通报了Internet Explorer中的一个零日漏洞和Windows图像渲染引擎中的一个零日漏洞,这些零日漏洞已经被利用进行攻击。建议广大用户及时安装补丁,增强系统安全性,做好安全防范工作,保证信息系统安全。

From December 21, 2010 to January 20, 2011, the National Computer Networks Intrusion Protection Center （aka NCNIPC） published 322 vulnerabilities, which increased by 2.55%. Among all these vulnerabilities, 64 ones were ＂Critical＂, 68 were ＂Important＂, 168 were ＂Middle＂, and 22 were ＂Low＂. The vulnerabilities at Level ＂Critical＂ and ＂Important＂ accounted for 40.99% of the total. From the access vectors＇ perspective, 276 were network exploitable, 44 were locally exploitable and 2 was Local network exploitable. The vast majority could be exploited remotely, which made exploitation easy. Microsoft published two security bulletins, of which one were considered critical and one were important. Three vuinerabilities in Windows Backup Manager and Microsoft Data Access Components were patched. The operating systems affected were some versions of Windows including Windows 7. Besides, Microsoft also reported two 0day vulnerabilities of Intenet Explorer and Windows Graphics Rendering Engine in its security advisories. These 0day vulnerabilities have been exploited. NCNIPC would recommend that affected users install patches as soon as possible, enhance the security of systems, and take pre-measures to make sure the security of information.