2024-12-11 | \u5468\u5cfb\u4f51<\/p>\n\n\n\n
\u672c\u9031\u5fae\u8edf\u767c\u5e0312\u6708\u4efd\u4f8b\u884c\u66f4\u65b0\uff08Patch Tuesday\uff09\u4fee\u88dc72\u500b\u6f0f\u6d1e\uff0c\u503c\u5f97\u7559\u610f\u7684\u662f\uff0c\u5176\u4e2d\u4e00\u9805Windows\u901a\u7528\u4e8b\u4ef6\u8a18\u9304\u6a94\u6848\u7cfb\u7d71\uff08CLFS\uff09\u6b0a\u9650\u63d0\u5347\u6f0f\u6d1eCVE-2024-49138\u5df2\u88ab\u7528\u65bc\u5be6\u969b\u653b\u64ca\u884c\u52d5\uff0c\u9019\u6a23\u7684\u60c5\u6cc1\u4e5f\u5f97\u5230\u7f8e\u570b\u653f\u5e9c\u8b49\u5be6\uff0c\u4e26\u8981\u6c42\u806f\u90a6\u6a5f\u69cb\u9650\u671f\u4fee\u88dc\u3002<\/p>\n\n\n\n
12\u670810\u65e5\u5fae\u8edf\u767c\u5e03\u672c\u6708\u4efd\u4f8b\u884c\u66f4\u65b0\uff08Patch Tuesday\uff09\uff0c\u7e3d\u5171\u4fee\u88dc72\u500b\u6f0f\u6d1e\uff0c\u8f03\u4e0a\u500b\u6708\u6578\u91cf\uff0889\u500b\uff09\u6709\u6240\u6e1b\u5c11\u3002\u5176\u4e2d\uff0c\u670927\u500b\u63d0\u5347\u6b0a\u9650\u6f0f\u6d1e\u300130\u500b\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c\uff08RCE\uff09\u6f0f\u6d1e\u30017\u500b\u8cc7\u8a0a\u6d29\u6f0f\u6d1e\u30015\u500b\u963b\u65b7\u670d\u52d9\uff08DoS\uff09\u6f0f\u6d1e\uff0c\u4ee5\u53ca1\u500b\u53ef\u88ab\u7528\u65bc\u8a50\u6b3a\u7684\u6f0f\u6d1e\u3002\u503c\u5f97\u7559\u610f\u7684\u662f\uff0c\u5176\u4e2d\u4e00\u500b\u6f0f\u6d1e\u5df2\u88ab\u767c\u73fe\u906d\u5230\u5229\u7528\u7684\u8de1\u8c61\u3002<\/p>\n\n\n\n
\u9019\u500b\u88ab\u7528\u65bc\u5be6\u969b\u653b\u64ca\u884c\u52d5\u7684\u6f0f\u6d1e\uff0c\u662fWindows\u901a\u7528\u4e8b\u4ef6\u8a18\u9304\u6a94\u6848\u7cfb\u7d71\uff08CLFS\uff09\u6b0a\u9650\u63d0\u5347\u6f0f\u6d1eCVE-2024-49138\uff0c\u4e00\u65e6\u906d\u5230\u5229\u7528\uff0c\u653b\u64ca\u8005\u5c31\u6709\u6a5f\u6703\u5f97\u5230SYSTEM\u6b0a\u9650\uff0cCVSS\u8a55\u5206\u70ba7.8\u3002\u7f8e\u570b\u7db2\u8def\u5b89\u5168\u66a8\u57fa\u790e\u8a2d\u65bd\u5b89\u5168\u5c40\uff08CISA\uff09\u4e5f\u5c07\u5176\u7d0d\u5165\u5df2\u906d\u5229\u7528\u7684\u6f0f\u6d1e\u540d\u518a\uff08KEV\uff09\uff0c\u8981\u6c42\u806f\u90a6\u6a5f\u69cb\u65bc12\u670831\u65e5\u524d\u5b8c\u6210\u4fee\u88dc\u3002<\/p>\n\n\n\n
\u96d6\u7136\u5fae\u8edf\u4e26\u672a\u8aaa\u660e\u9032\u4e00\u6b65\u7d30\u7bc0\uff0c\u4f46\u8cc7\u5b89\u696d\u8005Rapid7\u6307\u51fa\uff0c\u5fae\u8edf\u900f\u9732\u8a72\u6f0f\u6d1e\u7684\u5f31\u9ede\u985e\u578b\u662f\u8a18\u61b6\u9ad4\u5806\u758a\u7de9\u885d\u5340\u6ea2\u4f4d\uff08CWE-122\uff09\uff0c\u901a\u5e38\u6703\u5c0e\u81f4\u670d\u52d9\u7576\u6a5f\uff0c\u6216\u662f\u670d\u52d9\u963b\u65b7\u7684\u60c5\u6cc1\uff0c\u751a\u81f3\u6709\u6a5f\u6703\u8b93\u653b\u64ca\u8005\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc\u3002<\/p>\n\n\n\n
\u6f0f\u6d1e\u61f8\u8cde\u5c08\u6848Zero Day Initiative\uff08ZDI\uff09\u8a8d\u70ba\uff0c\u5fae\u8edf\u900f\u9732\u9019\u500b\u5f31\u9ede\u6d89\u53ca\u6b0a\u9650\u63d0\u5347\uff0c\u653b\u64ca\u8005\u5f88\u6709\u53ef\u80fd\u6703\u642d\u914d\u7a0b\u5f0f\u78bc\u57f7\u884c\u81ed\u87f2\u63a7\u5236\u6574\u500b\u7cfb\u7d71\uff0c\u800c\u9019\u6a23\u7684\u624b\u6bb5\uff0c\u5f80\u5f80\u6703\u5728\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\u6216\u662f\u7db2\u8def\u91e3\u9b5a\u653b\u64ca\u7576\u4e2d\u904b\u7528\u3002<\/p>\n\n\n\n
\u9664\u4e86\u5df2\u906d\u5229\u7528\u7684\u96f6\u6642\u5dee\u6f0f\u6d1e\uff0cRapid7\u6307\u51fa\u672c\u6b21\u516c\u5e03\u7684\u91cd\u5927\u5c64\u7d1a\u6f0f\u6d1e\u76f8\u7576\u591a\uff0c\u4e5f\u503c\u5f97\u7559\u610f\u3002\u9019\u4e9b\u5305\u542b\u98a8\u96aa\u8a55\u5206\u6700\u9ad8\u7684CVE-2024-49112\uff0c\u6b64\u6f0f\u6d1e\u51fa\u73fe\u5728LDAP\uff0cCVSS\u98a8\u96aa\u503c\u70ba9.8\u3002<\/p>\n\n\n\n
\u518d\u8005\uff0c\u6d89\u53caLSASS\u7684CVE-2024-49126\u3001Hyper-V\u5bb9\u5668\u9003\u9038\u6f0f\u6d1eCVE-2024-49117\u540c\u6a23\u503c\u5f97\u95dc\u6ce8\u3002\u5f9e\u6578\u91cf\u4f86\u770b\uff0c\u9060\u7aef\u684c\u9762\u670d\u52d9\u5b58\u572814\u500b\u91cd\u5927\u6f0f\u6d1e\uff0c\u5176\u4e2d9\u500b\u70baRCE\u6f0f\u6d1e\u3002<\/p>\n\n\n\n