安全公告編號:CNTA-2014-0017
根據(jù)微軟4月26日披露的公告稱,微軟Internet Explorer瀏覽器存在一處遠程代碼執(zhí)行漏洞(CNVD-2014-02648,對應CVE-2014-1776),攻擊者可利用漏洞發(fā)起惡意代碼攻擊。漏洞存在于IE6至IE11等版本的VGX.DLL中,VGX.DLL是IE中負責渲染VML的組件,該組件未對正確處理內(nèi)存對象釋放機制,可被利用發(fā)起基于內(nèi)存釋放后重用技術的攻擊,且攻擊代碼可以繞過微軟現(xiàn)有的ASLR和DEP安全機制。攻擊者可以誘使用戶訪問特定構造的一個網(wǎng)站頁面,在網(wǎng)站頁面上放置惡意代碼,從而發(fā)起大規(guī)模掛馬攻擊。
根據(jù)評估,受影響操作系統(tǒng)環(huán)境及對應IE版本較為廣泛,覆蓋微軟多個版本操作系統(tǒng),如下表所示。由于微軟已經(jīng)停止Windows XP的安全更新服務,因此在表中未列出,但技術分析表明Windows XP用戶受樣受到漏洞威脅。根據(jù)國外知名安全企業(yè)FireEye的估計,目前在互聯(lián)網(wǎng)瀏覽器用戶中,IE用戶占比達到26.25%。
解決方案:
微軟可能在下周二進行補丁更新(2014年5月13日)。一些臨時解決措施有:
1. 安裝增強減災體驗工具包 ( EMET 4.1);
2. 通過更改Internet Explorer安全設置,禁用ActiveX控件和腳本;
3. 工具->Internet 選項->安全->Internet->自定義級別->腳本->禁用“活動腳本”;
4. 本地Intranet->自定義級別->腳本->禁用“活動腳本”;
5. 如果您正在使用Internet Explorer 10或更高版本,請使用增強保護模式,以防止遭受攻擊;
6. 建議用戶在Internet Explorer禁用Adobe Flash插件;
7. 取消注冊VGX.dll文件。運行以下命令: regsvr32 -u"%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
受影響軟件及系統(tǒng):
Internet Explorer 6 |
Windows Server 2003 Service Pack 2 |
Internet Explorer 6 |
Windows Server 2003 x64 Edition Service Pack 2 |
Internet Explorer 6 |
Windows Server 2003 with SP2 for Itanium-based Systems |
Internet Explorer 6 |
Internet Explorer 7 |
Windows Server 2003 Service Pack 2 |
Internet Explorer 7 |
Windows Server 2003 x64 Edition Service Pack 2 |
Internet Explorer 7 |
Windows Server 2003 with SP2 for Itanium-based Systems |
Internet Explorer 7 |
Windows Vista Service Pack 2 |
Internet Explorer 7 |
Windows Vista x64 Edition Service Pack 2 |
Internet Explorer 7 |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
Internet Explorer 7 |
Windows Server 2008 for x64-based Systems Service Pack 2 |
Internet Explorer 7 |
Windows Server 2008 for Itanium-based Systems Service Pack 2 |
Internet Explorer 7 |
Internet Explorer 8 |
Windows Server 2003 Service Pack 2 |
Internet Explorer 8 |
Windows Server 2003 x64 Edition Service Pack 2 |
Internet Explorer 8 |
Windows Vista Service Pack 2 |
Internet Explorer 8 |
Windows Vista x64 Edition Service Pack 2 |
Internet Explorer 8 |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
Internet Explorer 8 |
Windows Server 2008 for x64-based Systems Service Pack 2 |
Internet Explorer 8 |
Windows 7 for 32-bit Systems Service Pack 1 |
Internet Explorer 8 |
Windows 7 for x64-based Systems Service Pack 1 |
Internet Explorer 8 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Internet Explorer 8 |
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 |
Internet Explorer 8 |
Internet Explorer 9 |
Windows Vista Service Pack 2 |
Internet Explorer 9 |
Windows Vista x64 Edition Service Pack 2 |
Internet Explorer 9 |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
Internet Explorer 9 |
Windows Server 2008 for x64-based Systems Service Pack 2 |
Internet Explorer 9 |
Windows 7 for 32-bit Systems Service Pack 1 |
Internet Explorer 9 |
Windows 7 for x64-based Systems Service Pack 1 |
Internet Explorer 9 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Internet Explorer 9 |
Internet Explorer 10 |
Windows 7 for 32-bit Systems Service Pack 1 |
Internet Explorer 10 |
Windows 7 for x64-based Systems Service Pack 1 |
Internet Explorer 10 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Internet Explorer 10 |
Windows 8 for 32-bit Systems |
Internet Explorer 10 |
Windows 8 for x64-based Systems |
Internet Explorer 10 |
Windows Server 2012 |
Internet Explorer 10 |
Windows RT |
Internet Explorer 10 |
Internet Explorer 11 |
Windows 7 for 32-bit Systems Service Pack 1 |
Internet Explorer 11 |
Windows 7 for x64-based Systems Service Pack 1 |
Internet Explorer 11 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Internet Explorer 11 |
Windows 8.1 for 32-bit Systems |
Internet Explorer 11 |
Windows 8.1 for x64-based Systems |
Internet Explorer 11 |
Windows Server 2012 R2 |
Internet Explorer 11 |
Windows RT 8.1 |
Internet Explorer 11 |
不受影響的軟件及系統(tǒng):
Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack1 (Server Core installation)
Windows Server2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
參考鏈接:
https://technet.**.com/zh-cn/library/security/2963983(其中,**表示microsoft)
http://www.**.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html(其中,**表示fireeye)
云塘校區(qū)地址:湖南省長沙市(天心區(qū))萬家麗南路二段960號 