安全公告編號(hào):CNTA-2014-0017
根據(jù)微軟4月26日披露的公告稱����,微軟Internet Explorer瀏覽器存在一處遠(yuǎn)程代碼執(zhí)行漏洞(CNVD-2014-02648�����,對(duì)應(yīng)CVE-2014-1776)���,攻擊者可利用漏洞發(fā)起惡意代碼攻擊�。漏洞存在于IE6至IE11等版本的VGX.DLL中�����,VGX.DLL是IE中負(fù)責(zé)渲染VML的組件����,該組件未對(duì)正確處理內(nèi)存對(duì)象釋放機(jī)制,可被利用發(fā)起基于內(nèi)存釋放后重用技術(shù)的攻擊����,且攻擊代碼可以繞過微軟現(xiàn)有的ASLR和DEP安全機(jī)制。攻擊者可以誘使用戶訪問特定構(gòu)造的一個(gè)網(wǎng)站頁面���,在網(wǎng)站頁面上放置惡意代碼��,從而發(fā)起大規(guī)模掛馬攻擊����。
根據(jù)評(píng)估�,受影響操作系統(tǒng)環(huán)境及對(duì)應(yīng)IE版本較為廣泛,覆蓋微軟多個(gè)版本操作系統(tǒng)�,如下表所示。由于微軟已經(jīng)停止Windows XP的安全更新服務(wù)��,因此在表中未列出�,但技術(shù)分析表明Windows XP用戶受樣受到漏洞威脅。根據(jù)國外知名安全企業(yè)FireEye的估計(jì)�,目前在互聯(lián)網(wǎng)瀏覽器用戶中,IE用戶占比達(dá)到26.25%��。
解決方案:
微軟可能在下周二進(jìn)行補(bǔ)丁更新(2014年5月13日)。一些臨時(shí)解決措施有:
1. 安裝增強(qiáng)減災(zāi)體驗(yàn)工具包 ( EMET 4.1)��;
2. 通過更改Internet Explorer安全設(shè)置���,禁用ActiveX控件和腳本����;
3. 工具->Internet 選項(xiàng)->安全->Internet->自定義級(jí)別->腳本->禁用“活動(dòng)腳本”�;
4. 本地Intranet->自定義級(jí)別->腳本->禁用“活動(dòng)腳本”;
5. 如果您正在使用Internet Explorer 10或更高版本�,請(qǐng)使用增強(qiáng)保護(hù)模式,以防止遭受攻擊����;
6. 建議用戶在Internet Explorer禁用Adobe Flash插件;
7. 取消注冊VGX.dll文件���。運(yùn)行以下命令: regsvr32 -u"%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
受影響軟件及系統(tǒng):
Internet Explorer 6 |
Windows Server 2003 Service Pack 2 |
Internet Explorer 6 |
Windows Server 2003 x64 Edition Service Pack 2 |
Internet Explorer 6 |
Windows Server 2003 with SP2 for Itanium-based Systems |
Internet Explorer 6 |
Internet Explorer 7 |
Windows Server 2003 Service Pack 2 |
Internet Explorer 7 |
Windows Server 2003 x64 Edition Service Pack 2 |
Internet Explorer 7 |
Windows Server 2003 with SP2 for Itanium-based Systems |
Internet Explorer 7 |
Windows Vista Service Pack 2 |
Internet Explorer 7 |
Windows Vista x64 Edition Service Pack 2 |
Internet Explorer 7 |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
Internet Explorer 7 |
Windows Server 2008 for x64-based Systems Service Pack 2 |
Internet Explorer 7 |
Windows Server 2008 for Itanium-based Systems Service Pack 2 |
Internet Explorer 7 |
Internet Explorer 8 |
Windows Server 2003 Service Pack 2 |
Internet Explorer 8 |
Windows Server 2003 x64 Edition Service Pack 2 |
Internet Explorer 8 |
Windows Vista Service Pack 2 |
Internet Explorer 8 |
Windows Vista x64 Edition Service Pack 2 |
Internet Explorer 8 |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
Internet Explorer 8 |
Windows Server 2008 for x64-based Systems Service Pack 2 |
Internet Explorer 8 |
Windows 7 for 32-bit Systems Service Pack 1 |
Internet Explorer 8 |
Windows 7 for x64-based Systems Service Pack 1 |
Internet Explorer 8 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Internet Explorer 8 |
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 |
Internet Explorer 8 |
Internet Explorer 9 |
Windows Vista Service Pack 2 |
Internet Explorer 9 |
Windows Vista x64 Edition Service Pack 2 |
Internet Explorer 9 |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
Internet Explorer 9 |
Windows Server 2008 for x64-based Systems Service Pack 2 |
Internet Explorer 9 |
Windows 7 for 32-bit Systems Service Pack 1 |
Internet Explorer 9 |
Windows 7 for x64-based Systems Service Pack 1 |
Internet Explorer 9 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Internet Explorer 9 |
Internet Explorer 10 |
Windows 7 for 32-bit Systems Service Pack 1 |
Internet Explorer 10 |
Windows 7 for x64-based Systems Service Pack 1 |
Internet Explorer 10 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Internet Explorer 10 |
Windows 8 for 32-bit Systems |
Internet Explorer 10 |
Windows 8 for x64-based Systems |
Internet Explorer 10 |
Windows Server 2012 |
Internet Explorer 10 |
Windows RT |
Internet Explorer 10 |
Internet Explorer 11 |
Windows 7 for 32-bit Systems Service Pack 1 |
Internet Explorer 11 |
Windows 7 for x64-based Systems Service Pack 1 |
Internet Explorer 11 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Internet Explorer 11 |
Windows 8.1 for 32-bit Systems |
Internet Explorer 11 |
Windows 8.1 for x64-based Systems |
Internet Explorer 11 |
Windows Server 2012 R2 |
Internet Explorer 11 |
Windows RT 8.1 |
Internet Explorer 11 |
不受影響的軟件及系統(tǒng):
Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack1 (Server Core installation)
Windows Server2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
參考鏈接:
https://technet.**.com/zh-cn/library/security/2963983(其中�����,**表示microsoft)
http://www.**.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html(其中�����,**表示fireeye)
云塘校區(qū)地址:湖南省長沙市(天心區(qū))萬家麗南路二段960號(hào) 