WMF Office MS 06 048 Powerpoint MS 06

安全漏洞最严重的安全漏洞 WMF安全漏洞 Office最新安全漏洞 MS 06 -048 Powerpoint MS 06 -039 Onenote, Project MS

系统安全漏洞缓存溢出（ Buffer Overrun ） Code Red: IIS缓存溢出 Blaster: DCOM RPC缓存溢出 Zotob: Pn. P缓存溢出

堆栈缓存溢出 Top of Stack void Un. Safe. Recv(char* payload) char[128] { char local. Buffer[128];

Win 32 API 调用 Kernel mode User mode Application NTExecutives Kernel 32. dll (Create.

检测Rootkit Offline OS检测 API副作用检测 Rootkit检测具 Strider/Ghostbuster，MS Research Rootkit. Revealer，Sysinternals

防护 http: //www. microsoft. com/athome/security/e mail/phishing. mspx 对特定的邮件信息要当心

资源 Windows 安全 http: //www. microsoft. com/athome/security/spyware/default. mspx Rootkit http: //research. microsoft. com/rootkit/ Phishing

Slides: 40

Download presentation

安全漏洞最严重的安全漏洞 WMF安全漏洞 Office最新安全漏洞 MS 06 -048 Powerpoint MS 06 -039 Onenote, Project MS 06 -038 …

系统安全漏洞缓存溢出（ Buffer Overrun ） Code Red: IIS缓存溢出 Blaster: DCOM RPC缓存溢出 Zotob: Pn. P缓存溢出

堆栈缓存溢出 Top of Stack void Un. Safe. Recv(char* payload) char[128] { char local. Buffer[128]; … … strcpy (local. Buffer, payload); } Return Address

Win 32 API 调用 Kernel mode User mode Application NTExecutives Kernel 32. dll (Create. File. W) Int 2 E Ntdll. dll (Zw. Create. File) Ki. Service. Table (Nt. Create. File)

类型 User-Mode API 截获 Kernel-Mode 数据结构修改

检测Rootkit Offline OS检测 API副作用检测 Rootkit检测具 Strider/Ghostbuster，MS Research Rootkit. Revealer，Sysinternals

防护 http: //www. microsoft. com/athome/security/e mail/phishing. mspx 对特定的邮件信息要当心

资源 Windows 安全 http: //www. microsoft. com/athome/security/spyware/default. mspx Rootkit http: //research. microsoft. com/rootkit/ Phishing http: //www. microsoft. com/athome/security/email/phishing. mspx Sysinternal http: //www. sysinternals. com 信息安全Blog http: //blogs. itecn. net/blogs/chengyun_chu