关于Internet Explorer VGX.DLL远程代码执行漏洞的安全公告

2014-04-28 15:04:38

安全公告编号:CNTA-2014-0017

根据微软4月26日披露的公告称,微软Internet Explorer浏览器存在一处远程代码执行漏洞(CNVD-2014-02648,对应CVE-2014-1776),攻击者可利用漏洞发起恶意代码攻击。漏洞存在于IE6至IE11等版本的VGX.DLL中,VGX.DLL是IE中负责渲染VML的组件,该组件未对正确处理内存对象释放机制,可被利用发起基于内存释放后重用技术的攻击,且攻击代码可以绕过微软现有的ASLR和DEP安全机制。攻击者可以诱使用户访问特定构造的一个网站页面,在网站页面上放置恶意代码,从而发起大规模挂马攻击。

根据评估,受影响操作系统环境及对应IE版本较为广泛,覆盖微软多个版本操作系统,如下表所示。由于微软已经停止Windows XP的安全更新服务,因此在表中未列出,但技术分析表明Windows XP用户受样受到漏洞威胁。根据国外知名安全企业FireEye的估计,目前在互联网浏览器用户中,IE用户占比达到26.25%。


解决方案:

微软可能在下周二进行补丁更新(2014年5月13日)。一些临时解决措施有:

1. 安装增强减灾体验工具包 ( EMET 4.1);

2. 通过更改Internet Explorer安全设置,禁用ActiveX控件和脚本;

3. 工具->Internet 选项->安全->Internet->自定义级别->脚本->禁用“活动脚本”;

4. 本地Intranet->自定义级别->脚本->禁用“活动脚本”;

5. 如果您正在使用Internet Explorer 10或更高版本,请使用增强保护模式,以防止遭受攻击;

6. 建议用户在Internet Explorer禁用Adobe Flash插件;

7. 取消注册VGX.dll文件。运行以下命令: regsvr32 -u"%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"


受影响软件及系统:

Internet Explorer 6
Windows Server 2003 Service Pack 2 Internet Explorer 6
Windows Server 2003 x64 Edition Service Pack 2 Internet Explorer 6
Windows Server 2003 with SP2 for Itanium-based Systems Internet Explorer 6
Internet Explorer 7
Windows Server 2003 Service Pack 2 Internet Explorer 7
Windows Server 2003 x64 Edition Service Pack 2 Internet Explorer 7
Windows Server 2003 with SP2 for Itanium-based Systems Internet Explorer 7
Windows Vista Service Pack 2 Internet Explorer 7
Windows Vista x64 Edition Service Pack 2 Internet Explorer 7
Windows Server 2008 for 32-bit Systems Service Pack 2 Internet Explorer 7
Windows Server 2008 for x64-based Systems Service Pack 2 Internet Explorer 7
Windows Server 2008 for Itanium-based Systems Service Pack 2 Internet Explorer 7
Internet Explorer 8
Windows Server 2003 Service Pack 2 Internet Explorer 8
Windows Server 2003 x64 Edition Service Pack 2 Internet Explorer 8
Windows Vista Service Pack 2 Internet Explorer 8
Windows Vista x64 Edition Service Pack 2 Internet Explorer 8
Windows Server 2008 for 32-bit Systems Service Pack 2 Internet Explorer 8
Windows Server 2008 for x64-based Systems Service Pack 2 Internet Explorer 8
Windows 7 for 32-bit Systems Service Pack 1 Internet Explorer 8
Windows 7 for x64-based Systems Service Pack 1 Internet Explorer 8
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Internet Explorer 8
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Internet Explorer 8
Internet Explorer 9
Windows Vista Service Pack 2 Internet Explorer 9
Windows Vista x64 Edition Service Pack 2 Internet Explorer 9
Windows Server 2008 for 32-bit Systems Service Pack 2 Internet Explorer 9
Windows Server 2008 for x64-based Systems Service Pack 2 Internet Explorer 9
Windows 7 for 32-bit Systems Service Pack 1 Internet Explorer 9
Windows 7 for x64-based Systems Service Pack 1 Internet Explorer 9
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Internet Explorer 9
Internet Explorer 10
Windows 7 for 32-bit Systems Service Pack 1 Internet Explorer 10
Windows 7 for x64-based Systems Service Pack 1 Internet Explorer 10
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Internet Explorer 10
Windows 8 for 32-bit Systems Internet Explorer 10
Windows 8 for x64-based Systems Internet Explorer 10
Windows Server 2012 Internet Explorer 10
Windows RT Internet Explorer 10
Internet Explorer 11
Windows 7 for 32-bit Systems Service Pack 1 Internet Explorer 11
Windows 7 for x64-based Systems Service Pack 1 Internet Explorer 11
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Internet Explorer 11
Windows 8.1 for 32-bit Systems Internet Explorer 11
Windows 8.1 for x64-based Systems Internet Explorer 11
Windows Server 2012 R2 Internet Explorer 11
Windows RT 8.1 Internet Explorer 11

不受影响的软件及系统:

Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack1 (Server Core installation)

Windows Server2012 (Server Core installation)

Windows Server 2012 R2 (Server Core installation)


参考链接:

https://technet.microsoft.com/zh-cn/library/security/2963983

http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html