¡¾Îó²îͨ¸æ¡¿Windows Wi-FiÇý¶¯³ÌÐòÔ¶³Ì´úÂëÖ´ÐÐÎó²î(CVE-2024-30078)
Ðû²¼Ê±¼ä 2024-06-17Ò»¡¢Îó²î¸ÅÊö
Îó²îÃû³Æ | Windows Wi-Fi Çý¶¯³ÌÐòÔ¶³Ì´úÂëÖ´ÐÐÎó²î | ||
CVE ID | CVE-2024-30078 | ||
Îó²îÀàÐÍ | RCE | ·¢Ã÷ʱ¼ä | 2024-06-12 |
Îó²îÆÀ·Ö | 8.8 | Îó²îÆ·¼¶ | ¸ßΣ |
¹¥»÷ÏòÁ¿ | Ïà½ü | ËùÐèȨÏÞ | ÎÞ |
ʹÓÃÄÑ¶È | µÍ | Óû§½»»¥ | ÎÞ |
PoC/EXP | δ¹ûÕæ | ÔÚҰʹÓà | δ·¢Ã÷ |
6 ÔÂ12ÈÕ£¬£¬£¬¼øºÚµ£±£Íø¼¯ÍÅVSRC¼à²âµ½Î¢Èí6ÔÂÇå¾²¸üÐÂÖÐÐÞ¸´ÁËWindows Wi-Fi Çý¶¯³ÌÐòÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2024-30078£©£¬£¬£¬ÆäCVSSÆÀ·ÖΪ8.8£¬£¬£¬¸ÃÎó²îÓ°ÏìÁË Windows ²Ù×÷ϵͳµÄËùÓÐÊÜÖ§³Ö°æ±¾¡£¡£¡£¡£¡£
Windows Wi-Fi Çý¶¯³ÌÐòÖб£´æÊäÈëÑéÖ¤²»µ±Îó²î£¬£¬£¬Î´¾Éí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉÒÔÏòʹÓÃWi-FiÍøÂçÊÊÅäÆ÷µÄÏàÁÚϵͳ/×°±¸·¢ËͶñÒâÍøÂçÊý¾Ý°ü£¬£¬£¬µ¼ÖÂÔÚÎÞÐèÓû§½»»¥µÄÇéÐÎÏÂʵÏÖÔ¶³Ì´úÂëÖ´ÐС£¡£¡£¡£¡£Ê¹ÓøÃÎó²îÐèÒª¿¿½üÄ¿µÄϵͳÀ´·¢ËͺÍÎüÊÕÎÞÏߵ紫Êä¡£¡£¡£¡£¡£
¶þ¡¢Ó°Ïì¹æÄ£
ÊÜÓ°Ïìϵͳ¼°°æ±¾ | ƽ̨ | ÊÜÓ°ÏìµÄ΢ÈíÇý¶¯³ÌÐò°æ±¾ |
Windows 10 Version 1809 | 32-bit Systems x64-based Systems ARM64-based Systems | 10.0.0 - 10.0.17763.5936֮ǰ |
Windows Server 2019 | x64-based Systems | 10.0.0 - 10.0.17763.5936֮ǰ |
Windows Server 2019 (Server Core installation) | x64-based Systems | 10.0.0 - 10.0.17763.5936֮ǰ |
Windows Server 2022 | x64-based Systems | 10.0.0 -10.0.20348.2527֮ǰ 10.0.0 - 10.0.20348.2522֮ǰ |
Windows 11 version 21H2 | x64-based Systems ARM64-based Systems | 10.0.0 - 10.0.22000.3019֮ǰ |
Windows 10 Version 21H2 | 32-bit Systems ARM64-based Systems (x64-based Systems) | 10.0.0 - 10.0.19043.4529֮ǰ |
Windows 11 version 22H2 | ARM64-based Systems x64-based Systems | 10.0.0 - 10.0.22621.3737֮ǰ |
Windows 10 Version 22H2 | x64-based Systems ARM64-based Systems 32-bit Systems | 10.0.0 - 10.0.19043.4529֮ǰ |
Windows 11 version 22H3 | ARM64-based Systems | 10.0.0 - 10.0.22631.3737֮ǰ |
Windows 11 Version 23H2 | x64-based Systems | 10.0.0 - 10.0.22631.3737֮ǰ |
Windows Server 2022¡¢23H2 Edition (Server Core installation) | x64-based Systems | 10.0.0 - 10.0.25398.950֮ǰ |
Windows 10 Version 1507 | 32-bit Systems x64-based Systems | 10.0.0 - 10.0.10240.20680֮ǰ |
Windows 10 Version 1607 | 32-bit Systems x64-based Systems | 10.0.0 - 10.0.14393.7070֮ǰ |
Windows Server 2016 | x64-based Systems | 10.0.0 - 10.0.14393.7070֮ǰ |
Windows Server 2016 (Server Core installation) | x64-based Systems | 10.0.0 -10.0.14393.7070֮ǰ |
Windows Server 2008 Service Pack 2 | 32-bit Systems | 6.0.0 - 6.0.6003.22720֮ǰ |
Windows Server 2008 Service Pack 2 (Server Core installation) | 32-bit Systems x64-based Systems | 6.0.0 - 6.0.6003.22720֮ǰ |
Windows Server 2008 Service Pack 2 | x64-based Systems | 6.0.0 - 6.0.6003.22720֮ǰ |
Windows Server 2008 R2 Service Pack 1 | x64-based Systems | 6.1.0 - 6.1.7601.27170֮ǰ |
Windows Server 2008 R2 Service Pack 1 (Server Core installation) | x64-based Systems | 6.0.0 - 6.1.7601.27170֮ǰ |
Windows Server 2012 | x64-based Systems | 6.2.0 - 6.2.9200.24919֮ǰ |
Windows Server 2012 (Server Core installation) | x64-based Systems | 6.2.0 - 6.2.9200.24919֮ǰ |
Windows Server 2012 R2 | x64-based Systems | 6.3.0 - 6.3.9600.22023֮ǰ |
Windows Server 2012 R2 (Server Core installation) | x64-based Systems | 6.3.0 - 6.3.9600.22023֮ǰ |
Èý¡¢Çå¾²²½·¥
3.1 Éý¼¶°æ±¾
΢ÈíÒÑÔÚ6Ô²¹¶¡ÈÕÖÐÐû²¼Á˸ÃÎó²îµÄÇå¾²¸üУ¬£¬£¬½¨ÒéÊÜÓ°ÏìÓû§ÊµÊ±×°Öò¹¶¡ÐÞ¸´¸ÃÎó²î¡£¡£¡£¡£¡£
£¨Ò»£© Windows Update×Ô¶¯¸üÐÂ
Microsoft UpdateĬÈÏÆôÓ㬣¬£¬µ±ÏµÍ³¼ì²âµ½¿ÉÓøüÐÂʱ£¬£¬£¬½«»á×Ô¶¯ÏÂÔØ¸üв¢ÔÚÏÂÒ»´ÎÆô¶¯Ê±×°Öᣡ£¡£¡£¡£Ò²¿ÉÑ¡Ôñͨ¹ýÒÔϰ취ÊÖ¶¯¾ÙÐиüУº
1¡¢µã»÷¡°×îÏȲ˵¥¡±»ò°´Windows¿ì½Ý¼ü£¬£¬£¬µã»÷½øÈë¡°ÉèÖá±
2¡¢Ñ¡Ôñ¡°¸üкÍÇå¾²¡±£¬£¬£¬½øÈë¡°Windows¸üС±£¨Windows 8¡¢Windows 8.1¡¢Windows Server 2012ÒÔ¼°Windows Server 2012 R2¿Éͨ¹ý¿ØÖÆÃæ°å½øÈë¡°Windows¸üС±£¬£¬£¬Ïêϸ°ì·¨Îª¡°¿ØÖÆÃæ°å¡±->¡°ÏµÍ³ºÍÇå¾²¡±->¡°Windows¸üС±£©
3¡¢Ñ¡Ôñ¡°¼ì²é¸üС±£¬£¬£¬ÆÚ´ýϵͳ×Ô¶¯¼ì²é²¢ÏÂÔØ¿ÉÓøüС£¡£¡£¡£¡£
4¡¢¸üÐÂÍê³ÉºóÖØÆôÅÌËã»ú£¬£¬£¬¿Éͨ¹ý½øÈë¡°Windows¸üС±->¡°Éó²é¸üÐÂÀúÊ·¼Í¼¡±Éó²éÊÇ·ñÀÖ³É×°ÖÃÁ˸üС£¡£¡£¡£¡£¹ØÓÚûÓÐÀÖ³É×°ÖõĸüУ¬£¬£¬¿ÉÒÔµã»÷¸Ã¸üÐÂÃû³Æ½øÈë΢Èí¹Ù·½¸üÐÂÐÎòÁ´½Ó£¬£¬£¬µã»÷×îеÄSSUÃû³Æ²¢ÔÚÐÂÁ´½ÓÖеã»÷¡°Microsoft ¸üÐÂĿ¼¡±£¬£¬£¬È»ºóÔÚÐÂÁ´½ÓÖÐÑ¡ÔñÊÊÓÃÓÚÄ¿µÄϵͳµÄ²¹¶¡¾ÙÐÐÏÂÔØ²¢×°Öᣡ£¡£¡£¡£
£¨¶þ£© ÊÖ¶¯×°ÖøüÐÂ
Microsoft¹Ù·½ÏÂÔØÏìÓ¦²¹¶¡¾ÙÐиüС£¡£¡£¡£¡£
ÏÂÔØÁ´½Ó£º
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30078
3.2 ÔÝʱ²½·¥
ÔÝÎÞ¡£¡£¡£¡£¡£
3.3 ͨÓý¨Òé
l °´ÆÚ¸üÐÂϵͳ²¹¶¡£¬£¬£¬ïÔÌϵͳÎó²î£¬£¬£¬ÌáÉýЧÀÍÆ÷µÄÇå¾²ÐÔ¡£¡£¡£¡£¡£
l ÔöǿϵͳºÍÍøÂçµÄ»á¼û¿ØÖÆ£¬£¬£¬Ð޸ķÀ»ðǽսÂÔ£¬£¬£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻòЧÀÍ£¬£¬£¬ïÔ̽«Î£ÏÕЧÀÍ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬£¬£¬ïÔ̹¥»÷Ãæ¡£¡£¡£¡£¡£
l ʹÓÃÆóÒµ¼¶Çå¾²²úÆ·£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂçÇå¾²ÐÔÄÜ¡£¡£¡£¡£¡£
l ÔöǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬ÆôÓöàÒòËØÈÏÖ¤»úÖÆºÍ×îСȨÏÞÔÔò£¬£¬£¬Óû§ºÍÈí¼þȨÏÞÓ¦¼á³ÖÔÚ×îµÍÏÞ¶È¡£¡£¡£¡£¡£
l ÆôÓÃÇ¿ÃÜÂëÕ½ÂÔ²¢ÉèÖÃΪ°´ÆÚÐ޸ġ£¡£¡£¡£¡£
3.4 ²Î¿¼Á´½Ó
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30078
https://www.cve.org/CVERecord?id=CVE-2024-30078
ËÄ¡¢°æ±¾ÐÅÏ¢
°æ±¾ | ÈÕÆÚ | ±¸×¢ |
V1.0 | 2024-06-17 | Ê×´ÎÐû²¼ |
Îå¡¢¸½Â¼
5.1 ¼øºÚµ£±£Íø¼ò½é
¼øºÚµ£±£Íø½¨ÉèÓÚ1996Ä꣬£¬£¬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ½¨ÉèµÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢Çå¾²¸ß¿Æ¼¼ÆóÒµ¡£¡£¡£¡£¡£ÊǺ£ÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢Çå¾²²úÆ·¡¢Ç徲ЧÀͽâ¾ö¼Æ»®µÄÁ캽ÆóÒµÖ®Ò»¡£¡£¡£¡£¡£
¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°¼øºÚµ£±£Íø´óÏ㬣¬£¬¹«Ë¾Ô±¹¤6000ÓàÈË£¬£¬£¬Ñз¢ÍŶÓ1200ÓàÈË, ÊÖÒÕЧÀÍÍŶÓ1300ÓàÈË¡£¡£¡£¡£¡£ÔÚÌìϸ÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬£¬£¬ÓµÓÐÁýÕÖÌìϵÄÏúÊÛϵͳ¡¢ÇþµÀϵͳºÍÊÖÒÕÖ§³Öϵͳ¡£¡£¡£¡£¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐС°å¹ÒÅÆÉÏÊС£¡£¡£¡£¡££¨¹ÉƱ´úÂ룺002439£©
¶àÄêÀ´£¬£¬£¬¼øºÚµ£±£ÍøÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷Á¢ÒìµÄÇå¾²²úÆ·ºÍ×î¼Ñʵ¼ùЧÀÍ£¬£¬£¬×ÊÖú¿Í»§ÖÜÈ«ÌáÉýÆäIT»ù´¡ÉèÊ©µÄÇå¾²ÐÔºÍÉú²úЧÄÜ£¬£¬£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Çå¾²¹¤ÒµÁì¾üÆ·ÅÆ¶ø²»Ð¸Æð¾¢¡£¡£¡£¡£¡£
5.2 ¹ØÓÚ¼øºÚµ£±£Íø
¼øºÚµ£±£ÍøÇå¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÒÑÐû²¼1000¶à¸öÎó²îͨ¸æºÍΣº¦Ô¤¾¯£¬£¬£¬ÎÒÃǽ«Ò»Á¬¸ú×ÙÈ«Çò×îеÄÍøÂçÇå¾²ÊÂÎñºÍÎó²î£¬£¬£¬ÎªÆóÒµµÄÐÅÏ¢Çå¾²±£¼Ý»¤º½¡£¡£¡£¡£¡£
¹Ø×¢ÎÒÃÇ£º