微软多个安全漏洞通告

0x00 漏洞概述

微软于周二发布了8月安全更新补丁,修复了包括2个0day在内的120个漏洞,涉及Internet Explorer(IE)、Office、Microsoft Edge、Windows Media等众多组件和软件。值得注意的是,Windows欺骗漏洞(CVE-2020-1464)和IE脚本引擎内存破坏漏洞(CVE-2020-1380)已被检测到在野利用,此外还有四个远程代码执行漏洞(CVE-2020-1585、CVE-2020-1568、CVE-2020-1567、CVE-2020-1570)和三个权限提升漏洞(CVE-2020-1472、CVE-2020-1480、CVE-2020-1529),需要重点关注,详见表格:

产品CVE ID类 型漏洞等级远程利用
WindowsCVE-2020-1464Spoofing高危
Internet ExplorerCVE-2020-1380RCE严重
WindowsCVE-2020-1472EOP严重
WindowsCVE-2020-1585RCE严重
Microsoft EdgeCVE-2020-1568RCE严重
Internet ExplorerCVE-2020-1567RCE严重
Internet ExplorerCVE-2020-1570RCE严重
WindowsCVE-2020-1480EOP高危
WindowsCVE-2020-1529EOP高危

0x01 漏洞详情

Windows欺骗漏洞(CVE-2020-1464)

Windows在验证签名时,存在一个欺骗漏洞。成功利用此漏洞的攻击者可绕过安全特性,从而加载错误签名的文件。

IE脚本引擎内存损坏漏洞(CVE-2020-1380)

IE脚本引擎在处理内存中的对象时,存在一个远程代码执行漏洞。攻击者可通过诱导用户访问特制网站或通过诱导用户打开嵌入标记为“初始化安全”的ActiveX控件的应用程序或Microsoft Office文档等方式来利用此漏洞,此外,攻击者还可以通过攻击脆弱网站、向内容或广告服务提供商添加特制内容来利用此漏洞,该漏洞导致可以在当前用户的上下文中执行任意代码的方式损坏内存。

NetLogon权限提升漏洞(CVE-2020-1472)

NetLogon中存在一个权限提升漏洞。未经身份认证的攻击者可通过使用Netlogon远程协议(MS-NRPC)连接域控制器来利用此漏洞。成功利用此漏洞的攻击者可获得域管理员访问权限。

Windows编码解码库远程代码执行漏洞(CVE-2020-1585)

当 Microsoft Windows Codecs 库处理内存中的对象时,存在远程执行代码漏洞。成功利用此漏洞的攻击者可以控制受影响的系统。

Microsoft Edge PDF远程执行代码漏洞(CVE-2020-1568)

Microsoft Edge PDF 阅读器在处理内存中的对象时,存在远程执行代码漏洞。远程攻击者通过构造包含恶意内容的PDF页面,并诱使用户使用Edge浏览器打开,成功利用此漏洞的攻击者可在受影响的系统上以相同的用户权限执行任意代码。

MSHTML引擎远程执行代码漏洞(CVE-2020-1567)

该漏洞存在于MSHTML中的VBScript中,因为对VBScript的一个回调会删除对象,而对该块空间的引用仍然保留在堆栈中,如果调用该引用,则会触发UAF,最终可以造成远程代码执行。

IE脚本引擎内存损坏漏洞(CVE-2020-1570)

该漏洞源于javascript未初始化堆栈内存,var对象通过GetValue来进行初始化,如果第二个参数为对象,则GetValue只初始化第三个参数值,造成第二个参数未初始化,最终导致远程代码执行。

Windows GDI 权限提升漏洞(CVE-2020-1480/CVE-2020-1529)

Windows 图形设备接口 (GDI) 处理内存中的对象的方式中存在特权提升漏洞。成功利用此漏洞的攻击者可以在内核模式下执行任意代码。

0x02 影响范围

漏洞编号受影响产品版本
CVE-2020-1464Windows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
CVE-2020-1380Internet Explorer 11
CVE-2020-1472Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
CVE-2020-1585Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based Systems
CVE-2020-1568Microsoft Edge (EdgeHTML-based)
CVE-2020-1567CVE-2020-1570Internet Explorer 11Internet Explorer 9
CVE-2020-1480Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows Server 2019Windows Server 2019 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)
CVE-2020-1529Windows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)

0x03 处置建议

微软官方已经发布补丁,下载链接:

https://portal.msrc.microsoft.com/en-us/security-guidance

发表评论

评论已关闭。

相关文章