微軟12月Patch Tuesday修補逾30個安全漏洞
· 2023-12-14
一個源自於AMD晶片、已被公開的零時差漏洞CVE-2023-20588,需要更新軟體平臺才能緩解,促使微軟在12月Patch Tuesday更新了Windows
此次有兩個重大漏洞與網路連線分享(Internet Connection Sharing,ICS)有關,分別是CVE-2023-35641與CVE-2023-35630,這是Windows的內建服務,允許一臺連網電腦與其它電腦分享網路連線。這兩個漏洞都僅能攻擊與駭客處於同一網路交換器或虛擬網路的系統,駭客可藉由傳送惡意DHCP訊息至執行ICS服務的伺服器,或是變更某個輸入訊息的長度欄位選項,來觸發相關漏洞,成功的攻擊將允許駭客自遠端執行程式。
不過,ICS服務的預設值是關閉的,且不常被使用。
另一個同樣允許遠端程式攻擊的重大漏洞為CVE-2023-35628,它牽涉到Microsoft Edge的IE模式所使用的Windows MSHTML Platform,駭客可透過電子郵件傳送一個惡意連結,當受害者點選該連結之後,即可允許駭客執行任意程式。
本月微軟修補的最嚴重漏洞為CVE-2023-36019,其CVSS風險評分高達9.6,該漏洞與Microsoft Power Platform Connector有關,屬於欺騙漏洞,允許駭客將惡意的連結、應用程式或檔案偽裝成合法的以吸引受害者,最終也可導致遠端程式攻擊。
此外,CVE-2023-36019漏洞其實位在網頁伺服器上,但惡意腳本程式則是在使用者的瀏覽器上執行。
Popular articles
Brazil Proposes Raising Gambling Tax Rate to 24%, With Revenue Allocated to Social Security and Healthcare
Regulation
Kazakhstan plans to penalise online casino promotions
Regulation
UK MPs reopen 2025 gambling inquiry as reform stalls
Regulation
GAT Expo Puerto Rico Will Pulse with the New Era of Gaming in the Caribbean
Marketing
1spin4win releases unique slot Don Catleone Hold and Win featuring gangster cats
Online Game
Across 6 Cities: HUIDU Invites You to 8 World Cup Parties Redefining High-Value Social Networking
HUIDU Focus
Vietnam’s Controlled Gaming Shift Gains Ground, But Domestic Demand Still Lags
Southeast Asia
HUIDU Invites You to Booth T70 at iGB L!VE 2026 — Let’s Ignite London This July!
HUIDU Focus
Indiana online casino bill stalls in House committee
Regulation
JILI Partners with Cricket Legend AB de Villiers (ABD) to Launch Exclusive Branded Game Series 100% 11
Sports Game
New Jersey July Gambling Revenue Hits $606M, Sweeps Casinos Banned
Regulation
Are you ready to maximize your earnings? Try ProPush.me Constructor!
Marketing
Institutional Academy that exceeded expectations marked the opening of GAT CDMX
Online Game
Vietnam's tightening online gaming policy creates new market opportunities
Southeast Asia
Super PAC Raises $48 Million: Sports Betting Forces Ramp Up Political Push
Regulation
