腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2017/05/10

Manuel Caballero @magicmac2000

[ Browser ] MS Edge - Spoofing the Malware Page was patched today *and bypassed* again. Spoof the user again! (1 byte change) ?… https://twitter.com/i/web/status/862063751742337024

" Edge 浏览器 SmartScreen 警告页欺骗，可以绕过今天的补丁： https://www.cracking.com.ar/demos/edgesmartscreen/patch-bypass-2.html "
Hossein Lotfi @hosselot

[ Browser ] Details of CVE-2016-9066 exploitation: a Cross-mmap Overflow in Firefox: https://saelo.github.io/posts/firefox-script-loader-overflow.html

" CVE-2016-9066 漏洞分析： Firefox 中的 Cross-mmap 溢出的漏洞： https://t.co/m5dtryqb9p "
David das Neves @david_das_neves

[ Conference ] Powershell Conference Europe 2017 Material #PSConfEU https://github.com/psconfeu/2017

" Powershell Conference Europe 2017 Material ： https://github.com/psconfeu/2017 "
Nicolas Krassas @Dinosn

[ Fuzzing ] Fuzzing Apache httpd server with American Fuzzy Lop + persistent mode (+2k exec/sec) https://animal0day.blogspot.co.uk/2017/05/fuzzing-apache-httpd-server-with.html

" 利用 AFL Fuzz Apache httpd server： https://animal0day.blogspot.co.uk/2017/05/fuzzing-apache-httpd-server-with.html "
Project Zero Bugs @ProjectZeroBugs

[ Mobile ] LG: Bad alloca calls in liblg_parser_mkv.so https://bugs.chromium.org/p/project-zero/issues/detail?id=1102

" Project Zero 公开了 LG Android 手机 mkvparser 的 3 个漏洞： 1） https://bugs.chromium.org/p/project-zero/issues/detail?id=1102 2） https://bugs.chromium.org/p/project-zero/issues/detail?id=1124 3） https://bugs.chromium.org/p/project-zero/issues/detail?id=1117 "
Jun LI @bravo_fighter

[ Mobile ] We have found vulnerabilities in 3G&4G cellular networks, we can reset your bank passwords by hijacking/interceptin… https://t.co/ySUPb5doHF

" 360 的研究员公开了一段视频，展示 3G&4G 蜂窝网络的漏洞，称可以劫持短信和语音呼叫： https://twitter.com/i/web/status/859617047881363456 "
Guillaume Delugré @lapinhib0u

[ Others ] IDA script for understanding ARM coprocessor instructions https://github.com/gdelugre/ida-arm-system-highlight

" ida-arm-system-highlight - 用于高亮显示并解码 ARM 系统指令的 IDA 脚本： https://github.com/gdelugre/ida-arm-system-highlight "
Matthew Risck @Mateusz_Jozef

[ Others ] DOUBLEPULSAR Usermode Analysis: Generic Reflective DLL Loader https://countercept.com/our-thinking/doublepulsar-usermode-analysis-generic-reflective-dll-loader/

" ShadowBrokers DOUBLEPULSAR 用户态 Shellcode 分析： https://countercept.com/our-thinking/doublepulsar-usermode-analysis-generic-reflective-dll-loader/ "
Nikhil Mittal @nikhil_mitt

[ Pentest ] [Blog] Abusing DNSAdmins privilege for escalation in Active Directory. #RedTeam #ActiveDirectory… https://t.co/EL13AoAzUK

" 在域环境中滥用 DNSAdmins 以实现权限提升： http://www.labofapenetrationtester.com/2017/05/abusing-dnsadmins-privilege-for-escalation-in-active-directory.html "
Threatpost @threatpost

[ SecurityReport ] Adobe patches seven critical vulnerabilities in Flash, AEM - http://bit.ly/2pvIOnM #PatchTuesday

" Adobe 发布漏洞公告，本次修复了 Flash 和 AEM 中的共 8 个漏洞，其中7个是高危漏洞： https://threatpost.com/adobe-patches-seven-critical-vulnerabilities-in-flash-aem/125539/ "
Dave dwizzzle Weston @dwizzzleMSFT

[ SecurityReport ] Windows Offensive Security Team crushing patch Tuesday again with SMB RCEs https://portal.msrc.microsoft.com/en-us/security-guidance/acknowledgments

" 微软发布本月的漏洞补丁，公告信息： https://portal.msrc.microsoft.com/en-us/security-guidance 漏洞致谢信息： https://portal.msrc.microsoft.com/en-us/security-guidance/acknowledgments "
? Benjamin Delpy @gentilkiwi

[ Tools ] Just updated #mimilib (<33k) Security Package, Password Filter, DNS Srv Plugin, DHCP Srv Callout & WindDBG extensio… https://t.co/AV0hRUIS2u

" mimilib 现已支持 DHCP Callout、DNS Plugin、Coffee 等功能： https://github.com/gentilkiwi/mimikatz/commit/22eaf29e75a0da2628991d7efdaf68563ce0b340 "
Tavis Ormandy @taviso

[ Windows ] Remotely Exploitable Type Confusion in Windows 8, 10, Windows Server and more found by @ natashenka and me https://bugs.chromium.org/p/project-zero/issues/detail?id=1252

" 关于昨天推送中提到的 Tavis 发现的"近期最严重"的漏洞。该漏洞存在于微软的反病毒引擎（MsMpEng）中，是个远程可以利用的类型混淆漏洞： https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&;desc=5 微软发布紧急补丁修复次漏洞： https://technet.microsoft.com/en-us/library/security/4022344.aspx "
FireEye @FireEye

[ Windows ] EPS processing zero-days exploited by multiple threat actors http://bddy.me/2psJFEH #Malware #0days https://t.co/yr5zq3vYLS

" 微软今天修复的漏洞中，包括 3 个已经在野外利用的 0Day，两个 Office EPS(Encapsulated PostScript) 0Day + 一个 Win32k 提权 0Day，根据这三个 0Day 释放的 Payload 信息，FireEye 怀疑和俄罗斯 Turla、APT28 有关，此次攻击的目标为欧洲外交和军事组织，来自 FireEye 的详细分析： https://www.fireeye.com/blog/threat-research/2017/05/eps-processing-zero-days.html "
James van den Berg @JamesvandenBerg

[ Windows ] #Microsoft Introducing Project #Sauron – Centralised Storage of Windows Events – Domain Controller Edition… https://t.co/IyqX6wzkRO

" Project Sauron - 索伦项目，为域环境中的 Windows 事件日志提供中心化地存储管理： https://blogs.technet.microsoft.com/russellt/2017/05/09/project-sauron-introduction/ "
Project Zero Bugs @ProjectZeroBugs

[ Windows ] MsMpEng: UIF decoder will spin forever processing sparse blocks https://bugs.chromium.org/p/project-zero/issues/detail?id=1248

" Windows 反病毒引擎 MsMpEng 除了昨天的 mpscript 漏洞，还有一个 UIF 图片解码拒绝服务漏洞： https://bugs.chromium.org/p/project-zero/issues/detail?id=1248 "

XuanwuSpider via Chromium Blog

[ Browser ] Chrome 浏览器对于扩展的处理一直有个例外情况，扩展（extensions）内嵌的 iframe 会和扩展同属一个进程，所以 iframe 的漏洞将导致特权 API 的泄露。为了解决这个问题，Chrome 56 决定将扩展内嵌 iframe 隔离到独立进程渲染： https://blog.chromium.org/2017/05/improving-extension-security-with-out.html
XuanwuSpider via Github

[ Industry News ] 比特币开源项目 Bitcoin 鼓励开发者尽快支持 libFuzzer，尽早发现安全漏洞： https://github.com/bitcoin/bitcoin/issues/10364
XuanwuSpider via mcafee

[ Vulnerability ] OpenSSL Encrypt-Then-MAC 握手协商拒绝服务漏洞（CVE-2017-3733）： https://securingtomorrow.mcafee.com/mcafee-labs/vulnerable-openssl-handshake-renegotiation-can-trigger-denial-service/

2017/05/10