{"id":2467,"date":"2023-02-15T16:16:00","date_gmt":"2023-02-15T08:16:00","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=2467"},"modified":"2023-02-15T16:21:26","modified_gmt":"2023-02-15T08:21:26","slug":"%e5%be%ae%e8%bb%9f%e5%9c%a8patch-tuesday%e4%bf%ae%e8%a3%9c%e5%be%ae77%e5%80%8b%e5%ae%89%e5%85%a8%e6%bc%8f%e6%b4%9e%ef%bc%8c%e7%89%b9%e5%88%a5%e4%bf%ae%e8%a3%9c%e4%ba%86%e4%b8%89%e5%80%8b%e4%b8%8d","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=2467","title":{"rendered":"\u5fae\u8edf\u5728Patch Tuesday\u4fee\u88dc\u5fae78\u500b\u5b89\u5168\u6f0f\u6d1e\uff0c\u7279\u5225\u4fee\u88dc\u4e86\u4e09\u500b\u4e0d\u540c\u4e26\u5df2\u906d\u6feb\u7528\u7684\u96f6\u6642\u5dee\u6f0f\u6d1e"},"content":{"rendered":"\n
\"\"
Photo Credit\uff1a\uff2dicrosoft<\/figcaption><\/figure>\n\n\n\n

\u5fae\u8edf\u672c\u5468\u4e8c\uff082\/14\uff09\u7684Patch Tuesday\u5b89\u5168\u516c\u544a\uff0c\u4fee\u88dc\u4e8678\u500b\u5b89\u5168\u6f0f\u6d1e<\/a>\uff0c\u7576\u4e2d\u67099\u500b\u88ab\u5217\u70ba\u91cd\u5927\uff08Critical\uff09\u6f0f\u6d1e\uff0c\u4e26\u4fee\u88dc\u4e86\u4e09\u500b\u4e0d\u540c\u7684\u96f6\u6642\u5dee\u6f0f\u6d1e\u3002<\/p>\n\n\n\n

78\u500b\u5b89\u5168\u6f0f\u6d1e\u7684\u985e\u5225\u548c\u6578\u91cf\u5982\u4e0b\u6240:<\/p>\n\n\n\n

*12\u500b\u63d0\u6b0a (Elevation of Privilege)\u6f0f\u6d1e<\/p>\n\n\n\n

*2\u500b\u5b89\u5168\u529f\u80fd\u7e5e\u904e(Security Feature Bypass)\u6f0f\u6d1e<\/p>\n\n\n\n

*38\u500b\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c(Remote Code Execution)\u6f0f\u6d1e<\/p>\n\n\n\n

*8\u500b\u8cc7\u6599\u6d29\u9732(Information Disclosure)\u6f0f\u6d1e<\/p>\n\n\n\n

*10\u500b\u963b\u65b7\u670d\u52d9\u653b\u64ca(Denial of Service, DoS)\u6f0f\u6d1e<\/p>\n\n\n\n

*8 \u500b\u6b3a\u9a19(Spoofing)\u6f0f\u6d1e<\/p>\n\n\n\n

\u4ee5\u4e0a\u6578\u91cf\u4e0d\u5305\u62ec\u672c\u6708\u65e9\u4e9b\u6642\u5019\u4fee\u88dc\u7684\u4e09\u500b Microsoft Edge \u6f0f\u6d1e<\/p>\n\n\n\n

\u6700\u56b4\u91cd\u88ab\u6feb\u7528\u7684\u6f0f\u6d1e\u70baCVE-2023-21823<\/a>\uff0c\u9019\u662f\u4e00\u500b Windows \u5716\u5f62\u7d44\u4ef6\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c(RCE)\u6f0f\u6d1e\uff0c\u6210\u529f\u5229\u7528\u6b64\u6f0f\u6d1e\u7684\u653b\u64ca\u8005\u53ef\u4ee5\u7372\u5f97\u7cfb\u7d71(SYSTEM)\u6b0a\u9650\u3002\u5fae\u8edf\u9084\u547c\u7c72\u7279\u5225\u6ce8\u610fCVE-2023-21715<\/a>\uff0c\u9019\u662f Microsoft Publisher \u4e2d\u7684\u4e00\u500b\u529f\u80fd\u7e5e\u904e\u6f0f\u6d1e\uff1b\u548cCVE-2023-23376<\/a>\u70baWindows \u901a\u7528\u65e5\u8a8c\u6a94\u6848\u7cfb\u7d71\u9a45\u52d5\u7a0b\u5f0f\u4e2d\u7684\u7279\u6b0a\u5347\u7d1a\u6f0f\u6d1e\uff0c\u8a72\u6f0f\u6d1e\u5b58\u5728\u65bc Windows 10 \u548c 11 \u7cfb\u7d71\u4ee5\u53ca\u8a31\u591a\u4f3a\u670d\u5668\u7248\u672c\u7684 Windows \u4e2d\u3002\u9019\u4e09\u500b\u96f6\u6642\u5dee\u6f0f\u6d1e\u662f\u5fae\u8edf\u9031\u4e8c\u5728\u5176\u6708\u5ea6\u5b89\u5168\u66f4\u65b0\u4e2d\u62ab\u9732\u4e00\u90e8\u5206\u3002\u53e6\u5916\u8a72\u516c\u53f8\u5c07\u5176\u4e2d 9\u500b\u6f0f\u6d1e\u8a55\u4f30\u70ba\u91cd\u5927\u56b4\u91cd\u7a0b\u5ea6\uff0c\u5c07 66 \u500b\u6f0f\u6d1e\u8a55\u4f30\u70ba\u5c0d\u7d44\u7e54\u69cb\u6210\u91cd\u8981\uff08Important\uff09\u5a01\u8105\u3002\u5fae\u8edf\u672c\u6708\u62ab\u9732\u7684\u8fd1\u4e00\u534a\u6f0f\u6d1e (38\u500b)\u662f\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c (RCE) \u6f0f\u6d1e\uff0c\u518d\u4f86\u662f\u7279\u6b0a\u63d0\u5347\u6f0f\u6d1e\uff0c\u5176\u6b21\u662f\u963b\u65b7\u670d\u52d9\u653b\u64ca\u6f0f\u6d1e\u548c\u6b3a\u9a19\u6f0f\u6d1e\u3002<\/p>\n\n\n\n

\u96f6\u6642\u5dee\u4e09\u91cd\u594f<\/em><\/strong><\/p>\n\n\n\n

\u6839\u64da\u8da8\u52e2\u79d1\u6280<\/a> ZDI \u7684\u5a01\u8105\u610f\u8b58\u4e3b\u7ba1 Dustin Childs\uff0c\u4ed6\u8aaa\u6240\u6709\u53d7\u5230\u4e3b\u52d5\u653b\u64ca\u7684\u6f0f\u6d1e\u90fd\u4ee3\u8868\u8457\u56b4\u91cd\u7684\u98a8\u96aa\uff0c\u56e0\u70ba\u653b\u64ca\u8005\u5df2\u7d93\u5728\u6feb\u7528\u5b83\u5011\u3002\u4ed6\u9032\u4e00\u6b65\u8aaa\uff0c\u5fae\u8edf\u78ba\u5be6\u6ce8\u610f\u5230\uff0cCVE-2023-23376\u6f0f\u6d1e\u5c07\u5141\u8a31\u653b\u64ca\u8005\u5229\u7528\u7a0b\u5f0f\u78bc\u7528\u4f5c SYSTEM\uff0c\u9019\u5c07\u5141\u8a31\u4ed6\u5011\u5b8c\u5168\u63a5\u7ba1\u76ee\u6a19\u3002\u9019\u5f88\u53ef\u80fd\u8207\u9060\u7aef\u5f0f\u7a0b\u5f0f\u78bc\u57f7\u884c\u6f0f\u6d1e\u76f8\u95dc\u806f\uff0c\u4ee5\u50b3\u64ad\u60e1\u610f\u8edf\u9ad4\u6216\u52d2\u7d22\u8edf\u9ad4\u3002\u8003\u616e\u5230\u9019\u662f\u7531\u5fae\u8edf\u7684\u5a01\u8105\u60c5\u5831\u4e2d\u5fc3\u767c\u73fe\u7684\uff0c\u9019\u53ef\u80fd\u610f\u5473\u8457\u5b83\u5df2\u88abAPT\u99ed\u5ba2\u6feb\u7528\u3002<\/p>\n\n\n\n

\u53e6\u5916\uff0cCVE-2023-21823 -\u5716\u5f62\u7d44\u4ef6\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c(RCE)\u6f0f\u6d1e\uff0c \u7531\u8cc7\u5b89\u516c\u53f8 Mandiant <\/a>\u7684 Dhanesh Kizhakkinan\u3001Genwei Jiang \u548c Dhanesh Kizhakkinan \u767c\u73fe\u3002\u5fae\u8edf\u8868\u793a\uff0c\u9019\u500b\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c\u6f0f\u6d1e\u5141\u8a31\u653b\u64ca\u8005\u4ee5 SYSTEM \u6b0a\u9650\u57f7\u884c\u547d\u4ee4\u3002\u7136\u800c\u6b64\u5b89\u5168\u66f4\u65b0\u5c07\u901a\u904e Microsoft Store \u800c\u4e0d\u662f Windows Update \u63a8\u9001\u7d66\u7528\u6236\u3002\u56e0\u6b64\uff0c\u5c0d\u65bc\u90a3\u4e9b\u95dc\u9589Microsoft Store \u4e2d\u81ea\u52d5\u66f4\u65b0\u7684\u7528\u6236\uff0cMicrosoft \u4e0d\u6703\u81ea\u52d5\u63a8\u9001\u66f4\u65b0\uff0c\u7528\u6236\u9700\u624b\u52d5\u5b89\u88dd\u4fee\u88dc\u7a0b\u5f0f\u3002<\/p>\n\n\n\n

\u8cc7\u5b89\u516c\u53f8Automox <\/a>\u5efa\u8b70\u4f7f\u7528 Microsoft 365 Applications for Enterprise \u7684\u7d44\u7e54\u5728 24 \u5c0f\u6642\u5167\u4fee\u88dc CVE-2023-2175\uff0c\u201c\u9019\u500b\u6f0f\u6d1e\u662f\u4e00\u500b\u88ab\u7a4d\u6975\u5229\u7528\u7684\u96f6\u6642\u5dee\u6f0f\u6d1e\uff0c\u5141\u8a31\u653b\u64ca\u8005\u88fd\u4f5c\u4e00\u500b\u6a94\u6848\u4f86\u7e5e\u904e Office \u5b89\u5168\u529f\u80fd\uff0c\u201dAutomox \u5728\u4e00\u7bc7\u535a\u5ba2\u6587\u7ae0\u4e2d\u8aaa<\/a>\uff0c\u5b83\u5141\u8a31\u653b\u64ca\u8005\u201c\u5982\u679c\u4ed6\u5011\u53ef\u4ee5\u901a\u904e\u793e\u4ea4\u5de5\u7a0b\u5b78\u8105\u8feb\u7528\u6236\u5728\u6613\u53d7\u653b\u64ca\u7684\u8a2d\u5099\u4e0a\u4e0b\u8f09\u548c\u6253\u958b\u6a94\u6848\uff0c\u5247\u4ed6\u5011\u6709\u53ef\u80fd\u5728\u6700\u7d42\u7528\u6236\u8a2d\u5099\u4e0a\u57f7\u884c\u60e1\u610f\u7a0b\u5f0f\u78bc\u3002\u201d<\/p>\n\n\n\n

\u65b0\u7684 Exchange <\/em><\/strong>\u4f3a\u670d\u5668\u5a01\u8105<\/em><\/strong><\/p>\n\n\n\n

Tenable \u7684\u9ad8\u7d1a\u7814\u7a76\u5de5\u7a0b\u5e2b Satnam Narang \u5f37\u8abf\u4e86\u4e09\u500b Microsoft Exchange \u4f3a\u670d\u5668\u6f0f\u6d1e\uff08CVE-2023-21706<\/a>\u3001CVE-2023-21707<\/a>\u3001CVE-2023-21529<\/a>\uff09\u4f5c\u70ba\u7d44\u7e54\u61c9\u8a72\u6ce8\u610f\u7684\u554f\u984c\uff0c\u56e0\u70ba Microsoft \u5df2\u5c07\u5b83\u5011\u8b58\u5225\u70ba\u653b\u64ca\u8005\u53ef\u4ee5\u653b\u64ca\u7684\u6f0f\u6d1e\u66f4\u6709\u53ef\u80fd\u88ab\u5229\u7528\u3002Narang \u8868\u793a\uff0c\u5728\u904e\u53bb\u7684\u5e7e\u5e74\u88e1\uff0c\u4e16\u754c\u5404\u5730\u7684 Microsoft Exchange \u4f3a\u670d\u5668\u90fd\u53d7\u5230\u4e86\u591a\u500b\u6f0f\u6d1e\u7684\u6253\u64ca\uff0c\u5f9e ProxyLogon \u5230 ProxyShell\uff0c\u518d\u5230\u6700\u8fd1\u7684 ProxyNotShell\u3001OWASSRF \u548c TabeShell\u3002\u8fd1\u5e74\u4f86\uff0cExchange \u4f3a\u670d\u5668\u6f0f\u6d1e\u8fd1\u5e74\u4f86\u5df2\u6210\u70ba\u99ed\u5ba2\u7684\u5bf6\u8cb4\u5546\u54c1\uff0c\u5f37\u70c8\u5efa\u8b70\u4f9d\u8cf4Microsoft Exchange \u4f3a\u670d\u5668\u7684\u7d44\u7e54\u78ba\u4fdd\u4ed6\u5011\u5df2\u61c9\u7528Exchange \u4f3a\u670d\u5668\u7684\u6700\u65b0\u66f4\u65b0\u3002<\/p>\n\n\n\n

Microsoft PEAP <\/em><\/strong>\u4e2d\u7684 RCE <\/em><\/strong>\u6f0f\u6d1e<\/em><\/strong><\/p>\n\n\n\n

\u601d\u79d1 Talos \u5a01\u8105\u60c5\u5831\u5c0f\u7d44\u7684\u7814\u7a76\u4eba\u54e1\u6307\u51fa\uff0c\u5fae\u8edf\u53d7\u4fdd\u8b77\u7684\u53ef\u64f4\u5c55\u8eab\u4efd\u9a57\u8b49\u5354\u8b70 (PEAP) \u4e2d\u7684\u4e09\u500b RCE \u6f0f\u6d1e<\/a>\u662f\u5fae\u8edf 2023 \u5e74 2 \u6708\u5b89\u5168\u66f4\u65b0\u4e2d\u6700\u56b4\u91cd\u7684\u6f0f\u6d1e\u4e4b\u4e00\u3002<\/p>\n\n\n\n

\u9019\u4e9b\u6f0f\u6d1e\u88ab\u8ddf\u8e2a\u70baCVE-2023-21689<\/a>\u3001CVE-2023-21690<\/a>\u548cCVE-2023-21692<\/a>\uff0c\u5141\u8a31\u7d93\u904e\u8eab\u4efd\u9a57\u8b49\u7684\u653b\u64ca\u8005\u5617\u8a66\u5728\u4f3a\u670d\u5668\u5e33\u6236\u7684\u4e0a\u4e0b\u6587\u4e2d\u89f8\u767c\u60e1\u610f\u7a0b\u5f0f\u78bc\u3002<\/p>\n\n\n\n

\u64da Automox \u7a31\uff0cCVE-2023-21689 \u662f PEAP \u4e2d\u7684\u4e09\u500b\u95dc\u9375\u6f0f\u6d1e\u4e4b\u4e00\uff0c\u5b83\u5141\u8a31\u653b\u64ca\u8005\u7372\u53d6\u4f3a\u670d\u5668\u5e33\u6236\u4ee5\u901a\u904e\u7db2\u8def\u8abf\u7528\u89f8\u767c\u60e1\u610f\u7a0b\u5f0f\u78bc\u3002\u8a72\u516c\u53f8\u5728\u5176\u5e16\u5b50\u4e2d\u8868\u793a\uff1a\u201c\u7531\u65bc\u6b64\u6f0f\u6d1e\u5f88\u53ef\u80fd\u6210\u70ba\u653b\u64ca\u76ee\u6a19\uff0c\u4e26\u4e14\u653b\u64ca\u8005\u5229\u7528\u8d77\u4f86\u76f8\u5c0d\u7c21\u55ae\uff0c\u6211\u5011\u5efa\u8b70\u4fee\u88dc\u6216\u78ba\u4fdd PEAP \u672a\u5728\u60a8\u7684\u7db2\u8def\u7b56\u7565\u4e2d\u914d\u7f6e\u70ba\u5141\u8a31\u7684 EAP \u985e\u578b\u3002\u201d\u00a0Automox \u5efa\u8b70\uff0c\u53d7\u5f71\u97ff\u7684\u7d44\u7e54\u2014\u2014\u90a3\u4e9b\u64c1\u6709\u904b\u884c\u7db2\u8def\u7b56\u7565\u4f3a\u670d\u5668\u7684 Windows \u5ba2\u6236\u7aef\u4e26\u5177\u6709\u5141\u8a31 PEAP \u7684\u7b56\u7565\u7684\u7d44\u7e54\u2014\u2014\u61c9\u8a72\u5728 72\u5c0f\u6642\u5167\u4fee\u88dc\u8a72\u6f0f\u6d1e\u3002<\/p>\n\n\n\n

\u95dc\u65bc\u6bcf\u500b\u6f0f\u6d1e\u53ca\u5176\u5f71\u97ff\u7cfb\u7d71\u7684\u63cf\u8ff0\uff0c\u60a8\u53ef\u4ee5\u5728\u6b64\u8655\u67e5\u770b\u5b8c\u6574\u5831\u544a<\/a>\u3002<\/p>\n\n\n\n

\u201c\u8f49\u8cbc\u3001\u5206\u4eab\u6216\u5f15\u7528\u6587\u7ae0\u5167\u5bb9\uff0c\u8acb\u8a3b\u660e\u51fa\u8655\u70ba\u7ae3\u76df\u79d1\u6280\u00a0https:\/\/www.billows.com.tw<\/a>\u00a0, \u4ee5\u514d\u89f8\u6cd5\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

\u5fae\u8edf\u672c\u5468\u4e8c\uff082\/14\uff09\u7684Patch Tuesday\u5b89\u5168\u516c\u544a\uff0c\u4fee\u88dc\u4e8678\u500b\u5b89\u5168\u6f0f\u6d1e\uff0c\u7576\u4e2d\u67099\u500b\u88ab\u5217\u70ba\u91cd\u5927\uff08Cri READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[174],"class_list":["post-2467","post","type-post","status-publish","format-standard","hentry","category-6","tag-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2467","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2467"}],"version-history":[{"count":3,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2467\/revisions"}],"predecessor-version":[{"id":2471,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2467\/revisions\/2471"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2467"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2467"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2467"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}