¡¾Îó²îͨ¸æ¡¿Windows MSHTML PlatformÇå¾²¹¦Ð§ÈƹýÎó²î£¨CVE-2023-29324£©

Ðû²¼Ê±¼ä 2023-05-12

Ò»¡¢Îó²î¸ÅÊö

CVE   ID

CVE-2023-29324

·¢Ã÷ʱ¼ä

2023-05-10

Àà    ÐÍ

Çå¾²¹¦Ð§Èƹý

µÈ    ¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

¹¥»÷ÖØƯºó

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

δ¹ûÕæ

ÔÚҰʹÓÃ

·ñ

 

Trident£¨ÓÖ³ÆMSHTML£©ÊÇ΢Èí¹«Ë¾ÎªMicrosoft Windows°æ±¾µÄInternet Explorer¿ª·¢µÄרÓÐä¯ÀÀÆ÷ÒýÇæ¡£¡£¡£¡£

5ÔÂ11ÈÕ£¬£¬£¬£¬£¬£¬£¬¼øºÚµ£±£ÍøVSRC¼à²âµ½Windows MSHTMLƽ̨Çå¾²¹¦Ð§ÈƹýÎó²î£¨CVE-2023-29324£©µÄÎó²îϸ½ÚÔÚ»¥ÁªÍøÉϹûÕæ¡£¡£¡£¡£¸ÃÎó²îµÄCVSSÆÀ·ÖΪ6.5£¬£¬£¬£¬£¬£¬£¬Î¢ÈíÒÑÔÚ5ÔÂ9ÈÕÐû²¼µÄ²¹¶¡ÖÐÐÞ¸´Á˸ÃÎó²î¡£¡£¡£¡£

¸ÃÎó²îΪ΢Èí3Ô²¹¶¡ÈÕÖÐÐÞ¸´µÄMicrosoft OutlookȨÏÞÌáÉýÎó²î£¨CVE-2023-23397£©µÄ²¹¶¡Èƹý£¬£¬£¬£¬£¬£¬£¬¸ÃÎó²îÔ´ÓÚWindows Öз¾¶µÄÖØ´ó´¦Öóͷ££¬£¬£¬£¬£¬£¬£¬Î´¾­Éí·ÝÑéÖ¤µÄÍþвÕß¿ÉÒÔʹÓøÃÎó²îÇ¿ÖÆOutlook ¿Í»§¶ËÅþÁ¬µ½ÍþвÕß¿ØÖƵÄЧÀÍÆ÷£¬£¬£¬£¬£¬£¬£¬¿ÉÄܵ¼Ö NTLM ƾ֤й¶¡£¡£¡£¡£

  

¶þ¡¢Ó°Ïì¹æÄ£

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

 

Èý¡¢Çå¾²²½·¥

3.1 Éý¼¶°æ±¾

΢ÈíÒѾ­Ðû²¼ÁËCVE-2023-23397 ºÍ CVE-2023-29324µÄÇå¾²¸üУ¬£¬£¬£¬£¬£¬£¬ÊÜÓ°ÏìÓû§Ðè×°ÖÃÕâÁ½¸öÎó²îµÄ²¹¶¡²Å»ªÊܵ½ÖÜÈ«± £»£»£»£»¤£¬£¬£¬£¬£¬£¬£¬Î¢Èí½¨Òé×°ÖýöÇå¾²¸üеÄÓû§×°ÖÃÕë¶Ô¸ÃÎó²îµÄIEÀÛ»ý¸üУ¬£¬£¬£¬£¬£¬£¬ÒÔÐÞ¸´MSHTMLƽ̨ºÍ¾ç±¾ÒýÇæÖеÄÎó²î¡£¡£¡£¡£

ÏÂÔØÁ´½Ó£º

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324

3.2 ÔÝʱ²½·¥

ÔÝÎÞ¡£¡£¡£¡£

3.3 ͨÓý¨Òé

l  °´ÆÚ¸üÐÂϵͳ²¹¶¡£¬£¬£¬£¬£¬£¬£¬ïÔ̭ϵͳÎó²î£¬£¬£¬£¬£¬£¬£¬ÌáÉýЧÀÍÆ÷µÄÇå¾²ÐÔ¡£¡£¡£¡£

l  ÔöǿϵͳºÍÍøÂçµÄ»á¼û¿ØÖÆ£¬£¬£¬£¬£¬£¬£¬Ð޸ķÀ»ðǽսÂÔ£¬£¬£¬£¬£¬£¬£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻòЧÀÍ£¬£¬£¬£¬£¬£¬£¬ïÔÌ­½«Î£ÏÕЧÀÍ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬£¬£¬£¬£¬£¬£¬ïÔÌ­¹¥»÷Ãæ¡£¡£¡£¡£

l  ʹÓÃÆóÒµ¼¶Çå¾²²úÆ·£¬£¬£¬£¬£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂçÇå¾²ÐÔÄÜ¡£¡£¡£¡£

l  ÔöǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬£¬£¬£¬£¬ÆôÓöàÒòËØÈÏÖ¤»úÖƺÍ×îСȨÏÞÔ­Ôò£¬£¬£¬£¬£¬£¬£¬Óû§ºÍÈí¼þȨÏÞÓ¦¼á³ÖÔÚ×îµÍÏ޶ȡ£¡£¡£¡£

l  ÆôÓÃÇ¿ÃÜÂëÕ½ÂÔ²¢ÉèÖÃΪ°´ÆÚÐ޸ġ£¡£¡£¡£

3.4 ²Î¿¼Á´½Ó

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324

https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api

https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-bypass-for-recently-fixed-outlook-zero-click-bug/

 

ËÄ¡¢°æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

±¸×¢

V1.0

2023-05-12

Ê×´ÎÐû²¼

 

Îå¡¢¸½Â¼

5.1 ¼øºÚµ£±£Íø¼ò½é

¼øºÚµ£±£Íø½¨ÉèÓÚ1996Ä꣬£¬£¬£¬£¬£¬£¬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ½¨ÉèµÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢Çå¾²¸ß¿Æ¼¼ÆóÒµ¡£¡£¡£¡£ÊǺ£ÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢Çå¾²²úÆ·¡¢Ç徲ЧÀͽâ¾ö¼Æ»®µÄÁ캽ÆóÒµÖ®Ò»¡£¡£¡£¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°¼øºÚµ£±£Íø´óÏ㬣¬£¬£¬£¬£¬£¬¹«Ë¾Ô±¹¤6000ÓàÈË£¬£¬£¬£¬£¬£¬£¬Ñз¢ÍŶÓ1200ÓàÈË, ÊÖÒÕЧÀÍÍŶÓ1300ÓàÈË¡£¡£¡£¡£ÔÚÌìϸ÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬£¬£¬£¬£¬£¬£¬ÓµÓÐÁýÕÖÌìϵÄÏúÊÛϵͳ¡¢ÇþµÀϵͳºÍÊÖÒÕÖ§³Öϵͳ¡£¡£¡£¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐС°å¹ÒÅÆÉÏÊС£¡£¡£¡££¨¹ÉƱ´úÂ룺002439£©

¶àÄêÀ´£¬£¬£¬£¬£¬£¬£¬¼øºÚµ£±£ÍøÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷Á¢ÒìµÄÇå¾²²úÆ·ºÍ×î¼Ñʵ¼ùЧÀÍ£¬£¬£¬£¬£¬£¬£¬×ÊÖú¿Í»§ÖÜÈ«ÌáÉýÆäIT»ù´¡ÉèÊ©µÄÇå¾²ÐÔºÍÉú²úЧÄÜ£¬£¬£¬£¬£¬£¬£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Çå¾²¹¤ÒµÁì¾üÆ·Åƶø²»Ð¸Æ𾢡£¡£¡£¡£

5.2 ¹ØÓÚ¼øºÚµ£±£Íø

¼øºÚµ£±£ÍøÇå¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÒÑÐû²¼1000¶à¸öÎó²îͨ¸æºÍΣº¦Ô¤¾¯£¬£¬£¬£¬£¬£¬£¬ÎÒÃǽ«Ò»Á¬¸ú×ÙÈ«Çò×îеÄÍøÂçÇå¾²ÊÂÎñºÍÎó²î£¬£¬£¬£¬£¬£¬£¬ÎªÆóÒµµÄÐÅÏ¢Çå¾²±£¼Ý»¤º½¡£¡£¡£¡£

¹Ø×¢ÎÒÃÇ£º

image.png