廣告廣告
  加入我的最愛 設為首頁 風格修改
首頁 首尾
 手機版   訂閱   地圖  簡體 
您是第 2205 個閱讀者
 
發表文章 發表投票 回覆文章
  可列印版   加為IE收藏   收藏主題   上一主題 | 下一主題   
~Domino~
數位造型
個人文章 個人相簿 個人日記 個人地圖
路人甲
級別: 路人甲 該用戶目前不上站
推文 x0 鮮花 x0
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片
推文 x0
[漏洞修補] 0day Exploit - 非常重大的漏洞修正!請務必安裝
這個漏洞影響真是超大,才發現沒多久,就已經災情慘重,哀號遍野了,連利用此漏洞的複合式蠕蟲都已經出現了:D

Microsoft Windows Animated Cursor Handling Vulnerability
Critical: Extremely critical
Secunia Advisory: SA24659
Release Date: 2007-03-30
危害程度是最高的喔!!


有這麼嚴重嗎? 為什麼?
(1)弱點觸發的地方是一個關鍵。
(2)微軟還未推出修補檔。
(3)是一個遠端可任意執行程式碼的弱點,這種弱點安全公司通常都列為極端嚴重。

弱點觸發說明:
(1)因為Windows系統檔user32.dll裡面有一個載入圖像的api叫作LoadImage,沒有檢查載入的滑鼠游標檔檔頭大小,
並且直接把游標檔檔頭資料複製到系統堆疊,因為沒有檢查檔頭大小,攻擊者設計一個異常(過大)的檔頭資料,結果就把堆疊覆蓋了>.<  使得程式流程被帶到攻擊者預先設計好的程 式碼中,可以隨心所欲的下載木馬、後門等Spyware。

(2)另外此弱點不是發生在某個特定程式,如iexplorer.exe等,而是發生在系統檔案user32.dll,天ㄚ,只要有用到LoadImage載入的通殺!!

你想想看,現在瀏覽網站是不是超恐怖?


昨天我們報導了一個Windows .ANI動畫即可將Windows Vista陷入Explorer崩潰死循環的消息,目前微軟已經確認了這一問題並正在組織解決方案,但第三方的安全組織eEye卻先人一步,提供了第三方修正,這已經不是他們第一次先於微軟發佈修正了,至於質量如何,大家不妨可以研究研究.

查看:Windows .ANI Processing Zero-Day Tracker
http://research.eeye.com/html/a...20070328.html

eEye Digital Security

Windows ANI Zero-Day With eEye PatchHey Readers,
Pretty serious happenings on the zero-day front today so we’ll keep it short and sweet. Today marked the release of the Windows .ANI Processing zero-day. This zero-day vulnerability represents one of the most potent zero-days recorded by the Zero-Day Tracker. Since the vulnerability lies within Windows and is exposed by countless applications, exploit vectors are plentiful for attackers to launch reliable attacks against user32.dll.
eEye’s Blink Neighborhood Watch (LOOK, IT’S FREE!!) was already protecting against this vulnerability with its generic Intrusion Prevention System, so Blink users have nothing to worry about. For those that may not have Blink installed, eEye Research has diligently been plugging away and has released a patch to mitigate this vulnerability while it remains unpatched by Microsoft. This patch successfully disabled ALL attack vectors from exploiting users while not causing a disruption in normal use. As always we suggest that administrators quickly test this against internal web applications prior to installing within their environment. Or, maybe you should just install Blink and join the many users that don’t have anything to worry about.
You can find all of the technical information as well as the




EEYEZD-20070328

Common Name:
Windows .ANI Processing

Date Disclosed:
3/28/2007

Expected Patch Release:
Unknown

Vendor:
Microsoft

Application:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista

Description:
An unspecified vulnerability exists within Microsoft Windows which may possibly allow for a remote attacker to execute arbitrary code under the context of the logged in user. This vulnerability requires user interaction by viewing a malicious Windows animated cursor (.ANI) file. .ANI files are commonly used by web developers to display custom cursor animations to enhance web-site experiences.

The most potent attack method is by embedding a malicious .ANI file within an HTML web page. Doing so allows the vulnerability to be exploited with minimal user interaction by simply coaxing a user to follow a hyperlink and visit a malicious web site. Other exploit vectors exist including Microsoft Office applications since they also rely on the same .ANI processing code, making e-mail delivery also a potent threat by using Microsoft Office attachments.

Since .ANI processing is performed by USER32.dll and not the attack vector application itself, all attack vectors have the potential to use a similar exploit with similar address offsets targeted at Windows directly, allowing for a very reliable exploit.

NOTE: This advisory information is gathered from the references below. eEye Research is currently researching the cause of the vulnerability and trying to identify other vulnerable and will update this ZDT entry as more information becomes available.

Severity:
High

Code Execution:
Yes

Impact:
Arbitrary code execution under the context of the logged in user
A web browser remote code execution vulnerability has a very high impact since the source of the malicious payload can be any site on the Internet. An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with Administrator credentials. Exploitation impact can vary from the reported trojan installation to full system compromise by coupling this attack with a privilege escalation vulnerability to acquire SYSTEM access.

Mitigation:
eEye Digital Security's Research Team has released a workaround for the zero-day vulnerability as a temporary measure for customers who have not yet installed Blink. Blink generically protects from this and other vulnerabilities without the need for updating and is available for free for personal use on all affected platforms except for Vista. This workaround is not meant to replace the forthcoming Microsoft patch, but rather as a temporary mitigation against this flaw.

The temporary patch mitigates this vulnerability by preventing cursors from being loaded outside of %SystemRoot%. This disallows websites from loading their own, potentially malicious animated icons, while causing little to no business disruption on hosts with the patch installed.

Organizations that choose to employ this workaround should take the steps required to uninstall it once the official Microsoft patch is released. More information regarding installation and uninstallation is available in the patch installer. Please note that at this time this workaround supports all affected platforms except for x64 and Itanium architectures.

Patch Location: Download Now!

http://www.eeye.com/html/research/tool...ayPatchSetup.exe



獻花 x0 回到頂端 [樓 主] From:臺灣中華 | Posted:2007-04-01 21:30 |
彗星風采 手機
個人頭像
個人文章 個人相簿 個人日記 個人地圖
小人物
級別: 小人物 該用戶目前不上站
推文 x0 鮮花 x24
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

請問大大..這應該就是最近利用微軟漏洞的零時差攻擊吧..

這個補丁應該是非官方的補丁....在微軟推出正式補丁時,需要先卸载第三方補丁再安裝微軟正式補丁!支持

所有除64位和IA外的系统。

表情


[ 此文章被彗星風采在2007-04-01 23:03重新編輯 ]


獻花 x0 回到頂端 [1 樓] From:臺灣中華電信HINET | Posted:2007-04-01 22:44 |
~Domino~
數位造型
個人文章 個人相簿 個人日記 個人地圖
路人甲
級別: 路人甲 該用戶目前不上站
推文 x0 鮮花 x0
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

今天消息! eEye擋不住了- (.ANI) Remote Exploit (eeye patch bypass)

此修正慘遭破解!


獻花 x0 回到頂端 [2 樓] From:臺灣中華 | Posted:2007-04-02 12:15 |

首頁  發表文章 發表投票 回覆文章
Powered by PHPWind v1.3.6
Copyright © 2003-04 PHPWind
Processed in 0.053624 second(s),query:16 Gzip disabled
本站由 瀛睿律師事務所 擔任常年法律顧問 | 免責聲明 | 本網站已依台灣網站內容分級規定處理 | 連絡我們 | 訪客留言