安全公告编号:CNTA-2014-0017

根据微软4月26日披露的公告称，微软Internet Explorer浏览器存在一处远程代码执行漏洞（CNVD-2014-02648，对应CVE-2014-1776），攻击者可利用漏洞发起恶意代码攻击。漏洞存在于IE6至IE11等版本的VGX.DLL中，VGX.DLL是IE中负责渲染VML的组件，该组件未对正确处理内存对象释放机制，可被利用发起基于内存释放后重用技术的攻击，且攻击代码可以绕过微软现有的ASLR和DEP安全机制。攻击者可以诱使用户访问特定构造的一个网站页面，在网站页面上放置恶意代码，从而发起大规模挂马攻击。

根据评估，受影响操作系统环境及对应IE版本较为广泛，覆盖微软多个版本操作系统，如下表所示。由于微软已经停止Windows XP的安全更新服务，因此在表中未列出，但技术分析表明Windows XP用户受样受到漏洞威胁。根据国外知名安全企业FireEye的估计，目前在互联网浏览器用户中，IE用户占比达到26.25%。

解决方案：

微软可能在下周二进行补丁更新(2014年5月13日)。一些临时解决措施有：

1. 安装增强减灾体验工具包 ( EMET 4.1)；

2. 通过更改Internet Explorer安全设置，禁用ActiveX控件和脚本；

3. 工具->Internet 选项->安全->Internet->自定义级别->脚本->禁用“活动脚本”；

4. 本地Intranet->自定义级别->脚本->禁用“活动脚本”；

5. 如果您正在使用Internet Explorer 10或更高版本，请使用增强保护模式，以防止遭受攻击；

6. 建议用户在Internet Explorer禁用Adobe Flash插件；

7. 取消注册VGX.dll文件。运行以下命令: regsvr32 -u"%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"

受影响软件及系统：

Internet Explorer 6
Windows Server 2003 Service Pack 2	Internet Explorer 6
Windows Server 2003 x64 Edition Service Pack 2	Internet Explorer 6
Windows Server 2003 with SP2 for Itanium-based Systems	Internet Explorer 6
Internet Explorer 7
Windows Server 2003 Service Pack 2	Internet Explorer 7
Windows Server 2003 x64 Edition Service Pack 2	Internet Explorer 7
Windows Server 2003 with SP2 for Itanium-based Systems	Internet Explorer 7
Windows Vista Service Pack 2	Internet Explorer 7
Windows Vista x64 Edition Service Pack 2	Internet Explorer 7
Windows Server 2008 for 32-bit Systems Service Pack 2	Internet Explorer 7
Windows Server 2008 for x64-based Systems Service Pack 2	Internet Explorer 7
Windows Server 2008 for Itanium-based Systems Service Pack 2	Internet Explorer 7
Internet Explorer 8
Windows Server 2003 Service Pack 2	Internet Explorer 8
Windows Server 2003 x64 Edition Service Pack 2	Internet Explorer 8
Windows Vista Service Pack 2	Internet Explorer 8
Windows Vista x64 Edition Service Pack 2	Internet Explorer 8
Windows Server 2008 for 32-bit Systems Service Pack 2	Internet Explorer 8
Windows Server 2008 for x64-based Systems Service Pack 2	Internet Explorer 8
Windows 7 for 32-bit Systems Service Pack 1	Internet Explorer 8
Windows 7 for x64-based Systems Service Pack 1	Internet Explorer 8
Windows Server 2008 R2 for x64-based Systems Service Pack 1	Internet Explorer 8
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1	Internet Explorer 8
Internet Explorer 9
Windows Vista Service Pack 2	Internet Explorer 9
Windows Vista x64 Edition Service Pack 2	Internet Explorer 9
Windows Server 2008 for 32-bit Systems Service Pack 2	Internet Explorer 9
Windows Server 2008 for x64-based Systems Service Pack 2	Internet Explorer 9
Windows 7 for 32-bit Systems Service Pack 1	Internet Explorer 9
Windows 7 for x64-based Systems Service Pack 1	Internet Explorer 9
Windows Server 2008 R2 for x64-based Systems Service Pack 1	Internet Explorer 9
Internet Explorer 10
Windows 7 for 32-bit Systems Service Pack 1	Internet Explorer 10
Windows 7 for x64-based Systems Service Pack 1	Internet Explorer 10
Windows Server 2008 R2 for x64-based Systems Service Pack 1	Internet Explorer 10
Windows 8 for 32-bit Systems	Internet Explorer 10
Windows 8 for x64-based Systems	Internet Explorer 10
Windows Server 2012	Internet Explorer 10
Windows RT	Internet Explorer 10
Internet Explorer 11
Windows 7 for 32-bit Systems Service Pack 1	Internet Explorer 11
Windows 7 for x64-based Systems Service Pack 1	Internet Explorer 11
Windows Server 2008 R2 for x64-based Systems Service Pack 1	Internet Explorer 11
Windows 8.1 for 32-bit Systems	Internet Explorer 11
Windows 8.1 for x64-based Systems	Internet Explorer 11
Windows Server 2012 R2	Internet Explorer 11
Windows RT 8.1	Internet Explorer 11

不受影响的软件及系统：

Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack1 (Server Core installation)

Windows Server2012 (Server Core installation)

Windows Server 2012 R2 (Server Core installation)

参考链接：

https://technet.microsoft.com/zh-cn/library/security/2963983

http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html