΢Èí½ôÆÈÐÞ¸´IE¼°DefenderÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-09-24

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-1367 £¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1255 £¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


CVE-2019-1367
IE9¡¢10ºÍ11
CVE-2019-1255

Defender 1.1.16300.1


Îó²î¸ÅÊö


΢ÈíÐû²¼½ôÆÈÇå¾²¸üР£¬£¬£¬£¬£¬£¬ÐÞ¸´IEÖеÄRCE 0day¼°Windows DefenderÖеÄDoSÎó²î¡£¡£


CVE-2019-1367


´ËÎó²îÊÇÓÉInternetExplorer¾ç±¾ÒýÇæÖд¦Öóͷ£Äڴ湤¾ßµÄ·½·¨ÖеÄÄÚ´æËð»µÒýÆðµÄ¡£¡£ÒªÊ¹ÓôËÎó²î £¬£¬£¬£¬£¬£¬¹¥»÷Õß±ØÐèÖ¸µ¼Óû§·­¿ªÒѾ­ÍйÜÎó²îµÄ¶ñÒâÍøÕ¾¡£¡£Ê¹ÓôËÎó²î¿ÉÒÔµ¼Ö¹¥»÷Õß»ñµÃÓû§µÄÄ¿½ñȨÏÞ £¬£¬£¬£¬£¬£¬²¢Ö´ÐÐí§Òâ´úÂë¡£¡£ÈôÊÇÄ¿½ñÓû§ÓµÓÐÖÎÀíȨÏÞ¹¥»÷Õß¿ÉÒÔÔÚϵͳÉÏÖ´ÐÐÖݪֲÙ×÷ £¬£¬£¬£¬£¬£¬´Ó½¨Éè¾ßÓÐÍêȫȨÏÞµÄÐÂÕÊ»§µ½×°ÖóÌÐòÉõÖÁÐÞ¸ÄÊý¾Ý¡£¡£


CVE-2019-1255


´ËÎó²îÊÇWindows DefenderÖеľܾøЧÀÍÎó²î £¬£¬£¬£¬£¬£¬¸ÃÎó²îÓëDefender´¦Öóͷ£ÎļþµÄ·½·¨ÓÐ¹Ø £¬£¬£¬£¬£¬£¬¹¥»÷Õß¿ÉʹÓøÃÎó²î×èÖ¹Õýµ±ÕË»§Ö´ÐÐÕýµ±µÄϵͳÎļþ¡£¡£


Îó²îÑéÖ¤


ÔÝÎÞPOC/EXP¡£¡£ 


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î £¬£¬£¬£¬£¬£¬²¹¶¡»ñÈ¡Á´½Ó£º


https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1255?ranMID=24542&ranEAID=je6NUbpObpQ&ranSiteID=je6NUbpObpQ-FFyqiDVVceJ.9YKJh7SFaQ&epi=je6NUbpObpQ-FFyqiDVVceJ.9YKJh7SFaQ&irgwc=1&OCID=AID2000142_aff_7593_1243925&tduid=(ir__6uzmmvnfpkkfrjuzkk0sohzz0n2xgzdoytt2n2t200)(7593)(1243925)(je6NUbpObpQ-FFyqiDVVceJ.9YKJh7SFaQ)()&irclickid=_6uzmmvnfpkkfrjuzkk0sohzz0n2xgzdoytt2n2t200


https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367?ranMID=24542&ranEAID=je6NUbpObpQ&ranSiteID=je6NUbpObpQ-_818kqJ.tMcmbzNDDr5bdg&epi=je6NUbpObpQ-_818kqJ.tMcmbzNDDr5bdg&irgwc=1&OCID=AID2000142_aff_7593_1243925&tduid=(ir__6uzmmvnfpkkfrjuzkk0sohzz0n2xgzdvt1t2n2t200)(7593)(1243925)(je6NUbpObpQ-_818kqJ.tMcmbzNDDr5bdg)()&irclickid=_6uzmmvnfpkkfrjuzkk0sohzz0n2xgzdvt1t2n2t200¡£¡£


²Î¿¼Á´½Ó


https://www.zdnet.com/article/microsoft-releases-out-of-band-security-update-to-fix-ie-zero-day-defender-bug/