第三方ANI网马补丁
[color=#0000ff]微软至今有发布关于这补丁的更新,但是网上已经有很多黑客利用此漏洞,来下载木马,病毒求援区的求助也很多是这问题更有甚者 利用此漏洞下载 比熊猫 围巾更厉害"麦英"-->
毒霸分析->[/color][url=http://vi.duba.net/index.php?CODE=02&virusid=38888&action=viewgraph][color=#0000ff]http://vi.duba.net/index.php?COD ... mp;action=viewgraph[/color][/url]
[color=#0000ff]CISRT 分析-->[/color][url=http://www.cisrt.org/blog/read.php?304][color=#0000ff]http://www.cisrt.org/blog/read.php?304[/color][/url]
[color=#0000ff]希望大家及时更新补丁,以防不必要的损失[/color]
Windows漏洞才被公布,有人已经利用这个漏洞制作出了ANI网马生成器,微软方面的补丁还未出来,请大家及时打上补丁。
第三方组织eEye Digital Security - Windows ANI Zero-Day With eEye Patch大家先打上這補丁吧!!
[img]http://cnbeta.com/images/topics/0041.gif[/img]
昨天我们报导了一个Windows .ANI动画即可将Windows Vista陷入Explorer崩溃死循环的消息,目前微软已经确认了这一问题并正在组织解决方案,但第三方的安全组织eEye却先人一步,提供了第三方补丁,这已经不是他们第一次先于微软发布补丁了,至于质量如何,大家不妨可以研究
[b]Common Name:[/b]
Windows .ANI Processing
[b]Date Disclosed:[/b]
3/28/2007
[b]Expected Patch Release:[/b]
Unknown
[b]Vendor:[/b]
Microsoft
[b]Application:[/b]
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
[b]Description:[/b]
An unspecified vulnerability exists within Microsoft Windows which may possibly allow for a remote attacker to execute arbitrary code under the context of the logged in user. This vulnerability requires user interaction by viewing a malicious Windows animated cursor (.ANI) file. .ANI files are commonly used by web developers to display custom cursor animations to enhance web-site experiences.
The most potent attack method is by embedding a malicious .ANI file within an HTML web page. Doing so allows the vulnerability to be exploited with minimal user interaction by simply coaxing a user to follow a hyperlink and visit a malicious web site. Other exploit vectors exist including Microsoft Office applications since they also rely on the same .ANI processing code, making e-mail delivery also a potent threat by using Microsoft Office attachments.
Since .ANI processing is performed by USER32.dll and not the attack vector application itself, all attack vectors have the potential to use a similar exploit with similar address offsets targeted at Windows directly, allowing for a very reliable exploit.
[b]NOTE: [/b]This advisory information is gathered from the references below. eEye Research is currently researching the cause of the vulnerability and trying to identify other vulnerable and will update this ZDT entry as more information becomes available.
[b]Severity:[/b]
High
[b]Code Execution:[/b]
Yes
[b]Impact:[/b]
[b]Arbitrary code execution under the context of the logged in user[/b]
A web browser remote code execution vulnerability has a very high impact since the source of the malicious payload can be any site on the Internet. An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with Administrator credentials. Exploitation impact can vary from the reported trojan installation to full system compromise by coupling this attack with a privilege escalation vulnerability to acquire SYSTEM access.
[b]Mitigation:[/b]
eEye Digital Security's Research Team has released a workaround for the zero-day vulnerability as a temporary measure for customers who have not yet installed Blink. Blink generically protects from this and other vulnerabilities without the need for updating and is [url=http://www.eeye.com/html/products/blink/neighborhoodwatch/index.html][color=#2f5fa1]available for free[/color][/url] for personal use on all affected platforms except for Vista. This workaround is not meant to replace the forthcoming Microsoft patch, but rather as a temporary mitigation against this flaw.
The temporary patch mitigates this vulnerability by preventing cursors from being loaded outside of %SystemRoot%. This disallows websites from loading their own, potentially malicious animated icons, while causing little to no business disruption on hosts with the patch installed.
Organizations that choose to employ this workaround should take the steps required to uninstall it once the official Microsoft patch is released. More information regarding installation and uninstallation is available in the patch installer. Please note that at this time this workaround supports all affected platforms except for x64 and Itanium architectures.
Patch Location: [url=http://www.eeye.com/html/research/tools/WindowsANIZeroDayPatchSetup.exe][color=#2f5fa1]点击下载![/color][/url]
Patch Version: 1.0
[color=#0000ff]如果无法下载国外网站的补丁,可以下载本帖附件。-[/color]
页:
[1]