微软发布8月份安全补丁,修复60个安全漏洞
微软在昨日例行更新中发布了8月份的安全补丁,修复了60个安全漏洞。其中有2个漏洞,CVE-2018-8414与CVE-2018-8373此前已经被武器化,应用到实际攻击中。
这次修复的安全漏洞中,有20个被标记为关键漏洞,另外40个漏洞中,38个为重要漏洞,1个为中等严重漏洞,1个为低风险漏洞。
漏洞触发方面,有29个漏洞可导致远程代码执行(RCE),其中20个关键漏洞中有19个都可导致远程代码执行。除了上述的两个漏洞外,还有几个漏洞也值得关注,分别是CVE-2018-8350,CVE-2018-8302,CVE-2018-8344、CVE-2018-8273以及CVE-2018-8373。
Adobe发布安全更新,修复11个安全漏洞
Adobe发布了8月份安全补丁,修复了11个漏洞,其中2个为关键漏洞。目前官方声称这些漏洞暂未发现被利用的迹象。
CVE-2018-8414 SettingContent-ms漏洞
此前已经有博文解释并利用过此漏洞,详情可参看此文:武器化:利用.SettingContent-ms文件执行任意代码。
官方描述为Windows Shell的漏洞,实际上是利用Windows 10控制面板快捷方式(SettingContent-ms)实施攻击。微软7月已经开始阻止在Outlook和Office 365中嵌入此类快捷方式,而在这次的更新中则彻底解决了此问题:Windows Shell在执行此类快捷方式时会验证文件路径。
同时,Adobe发布的安全补丁也可加强系统对此漏洞的防御。
CVE-2018-8373 IE漏洞
此漏洞是在7月安全补丁发布后由趋势科技安全研究员Elliot发现,与5月份修复的CVE-2018-8174类似。它利用了vbscript.dll中的UAF漏洞,当VBScript使用AssignVar为AccessArray数组元素赋值时会触发漏洞。并且近段时间不断发现此漏洞已经被应用到实际攻击中。
CVE-2018-8350 PDF RCE漏洞
当用户的默认浏览器为Edge时,仅需访问恶意网站即可触发漏洞实现远程代码执行,或者利用社工技巧使用户打开恶意的PDF文档。此漏洞产生原因是Windows PDF Library错误地处理内存中的对象,成功利用漏洞后,攻击者可获得与当前用户同等的权限。
CVE-2018-8302 Exchange Server漏洞
攻击者可通过.NET BinaryFormatter反序列化漏洞攻击Exchange Server,并以’NT AUTHORITY \ SYSTEM’权限执行代码。
利用此漏洞需要Exchange Server开启统一消息(UM)设置,虽然这个设置不是默认开启的,但是很多企业都会手动打开这个功能。攻击者可利用钓鱼攻击先攻破企业中的用户计算机,接着利用这个账户执行此攻击最终控制Exchange Server。除此之外,还可以利用用户串通,直接进行攻击并接管服务器。
此漏洞产生原因是,Exchange在收到语音邮件时会将其转换并存储在收件箱中,转换时它会读取TopNWords.Data(收件箱文件夹属性之一,存储在Exchange Server上,为公共属性,用户可通过Exchange Web服务(EWS)改变此属性),并通过.NET BinaryFormatter对它反序列化。因此攻击者可利用反序列化漏洞进行攻击。
此漏洞详情可查看Zero Day发布的安全报告了解详情。
CVE-2018-8344 Windows字体库漏洞
Windows字体库在处理嵌入字体时存在漏洞,可导致远程代码执行。此漏洞可通过多种方式触发,例如恶意网站,广告页或钓鱼攻击中的恶意附件。
CVE-2018-8273 SQL Server漏洞
此漏洞为SQL Server中的远程代码执行漏洞,被利用后可导致在数据库中服务账户上下文执行代码。
Oracle Glassfish目录遍历漏洞PoC公布
CVE-2017-1000028 Oracle Glassfish目录遍历漏洞的PoC已经放出,并已被收入MS框架。攻击者可利用特定HTTP GET请求访问服务器中的敏感数据。细节可查看此处。
重要漏洞中值得关注的漏洞
Talos提出,在重要漏洞中有两个漏洞需要重点关注:CVE-2018-8200和CVE-2018-8340.
CVE-2018-8200是Device Guard的漏洞,被成功利用后可将恶意代码注入Powershell会话,并绕过Device Guard代码完整性策略。但是须将恶意代码注入可信脚本中才可进行攻击。
CVE-2018-8340则是Windows身份验证的漏洞,被成功利用后可绕过一部分身份验证因素。
漏洞详情列表
CVE | Title | Severity | Public | Exploited | XI – Latest | XI – Older | Type |
CVE-2018-8373 | Internet Explorer Memory Corruption Vulnerability | Critical | Yes | Yes | 2 | 0 | RCE |
CVE-2018-8414 | Windows Shell Remote Code Execution Vulnerability | Important | Yes | Yes | 1 | 1 | RCE |
CVE-2018-8273 | Microsoft SQL Server Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2018-8302 | Microsoft Exchange Memory Corruption Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2018-8344 | Microsoft Graphics Remote Code Execution Vulnerability | Critical | No | No | 1 | 1 | RCE |
CVE-2018-8345 | LNK Remote Code Execution Vulnerability | Critical | No | No | 1 | 1 | RCE |
CVE-2018-8350 | Windows PDF Remote Code Execution Vulnerability | Critical | No | No | 2 | N/A | RCE |
CVE-2018-8355 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A | RCE |
CVE-2018-8359 | Scripting Engine Information Disclosure Vulnerability | Critical | No | No | 1 | N/A | Info |
CVE-2018-8371 | Internet Explorer Memory Corruption Vulnerability | Critical | No | No | 1 | 1 | RCE |
CVE-2018-8372 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A | RCE |
CVE-2018-8377 | Microsoft Edge Memory Corruption Vulnerability | Critical | No | No | 2 | N/A | RCE |
CVE-2018-8380 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A | RCE |
CVE-2018-8381 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A | RCE |
CVE-2018-8384 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A | RCE |
CVE-2018-8385 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | N/A | RCE |
CVE-2018-8387 | Microsoft Edge Memory Corruption Vulnerability | Critical | No | No | 1 | N/A | RCE |
CVE-2018-8390 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 2 | N/A | RCE |
CVE-2018-8397 | GDI+ Remote Code Execution Vulnerability | Critical | No | No | N/A | 2 | RCE |
CVE-2018-8403 | Microsoft Browser Memory Corruption Vulnerability | Critical | No | No | 1 | N/A | RCE |
CVE-2018-0952 | Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2018-8200 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | Important | No | No | 2 | 2 | SFB |
CVE-2018-8204 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | Important | No | No | 2 | 2 | SFB |
CVE-2018-8253 | Cortana Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2018-8266 | Chakra Scripting Engine Memory Corruption Vulnerability | Important | No | No | 1 | N/A | RCE |
CVE-2018-8316 | Internet Explorer Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2018-8339 | Windows Installer Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2018-8340 | ADFS Security Feature Bypass Vulnerability | Important | No | No | 2 | 2 | SFB |
CVE-2018-8341 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | 2 | 2 | info |
CVE-2018-8342 | Windows NDIS Elevation of Privilege Vulnerability | Important | No | No | N/A | 2 | EoP |
CVE-2018-8343 | Windows NDIS Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2018-8346 | LNK Remote Code Execution Vulnerability | Important | No | No | N/A | 2 | RCE |
CVE-2018-8347 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
CVE-2018-8348 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2018-8349 | Microsoft COM for Windows Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2018-8351 | Microsoft Edge Information Disclosure Vulnerability | Important | No | No | 2 | N/A | Info |
CVE-2018-8353 | Scripting Engine Memory Corruption Vulnerability | Important | No | No | 1 | 1 | RCE |
CVE-2018-8357 | Internet Explorer Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2018-8358 | Microsoft Edge Information Disclosure Vulnerability | Important | No | No | 2 | N/A | Info |
CVE-2018-8360 | .NET Framework Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2018-8370 | Microsoft Edge Information Disclosure Vulnerability | Important | No | No | 2 | N/A | Info |
CVE-2018-8375 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2018-8376 | Microsoft PowerPoint Remote Code Exectuion Vulnerability | Important | No | No | 1 | 1 | RCE |
CVE-2018-8378 | Microsoft Office Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2018-8379 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | 1 | 1 | RCE |
CVE-2018-8382 | Microsoft Excel Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2018-8383 | Microsoft Edge Spoofing Vulnerability | Important | No | No | 1 | N/A | Spoof |
CVE-2018-8389 | Internet Explorer Memory Corruption Vulnerability | Important | No | No | 1 | 1 | RCE |
CVE-2018-8394 | Windows GDI Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2018-8396 | Windows GDI Information Disclosure Vulnerability | Important | No | No | N/A | 2 | Info |
CVE-2018-8398 | Windows GDI Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2018-8399 | Win32k Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2018-8400 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2018-8401 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
CVE-2018-8404 | Win32k Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
CVE-2018-8405 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
CVE-2018-8406 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
CVE-2018-8412 | Microsoft (MAU) Office Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2018-8374 | Microsoft Exchange Elevation of Privilege Vulnerability | Moderate | No | No | 3 | 3 | EoP |
CVE-2018-8388 | Microsoft Edge Elevation of Privilege Vulnerability | Low | No | No | 2 | N/A | EoP |
安全补丁应尽快更新
此次安全补丁修复的漏洞中,有几个危险性较高的漏洞已经被应用到攻击中,其他几个关键漏洞相信也会被迅速武器化,用户应及时进行安全更新做好安全防护。
参考链接
https://cxsecurity.com/issue/WLB-2018080096
https://blog.talosintelligence.com/2018/08/ms-tuesday.html
https://www.thezdi.com/blog/2018/8/14/the-august-2018-security-update-review
https://www.symantec.com/security-center/vulnerabilities/writeup/104973
https://thehackernews.com/2018/08/microsoft-patch-updates.html