微软多个安全漏洞(CVE-2020-1464、CVE-2020-1380、CVE-2020-1472、CVE-2020-1585、CVE-2020-1568、CVE-2020-1567、CVE-2020-1570、CVE-2020-1480、CVE-2020-1529)

来源:scanv2020.08.13

一 漏洞概述

2020年08月12日, 微软官方发布了8月份的风险通告,事件等级为严重。修复了包括2个0day在内的120个漏洞,涉及Internet、Explorer(IE)、Office、Microsoft Edge、Windows Media等众多组件和软件。值得注意的是,Windows欺骗漏洞(CVE-2020-1464)和IE脚本引擎内存破坏漏洞(CVE-2020-1380)已被检测到在野利用。具体信息如下:

windows签名验证绕过漏洞(CVE-2020-1464)

windows错误地验证文件签名时,存在一处签名验证绕过漏洞。本地攻击者通过在受影响的计算机上执行特定操作,可以绕过 Windows 签名机制加载任意危险的程序/文件。

脚本引擎内存损坏漏洞(CVE-2020-1380)

Windows 脚本引擎在 Internet Explorer 中处理内存中对象的方式中存在一处远程执行代码漏洞。远程攻击者通过创建特制页面并诱使用户使用IE打开,成功利用此漏洞的攻击者可在受影响的系统上以相同的用户权限执行任意代码。该漏洞已存在利用

NetLogon 特权提升漏洞(CVE-2020-1472)

使用 Netlogon 远程协议 (MS-NRPC) 建立与域控制器连接的 Netlogon 安全通道时,存在一处特权提升漏洞。未通过身份验证的远程攻击者可以使用 Netlogon 协议构造特制的数据包,发送至受影响的域控服务器,成功利用此漏洞的攻击者可以获取域管理员访问权限。

Windows 编码解码库远程代码执行漏洞(CVE-2020-1585)

Microsoft Windows Codecs 库处理内存中的对象时,存在一处远程执行代码漏洞。远程攻击者通过构造特制的文件并诱使用户打开,成功利用此漏洞的攻击者可以控制受影响的系统。

Microsoft Edge PDF 远程执行代码漏洞(CVE-2020-1568)

Microsoft Edge PDF 阅读器在处理内存中的对象时,存在一处远程执行代码漏洞。远程攻击者通过构造特制的PDF页面,并诱使用户使用Edge浏览器打开,成功利用此漏洞的攻击者可在受影响的系统上以相同的用户权限执行任意代码。

MSHTML引擎远程执行代码漏洞(CVE-2020-1567)

该漏洞存在于MSHTML中的VBScript中,因为对VBScript的一个回调会删除对象,而对该块空间的引用仍然保留在堆栈中,如果调用该引用,则会触发UAF,最终可以造成远程代码执行。

IE脚本引擎内存损坏漏洞(CVE-2020-1570)

该漏洞源于javascript未初始化堆栈内存,var对象通过GetValue来进行初始化,如果第二个参数为对象,则GetValue只初始化第三个参数值,造成第二个参数未初始化,最终导致远程代码执行。

Windows GDI 权限提升漏洞(CVE-2020-1480/CVE-2020-1529)

Windows 图形设备接口 (GDI) 处理内存中的对象的方式中存在特权提升漏洞。成功利用此漏洞的攻击者可以在内核模式下执行任意代码。

二 影响版本

  1. 对于编号为CVE-2020-1464的漏洞,影响范围为:

    Windows 10 for 32-bit Systems 

    Windows 10 for x64-based Systems 

    Windows 10 Version 1607 for 32-bit Systems 

    Windows 10 Version 1607 for x64-based Systems 

    Windows 10 Version 1709 for 32-bit Systems 

    Windows 10 Version 1709 for ARM64-based Systems 

    Windows 10 Version 1709 for x64-based Systems 

    Windows 10 Version 1803 for 32-bit Systems 

    Windows 10 Version 1803 for ARM64-based Systems 

    Windows 10 Version 1803 for x64-based Systems 

    Windows 10 Version 1809 for 32-bit Systems 

    Windows 10 Version 1809 for ARM64-based Systems 

    Windows 10 Version 1809 for x64-based Systems 

    Windows 10 Version 1903 for 32-bit Systems 

    Windows 10 Version 1903 for ARM64-based Systems 

    Windows 10 Version 1903 for x64-based Systems 

    Windows 10 Version 1909 for 32-bit Systems 

    Windows 10 Version 1909 for ARM64-based Systems 

    Windows 10 Version 1909 for x64-based Systems 

    Windows 10 Version 2004 for 32-bit Systems 

    Windows 10 Version 2004 for ARM64-based Systems 

    Windows 10 Version 2004 for x64-based Systems 

    Windows 7 for 32-bit Systems Service Pack 1 

    Windows 7 for x64-based Systems Service Pack 1 

    Windows 8.1 for 32-bit systems 

    Windows 8.1 for x64-based systems 

    Windows RT 8.1 

    Windows Server 2008 for 32-bit Systems Service Pack 2 

    Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 

    Windows Server 2008 for x64-based Systems Service Pack 2 

    Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 

    Windows Server 2008 R2 for x64-based Systems Service Pack 1 

    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 

    Windows Server 2012 

    Windows Server 2012 (Server Core installation) 

    Windows Server 2012 R2 

    Windows Server 2012 R2 (Server Core installation) 

    Windows Server 2016 

    Windows Server 2016 (Server Core installation) 

    Windows Server 2019 

    Windows Server 2019 (Server Core installation) 

    Windows Server, version 1903 (Server Core installation) 

    Windows Server, version 1909 (Server Core installation) 

    Windows Server, version 2004 (Server Core installation)

  2. 对于编号为CVE-2020-1380的漏洞,影响范围为:

    Internet Explorer 11

  3. 对于编号为CVE-2020-1472的漏洞,影响范围为:

    Windows Server 2008 R2 for x64-based Systems Service Pack 1 

    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 

    Windows Server 2012 

    Windows Server 2012 (Server Core installation) 

    Windows Server 2012 R2 

    Windows Server 2012 R2 (Server Core installation) 

    Windows Server 2016 

    Windows Server 2016 (Server Core installation) 

    Windows Server 2019 

    Windows Server 2019 (Server Core installation) 

    Windows Server, version 1903 (Server Core installation) 

    Windows Server, version 1909 (Server Core installation) 

    Windows Server, version 2004 (Server Core installation)

  4. 对于编号为CVE-2020-1585的漏洞,影响范围为:

    Windows 10 Version 1709 for 32-bit Systems 

    Windows 10 Version 1709 for ARM64-based Systems 

    Windows 10 Version 1709 for x64-based Systems 

    Windows 10 Version 1803 for 32-bit Systems 

    Windows 10 Version 1803 for ARM64-based Systems 

    Windows 10 Version 1803 for x64-based Systems 

    Windows 10 Version 1809 for 32-bit Systems 

    Windows 10 Version 1809 for ARM64-based Systems 

    Windows 10 Version 1809 for x64-based Systems 

    Windows 10 Version 1903 for 32-bit Systems 

    Windows 10 Version 1903 for ARM64-based Systems 

    Windows 10 Version 1903 for x64-based Systems 

    Windows 10 Version 1909 for 32-bit Systems 

    Windows 10 Version 1909 for ARM64-based Systems 

    Windows 10 Version 1909 for x64-based Systems 

    Windows 10 Version 2004 for 32-bit Systems 

    Windows 10 Version 2004 for ARM64-based Systems 

    Windows 10 Version 2004 for x64-based Systems

  5. 对于编号为CVE-2020-1568的漏洞,影响范围为:

    Microsoft Edge (EdgeHTML-based)

  6. 对于编号为CVE-2020-1567/CVE-2020-1570的漏洞,影响范围为:

    Internet Explorer 11 

    Internet Explorer 9

  7. 对于编号为CVE-2020-1480的漏洞,影响范围为:

    Windows 10 Version 1709 for 32-bit Systems

    Windows 10 Version 1709 for ARM64-based Systems

    Windows 10 Version 1709 for x64-based Systems

    Windows 10 Version 1803 for 32-bit Systems

    Windows 10 Version 1803 for ARM64-based Systems

    Windows 10 Version 1803 for x64-based Systems

    Windows 10 Version 1809 for 32-bit Systems

    Windows 10 Version 1809 for ARM64-based Systems

    Windows 10 Version 1809 for x64-based Systems

    Windows 10 Version 1903 for 32-bit Systems

    Windows 10 Version 1903 for ARM64-based Systems

    Windows 10 Version 1903 for x64-based Systems

    Windows 10 Version 1909 for 32-bit Systems

    Windows 10 Version 1909 for ARM64-based Systems

    Windows 10 Version 1909 for x64-based Systems

    Windows 10 Version 2004 for 32-bit Systems

    Windows 10 Version 2004 for ARM64-based Systems

    Windows 10 Version 2004 for x64-based Systems

    Windows Server 2019

    Windows Server 2019 (Server Core installation)

    Windows Server, version 1903 (Server Core installation)

    Windows Server, version 1909 (Server Core installation)

    Windows Server, version 2004 (Server Core installation)

  8. 对于编号为CVE-2020-1529的漏洞,影响范围为:

    Windows 10 for 32-bit Systems 

    Windows 10 for x64-based Systems 

    Windows 10 Version 1607 for 32-bit Systems 

    Windows 10 Version 1607 for x64-based Systems 

    Windows 10 Version 1709 for 32-bit Systems 

    Windows 10 Version 1709 for ARM64-based Systems 

    Windows 10 Version 1709 for x64-based Systems 

    Windows 10 Version 1803 for 32-bit Systems 

    Windows 10 Version 1803 for ARM64-based Systems 

    Windows 10 Version 1803 for x64-based Systems 

    Windows 10 Version 1809 for 32-bit Systems 

    Windows 10 Version 1809 for ARM64-based Systems 

    Windows 10 Version 1809 for x64-based Systems 

    Windows 10 Version 1903 for 32-bit Systems 

    Windows 10 Version 1903 for ARM64-based Systems 

    Windows 10 Version 1903 for x64-based Systems 

    Windows 10 Version 1909 for 32-bit Systems 

    Windows 10 Version 1909 for ARM64-based Systems 

    Windows 10 Version 1909 for x64-based Systems 

    Windows 10 Version 2004 for 32-bit Systems 

    Windows 10 Version 2004 for ARM64-based Systems 

    Windows 10 Version 2004 for x64-based Systems 

    Windows 7 for 32-bit Systems Service Pack 1 

    Windows 7 for x64-based Systems Service Pack 1 

    Windows 8.1 for 32-bit systems 

    Windows 8.1 for x64-based systems 

    Windows RT 8.1 

    Windows Server 2008 for 32-bit Systems Service Pack 2 

    Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 

    Windows Server 2008 for x64-based Systems Service Pack 2 

    Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 

    Windows Server 2008 R2 for x64-based Systems Service Pack 1 

    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 

    Windows Server 2012 

    Windows Server 2012 (Server Core installation) 

    Windows Server 2012 R2 

    Windows Server 2012 R2 (Server Core installation) 

    Windows Server 2016 

    Windows Server 2016 (Server Core installation) 

    Windows Server 2019 

    Windows Server 2019 (Server Core installation) 

    Windows Server, version 1903 (Server Core installation) 

    Windows Server, version 1909 (Server Core installation) 

    Windows Server, version 2004 (Server Core installation)

三 复现过程

四 影响范围

根据 ZoomEye 网络空间搜索引擎对关键字 “Microsoft” 进行搜索,共得到116,762,050条 IP 历史记录,主要分布在美国等国家。

五 修复建议

微软官方已经发布补丁,下载链接:

https://portal.msrc.microsoft.com/en-us/security-guidance

六 时间线

微软官方发布通告时间:2020年8月11日

知道创宇发布漏洞情报时间:2020年8月13日

七 相关链接

Microsoft:

https://portal.msrc.microsoft.com/en-us/security-guidance

ZoomEye 网络空间搜索引擎:

https://www.zoomeye.org/searchResult?q=app%3AMicrosoft

 

 

 

 

 

 

 

 

Apache Struts2远程代码执行漏洞(CVE-2019-0230)

热门搜索词

创宇盾抗D保HSTSSNI

热门文章

关注知道创宇云安全

获取安全动态