正文

【漏洞通告】Windows MSHTML 平台安全功能绕过漏洞

admin
admin V管理员 /0 评论 /86 阅读
0525
此篇文章发布距今已超过182天,您需要注意文章的内容或图片是否可用!

01 漏洞概况

MSHTML提供了一个COM接口,用于在任何支持COM的环境(如C++和.NET)中访问和编辑网页。其中存在安全功能绕过漏洞,攻击者可以利用该漏洞在绕过目标系统上的安全功能,做出规定之外的行为。

02 漏洞处置

综合处置优先级:

漏洞信息

漏洞名称

Windows MSHTML 平台安全功能绕过漏洞

漏洞编号

CVE编号

CVE-2024-30040

漏洞评估

披露时间

2024-05-14

漏洞类型

逻辑绕过

危害评级

高危

公开程度

PoC未公开

威胁类型

平台安全特性绕过漏洞

利用情报

在野利用

影响产品

产品名称

Windows MSHTML

受影响版本

Windows Server 2022,Windows Server 2022,Windows Server 2019 (Server Core installation),Windows Server 2019,Windows Server 2016,Windows 10 Version 1607 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 for 32-bit Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 23H2 for x64-based Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 11 version 21H2 for x64-based Systems,Windows Server 2022 (Server Core installation),Windows Server 2022 (Server Core installation),Windows Server 2016 (Server Core installation),Windows 10 Version 1809 for ARM64-based Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for 32-bit Systems

影响范围

广

有无修复补丁

03 漏洞排查

用户尽快排查应用系统Windows MSHTML应用版本是否在Windows Server 2022,Windows Server 2022,Windows Server 2019 (Server Core installation),Windows Server 2019,Windows Server 2016,Windows 10 Version 1607 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 for 32-bit Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 23H2 for x64-based Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 11 version 21H2 for x64-based Systems,Windows Server 2022 (Server Core installation),Windows Server 2022 (Server Core installation),Windows Server 2016 (Server Core installation),Windows 10 Version 1809 for ARM64-based Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for 32-bit Systems若存在应用使用,极大可能会受到影响

04 修复方案

    微软官方已更新受影响软件的安全补丁,用户可根据不同系统版本下载安装对应的安全补丁,安全更新链接如下:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040

05 时间线

      2024.05.14 厂商发布安全补丁
      2024.05.23 安迈信科安全运营团队发布通告
   


推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
ZhouSa.com