安全公告编号:CNTA-2014-0017
根据微软4月26日披露的公告称,微软Internet Explorer浏览器存在一处远程代码执行漏洞(CNVD-2014-02648,对应CVE-2014-1776),攻击者可利用漏洞发起恶意代码攻击。漏洞存在于IE6至IE11等版本的VGX.DLL中,VGX.DLL是IE中负责渲染VML的组件,该组件未对正确处理内存对象释放机制,可被利用发起基于内存释放后重用技术的攻击,且攻击代码可以绕过微软现有的ASLR和DEP安全机制。攻击者可以诱使用户访问特定构造的一个网站页面,在网站页面上放置恶意代码,从而发起大规模挂马攻击。
根据评估,受影响操作系统环境及对应IE版本较为广泛,覆盖微软多个版本操作系统,如下表所示。由于微软已经停止Windows XP的安全更新服务,因此在表中未列出,但技术分析表明Windows XP用户受样受到漏洞威胁。根据国外知名安全企业FireEye的估计,目前在互联网浏览器用户中,IE用户占比达到26.25%。
解决方案:
微软可能在下周二进行补丁更新(2014年5月13日)。一些临时解决措施有:
1. 安装增强减灾体验工具包 ( EMET 4.1);
2. 通过更改Internet Explorer安全设置,禁用ActiveX控件和脚本;
3. 工具->Internet 选项->安全->Internet->自定义级别->脚本->禁用“活动脚本”;
4. 本地Intranet->自定义级别->脚本->禁用“活动脚本”;
5. 如果您正在使用Internet Explorer 10或更高版本,请使用增强保护模式,以防止遭受攻击;
6. 建议用户在Internet Explorer禁用Adobe Flash插件;
7. 取消注册VGX.dll文件。运行以下命令: regsvr32 -u"%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
受影响软件及系统:
Internet Explorer 6 |
Windows Server 2003 Service Pack 2 |
Internet Explorer 6 |
Windows Server 2003 x64 Edition Service Pack 2 |
Internet Explorer 6 |
Windows Server 2003 with SP2 for Itanium-based Systems |
Internet Explorer 6 |
Internet Explorer 7 |
Windows Server 2003 Service Pack 2 |
Internet Explorer 7 |
Windows Server 2003 x64 Edition Service Pack 2 |
Internet Explorer 7 |
Windows Server 2003 with SP2 for Itanium-based Systems |
Internet Explorer 7 |
Windows Vista Service Pack 2 |
Internet Explorer 7 |
Windows Vista x64 Edition Service Pack 2 |
Internet Explorer 7 |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
Internet Explorer 7 |
Windows Server 2008 for x64-based Systems Service Pack 2 |
Internet Explorer 7 |
Windows Server 2008 for Itanium-based Systems Service Pack 2 |
Internet Explorer 7 |
Internet Explorer 8 |
Windows Server 2003 Service Pack 2 |
Internet Explorer 8 |
Windows Server 2003 x64 Edition Service Pack 2 |
Internet Explorer 8 |
Windows Vista Service Pack 2 |
Internet Explorer 8 |
Windows Vista x64 Edition Service Pack 2 |
Internet Explorer 8 |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
Internet Explorer 8 |
Windows Server 2008 for x64-based Systems Service Pack 2 |
Internet Explorer 8 |
Windows 7 for 32-bit Systems Service Pack 1 |
Internet Explorer 8 |
Windows 7 for x64-based Systems Service Pack 1 |
Internet Explorer 8 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Internet Explorer 8 |
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 |
Internet Explorer 8 |
Internet Explorer 9 |
Windows Vista Service Pack 2 |
Internet Explorer 9 |
Windows Vista x64 Edition Service Pack 2 |
Internet Explorer 9 |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
Internet Explorer 9 |
Windows Server 2008 for x64-based Systems Service Pack 2 |
Internet Explorer 9 |
Windows 7 for 32-bit Systems Service Pack 1 |
Internet Explorer 9 |
Windows 7 for x64-based Systems Service Pack 1 |
Internet Explorer 9 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Internet Explorer 9 |
Internet Explorer 10 |
Windows 7 for 32-bit Systems Service Pack 1 |
Internet Explorer 10 |
Windows 7 for x64-based Systems Service Pack 1 |
Internet Explorer 10 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Internet Explorer 10 |
Windows 8 for 32-bit Systems |
Internet Explorer 10 |
Windows 8 for x64-based Systems |
Internet Explorer 10 |
Windows Server 2012 |
Internet Explorer 10 |
Windows RT |
Internet Explorer 10 |
Internet Explorer 11 |
Windows 7 for 32-bit Systems Service Pack 1 |
Internet Explorer 11 |
Windows 7 for x64-based Systems Service Pack 1 |
Internet Explorer 11 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Internet Explorer 11 |
Windows 8.1 for 32-bit Systems |
Internet Explorer 11 |
Windows 8.1 for x64-based Systems |
Internet Explorer 11 |
Windows Server 2012 R2 |
Internet Explorer 11 |
Windows RT 8.1 |
Internet Explorer 11 |
不受影响的软件及系统:
Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack1 (Server Core installation)
Windows Server2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
参考链接:
https://technet.**.com/zh-cn/library/security/2963983(其中,**表示microsoft)
http://www.**.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html(其中,**表示fireeye)