当前位置: 首页 > 网络安全 > 监测预警 > 正文

关于Internet Explorer VGX.DLL远程代码执行漏洞的安全公告

发布日期:2014-04-28预览:

安全公告编号:CNTA-2014-0017

根据微软4月26日披露的公告称,微软Internet Explorer浏览器存在一处远程代码执行漏洞(CNVD-2014-02648,对应CVE-2014-1776),攻击者可利用漏洞发起恶意代码攻击。漏洞存在于IE6至IE11等版本的VGX.DLL中,VGX.DLL是IE中负责渲染VML的组件,该组件未对正确处理内存对象释放机制,可被利用发起基于内存释放后重用技术的攻击,且攻击代码可以绕过微软现有的ASLR和DEP安全机制。攻击者可以诱使用户访问特定构造的一个网站页面,在网站页面上放置恶意代码,从而发起大规模挂马攻击。

根据评估,受影响操作系统环境及对应IE版本较为广泛,覆盖微软多个版本操作系统,如下表所示。由于微软已经停止Windows XP的安全更新服务,因此在表中未列出,但技术分析表明Windows XP用户受样受到漏洞威胁。根据国外知名安全企业FireEye的估计,目前在互联网浏览器用户中,IE用户占比达到26.25%。


解决方案:

微软可能在下周二进行补丁更新(2014年5月13日)。一些临时解决措施有:

1. 安装增强减灾体验工具包 ( EMET 4.1);

2. 通过更改Internet Explorer安全设置,禁用ActiveX控件和脚本;

3. 工具->Internet 选项->安全->Internet->自定义级别->脚本->禁用“活动脚本”;

4. 本地Intranet->自定义级别->脚本->禁用“活动脚本”;

5. 如果您正在使用Internet Explorer 10或更高版本,请使用增强保护模式,以防止遭受攻击;

6. 建议用户在Internet Explorer禁用Adobe Flash插件;

7. 取消注册VGX.dll文件。运行以下命令: regsvr32 -u"%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"


受影响软件及系统:

Internet Explorer 6

Windows Server 2003 Service Pack 2

Internet Explorer 6

Windows Server 2003 x64 Edition Service Pack 2

Internet Explorer 6

Windows Server 2003 with SP2 for Itanium-based Systems

Internet Explorer 6

Internet Explorer 7

Windows Server 2003 Service Pack 2

Internet Explorer 7

Windows Server 2003 x64 Edition Service Pack 2

Internet Explorer 7

Windows Server 2003 with SP2 for Itanium-based Systems

Internet Explorer 7

Windows Vista Service Pack 2

Internet Explorer 7

Windows Vista x64 Edition Service Pack 2

Internet Explorer 7

Windows Server 2008 for 32-bit Systems Service Pack 2

Internet Explorer 7

Windows Server 2008 for x64-based Systems Service Pack 2

Internet Explorer 7

Windows Server 2008 for Itanium-based Systems Service Pack 2

Internet Explorer 7

Internet Explorer 8

Windows Server 2003 Service Pack 2

Internet Explorer 8

Windows Server 2003 x64 Edition Service Pack 2

Internet Explorer 8

Windows Vista Service Pack 2

Internet Explorer 8

Windows Vista x64 Edition Service Pack 2

Internet Explorer 8

Windows Server 2008 for 32-bit Systems Service Pack 2

Internet Explorer 8

Windows Server 2008 for x64-based Systems Service Pack 2

Internet Explorer 8

Windows 7 for 32-bit Systems Service Pack 1

Internet Explorer 8

Windows 7 for x64-based Systems Service Pack 1

Internet Explorer 8

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Internet Explorer 8

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Internet Explorer 8

Internet Explorer 9

Windows Vista Service Pack 2

Internet Explorer 9

Windows Vista x64 Edition Service Pack 2

Internet Explorer 9

Windows Server 2008 for 32-bit Systems Service Pack 2

Internet Explorer 9

Windows Server 2008 for x64-based Systems Service Pack 2

Internet Explorer 9

Windows 7 for 32-bit Systems Service Pack 1

Internet Explorer 9

Windows 7 for x64-based Systems Service Pack 1

Internet Explorer 9

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Internet Explorer 9

Internet Explorer 10

Windows 7 for 32-bit Systems Service Pack 1

Internet Explorer 10

Windows 7 for x64-based Systems Service Pack 1

Internet Explorer 10

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Internet Explorer 10

Windows 8 for 32-bit Systems

Internet Explorer 10

Windows 8 for x64-based Systems

Internet Explorer 10

Windows Server 2012

Internet Explorer 10

Windows RT

Internet Explorer 10

Internet Explorer 11

Windows 7 for 32-bit Systems Service Pack 1

Internet Explorer 11

Windows 7 for x64-based Systems Service Pack 1

Internet Explorer 11

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Internet Explorer 11

Windows 8.1 for 32-bit Systems

Internet Explorer 11

Windows 8.1 for x64-based Systems

Internet Explorer 11

Windows Server 2012 R2

Internet Explorer 11

Windows RT 8.1

Internet Explorer 11


不受影响的软件及系统:

Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack1 (Server Core installation)

Windows Server2012 (Server Core installation)

Windows Server 2012 R2 (Server Core installation)


参考链接:

https://technet.**.com/zh-cn/library/security/2963983(其中,**表示microsoft)

http://www.**.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html(其中,**表示fireeye)

上一条:关于GNU glibc函数库存在缓冲区溢出高危漏洞(“幽灵”漏洞)的情况公告

下一条:关于OpenSSL存在内存泄露高危漏洞的安全公告