安全公告編號:CNTA-2014-0017
根據微軟4月26日披露的公告稱����,微軟Internet Explorer瀏覽器存在一處遠程代碼執行漏洞(CNVD-2014-02648,對應CVE-2014-1776)�,攻擊者可利用漏洞發起惡意代碼攻擊����。漏洞存在于IE6至IE11等版本的VGX.DLL中���,VGX.DLL是IE中負責渲染VML的組件���,該組件未對正確處理內存對象釋放機制���,可被利用發起基于內存釋放后重用技術的攻擊�,且攻擊代碼可以繞過微軟現有的ASLR和DEP安全機制�����。攻擊者可以誘使用戶訪問特定構造的一個網站頁面�����,在網站頁面上放置惡意代碼����,從而發起大規模掛馬攻擊���。
根據評估����,受影響操作系統環境及對應IE版本較為廣泛,覆蓋微軟多個版本操作系統�,如下表所示��。由于微軟已經停止Windows XP的安全更新服務,因此在表中未列出�,但技術分析表明Windows XP用戶受樣受到漏洞威脅�����。根據國外知名安全企業FireEye的估計,目前在互聯網瀏覽器用戶中�����,IE用戶占比達到26.25%��。
解決方案:
微軟可能在下周二進行補丁更新(2014年5月13日)��。一些臨時解決措施有:
1. 安裝增強減災體驗工具包 ( EMET 4.1)����;
2. 通過更改Internet Explorer安全設置,禁用ActiveX控件和腳本;
3. 工具->Internet 選項->安全->Internet->自定義級別->腳本->禁用“活動腳本”;
4. 本地Intranet->自定義級別->腳本->禁用“活動腳本”;
5. 如果您正在使用Internet Explorer 10或更高版本�����,請使用增強保護模式��,以防止遭受攻擊�;
6. 建議用戶在Internet Explorer禁用Adobe Flash插件�;
7. 取消注冊VGX.dll文件。運行以下命令: regsvr32 -u"%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
受影響軟件及系統:
Internet Explorer 6 |
Windows Server 2003 Service Pack 2 |
Internet Explorer 6 |
Windows Server 2003 x64 Edition Service Pack 2 |
Internet Explorer 6 |
Windows Server 2003 with SP2 for Itanium-based Systems |
Internet Explorer 6 |
Internet Explorer 7 |
Windows Server 2003 Service Pack 2 |
Internet Explorer 7 |
Windows Server 2003 x64 Edition Service Pack 2 |
Internet Explorer 7 |
Windows Server 2003 with SP2 for Itanium-based Systems |
Internet Explorer 7 |
Windows Vista Service Pack 2 |
Internet Explorer 7 |
Windows Vista x64 Edition Service Pack 2 |
Internet Explorer 7 |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
Internet Explorer 7 |
Windows Server 2008 for x64-based Systems Service Pack 2 |
Internet Explorer 7 |
Windows Server 2008 for Itanium-based Systems Service Pack 2 |
Internet Explorer 7 |
Internet Explorer 8 |
Windows Server 2003 Service Pack 2 |
Internet Explorer 8 |
Windows Server 2003 x64 Edition Service Pack 2 |
Internet Explorer 8 |
Windows Vista Service Pack 2 |
Internet Explorer 8 |
Windows Vista x64 Edition Service Pack 2 |
Internet Explorer 8 |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
Internet Explorer 8 |
Windows Server 2008 for x64-based Systems Service Pack 2 |
Internet Explorer 8 |
Windows 7 for 32-bit Systems Service Pack 1 |
Internet Explorer 8 |
Windows 7 for x64-based Systems Service Pack 1 |
Internet Explorer 8 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Internet Explorer 8 |
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 |
Internet Explorer 8 |
Internet Explorer 9 |
Windows Vista Service Pack 2 |
Internet Explorer 9 |
Windows Vista x64 Edition Service Pack 2 |
Internet Explorer 9 |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
Internet Explorer 9 |
Windows Server 2008 for x64-based Systems Service Pack 2 |
Internet Explorer 9 |
Windows 7 for 32-bit Systems Service Pack 1 |
Internet Explorer 9 |
Windows 7 for x64-based Systems Service Pack 1 |
Internet Explorer 9 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Internet Explorer 9 |
Internet Explorer 10 |
Windows 7 for 32-bit Systems Service Pack 1 |
Internet Explorer 10 |
Windows 7 for x64-based Systems Service Pack 1 |
Internet Explorer 10 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Internet Explorer 10 |
Windows 8 for 32-bit Systems |
Internet Explorer 10 |
Windows 8 for x64-based Systems |
Internet Explorer 10 |
Windows Server 2012 |
Internet Explorer 10 |
Windows RT |
Internet Explorer 10 |
Internet Explorer 11 |
Windows 7 for 32-bit Systems Service Pack 1 |
Internet Explorer 11 |
Windows 7 for x64-based Systems Service Pack 1 |
Internet Explorer 11 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Internet Explorer 11 |
Windows 8.1 for 32-bit Systems |
Internet Explorer 11 |
Windows 8.1 for x64-based Systems |
Internet Explorer 11 |
Windows Server 2012 R2 |
Internet Explorer 11 |
Windows RT 8.1 |
Internet Explorer 11 |
不受影響的軟件及系統:
Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack1 (Server Core installation)
Windows Server2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
參考鏈接:
https://technet.**.com/zh-cn/library/security/2963983(其中,**表示microsoft)
http://www.**.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html(其中���,**表示fireeye)
云塘校區地址:湖南省長沙市(天心區)萬家麗南路二段960號 