Microsoft Windows NTLM凭据反射远程代码执行漏洞(MS09-013/MS09-014)

2009-04-16T00:00:00
ID SSV:5053
Type seebug
Reporter Root
Modified 2009-04-16T00:00:00

Description

BUGTRAQ ID: 34439 CVE(CAN) ID: CVE-2009-0550

Microsoft Windows是微软发布的非常流行的操作系统。

Windows的HTTP服务没有正确地实现NTLM凭据反射保护以确保用户的凭据没有被反射和使用。如果用户连接到了攻击者的WEB服务器,Windows HTTP服务处理NTLM凭据的方式存允许攻击者重放用户凭据并以登录用户的权限执行任意代码。如果用户使用管理用户权限登录,成功利用此漏洞的攻击者便可完全控制受影响的系统。

Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 5.0.1 SP4 Microsoft Windows XP x64 SP2 Microsoft Windows XP x64 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP1 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 SP1 Microsoft Windows 2000SP4 厂商补丁:

Microsoft

Microsoft已经为此发布了两个安全公告(MS09-013/MS09-014)以及相应补丁: MS09-013:Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) 链接:<a href=http://www.microsoft.com/technet/security/bulletin/MS09-013.mspx?pf=true target=_blank rel=external nofollow>http://www.microsoft.com/technet/security/bulletin/MS09-013.mspx?pf=true</a>

MS09-014:Cumulative Security Update for Internet Explorer (963027) 链接:<a href=http://www.microsoft.com/technet/security/bulletin/MS09-014.mspx?pf=true target=_blank rel=external nofollow>http://www.microsoft.com/technet/security/bulletin/MS09-014.mspx?pf=true</a>