IE紧急安全补丁KB960714 这个远程代码执行漏洞最初是在IE7上被发现的,不过随后证实所有版本存都在这一威胁,从Windows 2000 SP4上的IE5.01到最新的IE8 Beta 2测试版均难以逃脱,而且全部属于最高的严重级。 更严重的是,漏洞曝光后当天就有攻击代码出现,而且迅速传播,现在已经侵犯了成百上千万的网站,用户一旦访问不管是否执行下载都会被感染,然后拱手交出系统控制权。种种这一切都迫使微软不得不提前26天放出修复补丁。 鉴于问题的严重性,强烈建议所有Windows用户打开自动更新来安装这个补丁,或者在微软网站手动选择合适的版本下载并安装。 相关知识库文章KB980714: http://support.microsoft.com/?kbid=960714 4种方法暂时屏蔽IE最新0day IE 最新 0day 波及了微软全线系统,目前暂时没有补丁。微软于近日发布了一份安全通报,指导您如何暂时屏蔽此漏洞。 漏洞出在 OLEDB32.dll 这个文件上。所以我们的目的就是屏蔽这个文件。对此,微软连出了4个杀手锏: 1. SACL 法(仅适用于 Vista) [Unicode] Unicode=yes [Version] signature="$CHICAGO$" Revision=1 [File Security] "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll",2,"S:(ML;;NWNRNX;;;ME)" 将以上内容保存为 BlockAccess_x86.inf 然后在命令提示符里执行 SecEdit /configure /db BlockAccess.sdb /cfg 其中 2. 禁用 Row Position 功能法 HKEY_CLASSES_ROOT\CLSID\{2048EEE6-7FA2-11D0-9E6A-00A0C9138C29} 打开注册表编辑器,将此键删除即可。 3. 取消 DLL 注册法 在命令提示符中输入 Regsvr32.exe /u "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll" 即可 4. 权限设置法 在命令提示符中输入 cacls "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll" /E /P everyone:N Vista 系统则需要输入3个命令: takeown /f "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll" icacls "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll" /save %TEMP%\oledb32.32.dll.TXT icacls "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll" /deny everyone:(F) 其中第一种方法影响最小(只影响 IE 对此 DLL 的访问)。 附:此漏洞影响的系统、软件列表 Windows Internet Explorer 7 Windows Internet Explorer 7 for Windows XP Windows Internet Explorer 7 for Windows Server 2003 Windows Internet Explorer 7 for Windows Server 2003 IA64 Windows Internet Explorer 7 in Windows Vista Windows Internet Explorer 8 Beta Microsoft Internet Explorer 6.0 Service Pack 2 Microsoft Internet Explorer 6.0 Service Pack 1 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 5.01 Service Pack 4 Windows Server 2008 Datacenter without Hyper-V Windows Server 2008 Enterprise without Hyper-V Windows Server 2008 for Itanium-Based Systems Windows Server 2008 Standard without Hyper-V Windows Server 2008 Datacenter Windows Server 2008 Enterprise Windows Server 2008 Standard Windows Web Server 2008 Windows Vista Service Pack 1, when used with: Windows Vista Business Windows Vista Enterprise Windows Vista Home Basic Windows Vista Home Premium Windows Vista Starter Windows Vista Ultimate Windows Vista Enterprise 64-bit Edition Windows Vista Home Basic 64-bit Edition Windows Vista Home Premium 64-bit Edition Windows Vista Ultimate 64-bit Edition Windows Vista Business 64-bit Edition Microsoft Windows Server 2003 Service Pack 1, when used with: Microsoft Windows Server 2003, Standard Edition (32-bit x86) Microsoft Windows Server 2003, Enterprise Edition (32-bit x86) Microsoft Windows Server 2003, Datacenter Edition (32-bit x86) Microsoft Windows Server 2003, Web Edition Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems Microsoft Windows Server 2003, Datacenter x64 Edition Microsoft Windows Server 2003, Enterprise x64 Edition Microsoft Windows Server 2003, Standard x64 Edition Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 Service Pack 2, when used with: Microsoft Windows Server 2003, Standard Edition (32-bit x86) Microsoft Windows Server 2003, Enterprise Edition (32-bit x86) Microsoft Windows Server 2003, Datacenter Edition (32-bit x86) Microsoft Windows Server 2003, Web Edition Microsoft Windows Server 2003, Datacenter x64 Edition Microsoft Windows Server 2003, Enterprise x64 Edition Microsoft Windows Server 2003, Standard x64 Edition Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems Microsoft Windows XP Service Pack 2, when used with: Microsoft Windows XP Home Edition Microsoft Windows XP Professional Microsoft Windows XP Service Pack 3, when used with: Microsoft Windows XP Home Edition Microsoft Windows XP Professional 对于非 x86 系统请参考微软安全通报自行操作。 |
|小黑屋|最新主题|手机版|微赢网络技术论坛 ( 苏ICP备08020429号 )
GMT+8, 2024-9-30 21:28 , Processed in 0.221167 second(s), 12 queries , Gzip On, MemCache On.
Powered by Discuz! X3.5
© 2001-2023 Discuz! Team.