看好註冊表微軟Server2003潛伏重大安全缺陷
受影響的版本:
Windows Server 2003 (Internet Explorer 6.0)
漏洞觀察:
Windows Server 2003的這個漏洞會致使遠端攻擊者篡改註冊表"Shell Folders"目錄,從而無需任何登入認證,輕易獲得系統檔案夾中%USERPROFILE%文件的訪問權。
ex.) %USERPROFILE% = "C:\Documents and Settings\%USERNAME%"
詳細資料:
遠端攻擊者篡改Windows Server 2003系統註冊表中的"Shell Folders"目錄,通過"shell:[Shell Folders]\..\" 將本機文件與惡意程序連接。
[Shell Folders]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
AppData: "C:\Documents and Settings\%USERNAME%\Application Data"
Cookies: "C:\Documents and Settings\%USERNAME%\Cookies"
Desktop: "C:\Documents and Settings\%USERNAME%\Desktop"
Favorites: "C:\Documents and Settings\%USERNAME%\Favorites"
NetHood: "C:\Documents and Settings\%USERNAME%\NetHood"
Personal: "C:\Documents and Settings\%USERNAME%\My Documents"
PrintHood: "C:\Documents and Settings\%USERNAME%\PrintHood"
Recent: "C:\Documents and Settings\%USERNAME%\Recent"
SendTo: "C:\Documents and Settings\%USERNAME%\SendTo"
Start Menu: "C:\Documents and Settings\%USERNAME%\Start Menu"
Templates: "C:\Documents and Settings\%USERNAME%\Templates"
Programs: "C:\Documents and Settings\%USERNAME%\Start Menu\Programs"
Startup: "C:\Documents and Settings\%USERNAME%\Start Menu\Programs\Startup"
Local Settings: "C:\Documents and Settings\%USERNAME%\Local Settings"
Local AppData: "C:\Documents and Settings\%USERNAME%\Local Settings\Application Data"
快取: "C:\Documents and Settings\%USERNAME%\Local Settings\Temporary Internet Files"
History: "C:\Documents and Settings\%USERNAME%\Local Settings\History"
My Pictures: "C:\Documents and Settings\%USERNAME%\My Documents\My Pictures"
Fonts: "C:\WINDOWS\Fonts"
My Music: "C:\Documents and Settings\%USERNAME%\My Documents\My Music"
My Video: "C:\Documents and Settings\%USERNAME%\My Documents\My Videos"
CD Burning: "C:\Documents and Settings\%USERNAME%\Local Settings\Application
Data\Microsoft\CD Burning"
Administrative Tools: "C:\Documents and Settings\%USERNAME%\Start
Menu\Programs\Administrative Tools"
惡意程式碼示例:
**************************************************
This exploit reads %TEMP%\exploit.html.
You need to create it.
And click on the malicious link.
**************************************************
Malicious link:
<a href="shell:cache\..\..\Local Settings\Temp\exploit.html">Exploit</a>
微軟舉措:
微軟已於6月9日發佈了此漏洞公告,計劃於下一個版本的windows修正檔中增加此漏洞的修補程式。
|