微软发布8月份安全补丁,修复60个安全漏洞
微软在昨日例行更新中发布了8月份的安全补丁,修复了60个安全漏洞。其中有2个漏洞,CVE-2018-8414与CVE-2018-8373此前已经被武器化,应用到实际攻击中。
这次修复的安全漏洞中,有20个被标记为关键漏洞,另外40个漏洞中,38个为重要漏洞,1个为中等严重漏洞,1个为低风险漏洞。
漏洞触发方面,有29个漏洞可导致远程代码执行(RCE),其中20个关键漏洞中有19个都可导致远程代码执行。除了上述的两个漏洞外,还有几个漏洞也值得关注,分别是CVE-2018-8350,CVE-2018-8302,CVE-2018-8344、CVE-2018-8273以及CVE-2018-8373。
Adobe发布安全更新,修复11个安全漏洞
Adobe发布了8月份安全补丁,修复了11个漏洞,其中2个为关键漏洞。目前官方声称这些漏洞暂未发现被利用的迹象。
CVE-2018-8414 SettingContent-ms漏洞
此前已经有博文解释并利用过此漏洞,详情可参看此文:武器化:利用.SettingContent-ms文件执行任意代码。
官方描述为Windows Shell的漏洞,实际上是利用Windows 10控制面板快捷方式(SettingContent-ms)实施攻击。微软7月已经开始阻止在Outlook和Office 365中嵌入此类快捷方式,而在这次的更新中则彻底解决了此问题:Windows Shell在执行此类快捷方式时会验证文件路径。
同时,Adobe发布的安全补丁也可加强系统对此漏洞的防御。
CVE-2018-8373 IE漏洞
此漏洞是在7月安全补丁发布后由趋势科技安全研究员Elliot发现,与5月份修复的CVE-2018-8174类似。它利用了vbscript.dll中的UAF漏洞,当VBScript使用AssignVar为AccessArray数组元素赋值时会触发漏洞。并且近段时间不断发现此漏洞已经被应用到实际攻击中。
CVE-2018-8350 PDF RCE漏洞
当用户的默认浏览器为Edge时,仅需访问恶意网站即可触发漏洞实现远程代码执行,或者利用社工技巧使用户打开恶意的PDF文档。此漏洞产生原因是Windows PDF Library错误地处理内存中的对象,成功利用漏洞后,攻击者可获得与当前用户同等的权限。
CVE-2018-8302 Exchange Server漏洞
攻击者可通过.NET BinaryFormatter反序列化漏洞攻击Exchange Server,并以’NT AUTHORITY \ SYSTEM’权限执行代码。
利用此漏洞需要Exchange Server开启统一消息(UM)设置,虽然这个设置不是默认开启的,但是很多企业都会手动打开这个功能。攻击者可利用钓鱼攻击先攻破企业中的用户计算机,接着利用这个账户执行此攻击最终控制Exchange Server。除此之外,还可以利用用户串通,直接进行攻击并接管服务器。
此漏洞产生原因是,Exchange在收到语音邮件时会将其转换并存储在收件箱中,转换时它会读取TopNWords.Data(收件箱文件夹属性之一,存储在Exchange Server上,为公共属性,用户可通过Exchange Web服务(EWS)改变此属性),并通过.NET BinaryFormatter对它反序列化。因此攻击者可利用反序列化漏洞进行攻击。
此漏洞详情可查看Zero Day发布的安全报告了解详情。
您的浏览器不支持video标签
CVE-2018-8344 Windows字体库漏洞
Windows字体库在处理嵌入字体时存在漏洞,可导致远程代码执行。此漏洞可通过多种方式触发,例如恶意网站,广告页或钓鱼攻击中的恶意附件。
CVE-2018-8273 SQL Server漏洞
此漏洞为SQL Server中的远程代码执行漏洞,被利用后可导致在数据库中服务账户上下文执行代码。
Oracle Glassfish目录遍历漏洞PoC公布
CVE-2017-1000028 Oracle Glassfish目录遍历漏洞的PoC已经放出,并已被收入MS框架。攻击者可利用特定HTTP GET请求访问服务器中的敏感数据。细节可查看此处。
重要漏洞中值得关注的漏洞
Talos提出,在重要漏洞中有两个漏洞需要重点关注:CVE-2018-8200和CVE-2018-8340.
CVE-2018-8200是Device Guard的漏洞,被成功利用后可将恶意代码注入Powershell会话,并绕过Device Guard代码完整性策略。但是须将恶意代码注入可信脚本中才可进行攻击。
CVE-2018-8340则是Windows身份验证的漏洞,被成功利用后可绕过一部分身份验证因素。
漏洞详情列表
CVE
Title
Severity
Public
Exploited
XI – Latest
XI – Older
Type
CVE-2018-8373
Internet Explorer Memory Corruption Vulnerability
Critical
Yes
Yes
2
0
RCE
CVE-2018-8414
Windows Shell Remote Code Execution Vulnerability
Important
Yes
Yes
1
1
RCE
CVE-2018-8273
Microsoft SQL Server Remote Code Execution Vulnerability
Critical
No
No
2
2
RCE
CVE-2018-8302
Microsoft Exchange Memory Corruption Vulnerability
Critical
No
No
2
2
RCE
CVE-2018-8344
Microsoft Graphics Remote Code Execution Vulnerability
Critical
No
No
1
1
RCE
CVE-2018-8345
LNK Remote Code Execution Vulnerability
Critical
No
No
1
1
RCE
CVE-2018-8350
Windows PDF Remote Code Execution Vulnerability
Critical
No
No
2
N/A
RCE
CVE-2018-8355
Chakra Scripting Engine Memory Corruption Vulnerability
Critical
No
No
1
N/A
RCE
CVE-2018-8359
Scripting Engine Information Disclosure Vulnerability
Critical
No
No
1
N/A
Info
CVE-2018-8371
Internet Explorer Memory Corruption Vulnerability
Critical
No
No
1
1
RCE
CVE-2018-8372
Chakra Scripting Engine Memory Corruption Vulnerability
Critical
No
No
1
N/A
RCE
CVE-2018-8377
Microsoft Edge Memory Corruption Vulnerability
Critical
No
No
2
N/A
RCE
CVE-2018-8380
Chakra Scripting Engine Memory Corruption Vulnerability
Critical
No
No
1
N/A
RCE
CVE-2018-8381
Chakra Scripting Engine Memory Corruption Vulnerability
Critical
No
No
1
N/A
RCE
CVE-2018-8384
Chakra Scripting Engine Memory Corruption Vulnerability
Critical
No
No
1
N/A
RCE
CVE-2018-8385
Scripting Engine Memory Corruption Vulnerability
Critical
No
No
1
N/A
RCE
CVE-2018-8387
Microsoft Edge Memory Corruption Vulnerability
Critical
No
No
1
N/A
RCE
CVE-2018-8390
Scripting Engine Memory Corruption Vulnerability
Critical
No
No
2
N/A
RCE
CVE-2018-8397
GDI+ Remote Code Execution Vulnerability
Critical
No
No
N/A
2
RCE
CVE-2018-8403
Microsoft Browser Memory Corruption Vulnerability
Critical
No
No
1
N/A
RCE
CVE-2018-0952
Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability
Important
No
No
2
2
EoP
CVE-2018-8200
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Important
No
No
2
2
SFB
CVE-2018-8204
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Important
No
No
2
2
SFB
CVE-2018-8253
Cortana Elevation of Privilege Vulnerability
Important
No
No
2
2
EoP
CVE-2018-8266
Chakra Scripting Engine Memory Corruption Vulnerability
Important
No
No
1
N/A
RCE
CVE-2018-8316
Internet Explorer Remote Code Execution Vulnerability
Important
No
No
2
2
RCE
CVE-2018-8339
Windows Installer Elevation of Privilege Vulnerability
Important
No
No
2
2
EoP
CVE-2018-8340
ADFS Security Feature Bypass Vulnerability
Important
No
No
2
2
SFB
CVE-2018-8341
Windows Kernel Information Disclosure Vulnerability
Important
No
No
2
2
info
CVE-2018-8342
Windows NDIS Elevation of Privilege Vulnerability
Important
No
No
N/A
2
EoP
CVE-2018-8343
Windows NDIS Elevation of Privilege Vulnerability
Important
No
No
2
2
EoP
CVE-2018-8346
LNK Remote Code Execution Vulnerability
Important
No
No
N/A
2
RCE
CVE-2018-8347
Windows Kernel Elevation of Privilege Vulnerability
Important
No
No
1
1
EoP
CVE-2018-8348
Windows Kernel Information Disclosure Vulnerability
Important
No
No
2
2
Info
CVE-2018-8349
Microsoft COM for Windows Remote Code Execution Vulnerability
Important
No
No
2
2
RCE
CVE-2018-8351
Microsoft Edge Information Disclosure Vulnerability
Important
No
No
2
N/A
Info
CVE-2018-8353
Scripting Engine Memory Corruption Vulnerability
Important
No
No
1
1
RCE
CVE-2018-8357
Internet Explorer Elevation of Privilege Vulnerability
Important
No
No
2
2
EoP
CVE-2018-8358
Microsoft Edge Information Disclosure Vulnerability
Important
No
No
2
N/A
Info
CVE-2018-8360
.NET Framework Information Disclosure Vulnerability
Important
No
No
2
2
Info
CVE-2018-8370
Microsoft Edge Information Disclosure Vulnerability
Important
No
No
2
N/A
Info
CVE-2018-8375
Microsoft Excel Remote Code Execution Vulnerability
Important
No
No
2
2
RCE
CVE-2018-8376
Microsoft PowerPoint Remote Code Exectuion Vulnerability
Important
No
No
1
1
RCE
CVE-2018-8378
Microsoft Office Information Disclosure Vulnerability
Important
No
No
2
2
Info
CVE-2018-8379
Microsoft Excel Remote Code Execution Vulnerability
Important
No
No
1
1
RCE
CVE-2018-8382
Microsoft Excel Information Disclosure Vulnerability
Important
No
No
2
2
Info
CVE-2018-8383
Microsoft Edge Spoofing Vulnerability
Important
No
No
1
N/A
Spoof
CVE-2018-8389
Internet Explorer Memory Corruption Vulnerability
Important
No
No
1
1
RCE
CVE-2018-8394
Windows GDI Information Disclosure Vulnerability
Important
No
No
2
2
Info
CVE-2018-8396
Windows GDI Information Disclosure Vulnerability
Important
No
No
N/A
2
Info
CVE-2018-8398
Windows GDI Information Disclosure Vulnerability
Important
No
No
2
2
Info
CVE-2018-8399
Win32k Elevation of Privilege Vulnerability
Important
No
No
2
2
EoP
CVE-2018-8400
DirectX Graphics Kernel Elevation of Privilege Vulnerability
Important
No
No
2
2
EoP
CVE-2018-8401
DirectX Graphics Kernel Elevation of Privilege Vulnerability
Important
No
No
1
1
EoP
CVE-2018-8404
Win32k Elevation of Privilege Vulnerability
Important
No
No
1
1
EoP
CVE-2018-8405
DirectX Graphics Kernel Elevation of Privilege Vulnerability
Important
No
No
1
1
EoP
CVE-2018-8406
DirectX Graphics Kernel Elevation of Privilege Vulnerability
Important
No
No
1
1
EoP
CVE-2018-8412
Microsoft (MAU) Office Elevation of Privilege Vulnerability
Important
No
No
2
2
EoP
CVE-2018-8374
Microsoft Exchange Elevation of Privilege Vulnerability
Moderate
No
No
3
3
EoP
CVE-2018-8388
Microsoft Edge Elevation of Privilege Vulnerability
Low
No
No
2
N/A
EoP
安全补丁应尽快更新
此次安全补丁修复的漏洞中,有几个危险性较高的漏洞已经被应用到攻击中,其他几个关键漏洞相信也会被迅速武器化,用户应及时进行安全更新做好安全防护。
参考链接
https://cxsecurity.com/issue/WLB-2018080096
https://blog.talosintelligence.com/2018/08/ms-tuesday.html
https://www.thezdi.com/blog/2018/8/14/the-august-2018-security-update-review
https://www.symantec.com/security-center/vulnerabilities/writeup/104973
https://thehackernews.com/2018/08/microsoft-patch-updates.html
文章原文链接:https://www.anquanke.com/post/id/156483
