微软8月补丁日回顾 | Exchange Server及Oracle Glassfish漏洞预警

 

微软发布8月份安全补丁,修复60个安全漏洞

微软在昨日例行更新中发布了8月份的安全补丁,修复了60个安全漏洞。其中有2个漏洞,CVE-2018-8414与CVE-2018-8373此前已经被武器化,应用到实际攻击中。

这次修复的安全漏洞中,有20个被标记为关键漏洞,另外40个漏洞中,38个为重要漏洞,1个为中等严重漏洞,1个为低风险漏洞。

漏洞触发方面,有29个漏洞可导致远程代码执行(RCE),其中20个关键漏洞中有19个都可导致远程代码执行。除了上述的两个漏洞外,还有几个漏洞也值得关注,分别是CVE-2018-8350,CVE-2018-8302,CVE-2018-8344、CVE-2018-8273以及CVE-2018-8373。

 

Adobe发布安全更新,修复11个安全漏洞

Adobe发布了8月份安全补丁,修复了11个漏洞,其中2个为关键漏洞。目前官方声称这些漏洞暂未发现被利用的迹象。

 

CVE-2018-8414 SettingContent-ms漏洞

此前已经有博文解释并利用过此漏洞,详情可参看此文:武器化:利用.SettingContent-ms文件执行任意代码

官方描述为Windows Shell的漏洞,实际上是利用Windows 10控制面板快捷方式(SettingContent-ms)实施攻击。微软7月已经开始阻止在Outlook和Office 365中嵌入此类快捷方式,而在这次的更新中则彻底解决了此问题:Windows Shell在执行此类快捷方式时会验证文件路径。

同时,Adobe发布的安全补丁也可加强系统对此漏洞的防御。

 

CVE-2018-8373 IE漏洞

此漏洞是在7月安全补丁发布后由趋势科技安全研究员Elliot发现,与5月份修复的CVE-2018-8174类似。它利用了vbscript.dll中的UAF漏洞,当VBScript使用AssignVar为AccessArray数组元素赋值时会触发漏洞。并且近段时间不断发现此漏洞已经被应用到实际攻击中。

 

CVE-2018-8350 PDF RCE漏洞

当用户的默认浏览器为Edge时,仅需访问恶意网站即可触发漏洞实现远程代码执行,或者利用社工技巧使用户打开恶意的PDF文档。此漏洞产生原因是Windows PDF Library错误地处理内存中的对象,成功利用漏洞后,攻击者可获得与当前用户同等的权限。

 

CVE-2018-8302 Exchange Server漏洞

攻击者可通过.NET BinaryFormatter反序列化漏洞攻击Exchange Server,并以’NT AUTHORITY \ SYSTEM’权限执行代码。

利用此漏洞需要Exchange Server开启统一消息(UM)设置,虽然这个设置不是默认开启的,但是很多企业都会手动打开这个功能。攻击者可利用钓鱼攻击先攻破企业中的用户计算机,接着利用这个账户执行此攻击最终控制Exchange Server。除此之外,还可以利用用户串通,直接进行攻击并接管服务器。

此漏洞产生原因是,Exchange在收到语音邮件时会将其转换并存储在收件箱中,转换时它会读取TopNWords.Data(收件箱文件夹属性之一,存储在Exchange Server上,为公共属性,用户可通过Exchange Web服务(EWS)改变此属性),并通过.NET BinaryFormatter对它反序列化。因此攻击者可利用反序列化漏洞进行攻击。

此漏洞详情可查看Zero Day发布的安全报告了解详情。

 

CVE-2018-8344 Windows字体库漏洞

Windows字体库在处理嵌入字体时存在漏洞,可导致远程代码执行。此漏洞可通过多种方式触发,例如恶意网站,广告页或钓鱼攻击中的恶意附件。

 

CVE-2018-8273 SQL Server漏洞

此漏洞为SQL Server中的远程代码执行漏洞,被利用后可导致在数据库中服务账户上下文执行代码。

 

Oracle Glassfish目录遍历漏洞PoC公布

CVE-2017-1000028 Oracle Glassfish目录遍历漏洞的PoC已经放出,并已被收入MS框架。攻击者可利用特定HTTP GET请求访问服务器中的敏感数据。细节可查看此处

 

重要漏洞中值得关注的漏洞

Talos提出,在重要漏洞中有两个漏洞需要重点关注:CVE-2018-8200和CVE-2018-8340.

CVE-2018-8200是Device Guard的漏洞,被成功利用后可将恶意代码注入Powershell会话,并绕过Device Guard代码完整性策略。但是须将恶意代码注入可信脚本中才可进行攻击。

CVE-2018-8340则是Windows身份验证的漏洞,被成功利用后可绕过一部分身份验证因素。

 

漏洞详情列表

CVE Title Severity Public Exploited XI – Latest XI – Older Type
CVE-2018-8373 Internet Explorer Memory Corruption Vulnerability Critical Yes Yes 2 0 RCE
CVE-2018-8414 Windows Shell Remote Code Execution Vulnerability Important Yes Yes 1 1 RCE
CVE-2018-8273 Microsoft SQL Server Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2018-8302 Microsoft Exchange Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2018-8344 Microsoft Graphics Remote Code Execution Vulnerability Critical No No 1 1 RCE
CVE-2018-8345 LNK Remote Code Execution Vulnerability Critical No No 1 1 RCE
CVE-2018-8350 Windows PDF Remote Code Execution Vulnerability Critical No No 2 N/A RCE
CVE-2018-8355 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2018-8359 Scripting Engine Information Disclosure Vulnerability Critical No No 1 N/A Info
CVE-2018-8371 Internet Explorer Memory Corruption Vulnerability Critical No No 1 1 RCE
CVE-2018-8372 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2018-8377 Microsoft Edge Memory Corruption Vulnerability Critical No No 2 N/A RCE
CVE-2018-8380 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2018-8381 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2018-8384 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2018-8385 Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2018-8387 Microsoft Edge Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2018-8390 Scripting Engine Memory Corruption Vulnerability Critical No No 2 N/A RCE
CVE-2018-8397 GDI+ Remote Code Execution Vulnerability Critical No No N/A 2 RCE
CVE-2018-8403 Microsoft Browser Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2018-0952 Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability Important No No 2 2 EoP
CVE-2018-8200 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Important No No 2 2 SFB
CVE-2018-8204 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Important No No 2 2 SFB
CVE-2018-8253 Cortana Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2018-8266 Chakra Scripting Engine Memory Corruption Vulnerability Important No No 1 N/A RCE
CVE-2018-8316 Internet Explorer Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2018-8339 Windows Installer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2018-8340 ADFS Security Feature Bypass Vulnerability Important No No 2 2 SFB
CVE-2018-8341 Windows Kernel Information Disclosure Vulnerability Important No No 2 2 info
CVE-2018-8342 Windows NDIS Elevation of Privilege Vulnerability Important No No N/A 2 EoP
CVE-2018-8343 Windows NDIS Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2018-8346 LNK Remote Code Execution Vulnerability Important No No N/A 2 RCE
CVE-2018-8347 Windows Kernel Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2018-8348 Windows Kernel Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2018-8349 Microsoft COM for Windows Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2018-8351 Microsoft Edge Information Disclosure Vulnerability Important No No 2 N/A Info
CVE-2018-8353 Scripting Engine Memory Corruption Vulnerability Important No No 1 1 RCE
CVE-2018-8357 Internet Explorer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2018-8358 Microsoft Edge Information Disclosure Vulnerability Important No No 2 N/A Info
CVE-2018-8360 .NET Framework Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2018-8370 Microsoft Edge Information Disclosure Vulnerability Important No No 2 N/A Info
CVE-2018-8375 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2018-8376 Microsoft PowerPoint Remote Code Exectuion Vulnerability Important No No 1 1 RCE
CVE-2018-8378 Microsoft Office Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2018-8379 Microsoft Excel Remote Code Execution Vulnerability Important No No 1 1 RCE
CVE-2018-8382 Microsoft Excel Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2018-8383 Microsoft Edge Spoofing Vulnerability Important No No 1 N/A Spoof
CVE-2018-8389 Internet Explorer Memory Corruption Vulnerability Important No No 1 1 RCE
CVE-2018-8394 Windows GDI Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2018-8396 Windows GDI Information Disclosure Vulnerability Important No No N/A 2 Info
CVE-2018-8398 Windows GDI Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2018-8399 Win32k Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2018-8400 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2018-8401 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2018-8404 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2018-8405 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2018-8406 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2018-8412 Microsoft (MAU) Office Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2018-8374 Microsoft Exchange Elevation of Privilege Vulnerability Moderate No No 3 3 EoP
CVE-2018-8388 Microsoft Edge Elevation of Privilege Vulnerability Low No No 2 N/A EoP

 

安全补丁应尽快更新

此次安全补丁修复的漏洞中,有几个危险性较高的漏洞已经被应用到攻击中,其他几个关键漏洞相信也会被迅速武器化,用户应及时进行安全更新做好安全防护。

 

参考链接

https://cxsecurity.com/issue/WLB-2018080096

https://blog.talosintelligence.com/2018/08/ms-tuesday.html

https://www.thezdi.com/blog/2018/8/14/the-august-2018-security-update-review

https://www.symantec.com/security-center/vulnerabilities/writeup/104973

https://www.zerodayinitiative.com/blog/2018/8/14/voicemail-vandalism-getting-remote-code-execution-on-microsoft-exchange-server

https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2018-patch-tuesday-fixes-60-security-flaws-including-two-zero-days/

https://thehackernews.com/2018/08/microsoft-patch-updates.html

(完)