{"id":6718,"date":"2023-05-11T15:21:41","date_gmt":"2023-05-11T07:21:41","guid":{"rendered":"https:\/\/www.juejinka.com\/?p=6718"},"modified":"2023-05-11T15:21:51","modified_gmt":"2023-05-11T07:21:51","slug":"%e5%be%ae%e8%bd%af%e4%bf%ae%e8%a1%a53%e4%b8%aa%e9%9b%b6%e6%97%b6%e5%b7%ae%e6%bc%8f%e6%b4%9e%ef%bc%8c2%e4%b8%aa%e5%b7%b2%e9%81%ad%e6%94%bb%e5%87%bb","status":"publish","type":"post","link":"https:\/\/www.juejinka.com\/y\/6718.html","title":{"rendered":"\u5fae\u8f6f\u4fee\u88653\u4e2a\u96f6\u65f6\u5dee\u6f0f\u6d1e\uff0c2\u4e2a\u5df2\u906d\u653b\u51fb"},"content":{"rendered":"\n

\u5fae\u8f6f\u4e8e5\u670810\u65e5\u7684Patch Tuesday\u4fee\u8865\u4e8638\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u5305\u62ec3\u4e2a\u96f6\u65f6\u5dee\u6f0f\u6d1e\uff0c\u5f53\u4e2d\u6d89\u53caWin32k\u7684CVE-2023-29336\uff0c\u4ee5\u53ca\u4e0eSecure Boot\u5b89\u5168\u529f\u80fd\u6709\u5173\u7684CVE-2023-24932\u90fd\u5df2\u906d\u5230\u9ed1\u5ba2\u5229\u7528\uff0c\u53e6\u4e00\u4e2aWindows OLE\u8fdc\u7a0b\u7a0b\u5e8f\u653b\u51fb\u6f0f\u6d1e CVE-2023-29325\u5219\u5728\u5148\u524d\u5df2\u88ab\u516c\u5f00\uff0c\u60df\u5c1a\u672a\u5bdf\u89c9\u653b\u51fb\u884c\u52a8\u3002 \u672c\u6708\u5fae\u8f6f\u4fee\u8865\u7684\u6f0f\u6d1e\u4e2d\u67097\u4e2a\u88ab\u5217\u4e3a\u91cd\u5927\uff08Critical\uff09\u6f0f\u6d1e\uff0c\u4e0a\u8ff0\u7684CVE-2023-29325\u5373\u4e3a\u5176\u4e2d\u4e4b\u4e00\u3002<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

\u4e0eWin32k\u6709\u5173\u7684CVE-2023-29336\u5c5e\u4e8e\u6743\u9650\u6269\u5f20\u6f0f\u6d1e\uff0c\u867d\u7136\u5b83\u53ea\u88ab\u5217\u4e3a\u91cd\u8981\uff08Important\uff09\u7b49\u7ea7\uff0cCVSS\u98ce\u9669\u8bc4\u5206\u4e3a7.8\uff0c\u4f46\u6210\u529f\u7684\u653b\u51fb\u5141\u8bb8\u9ed1\u5ba2\u53d6\u5f97\u7cfb\u7edf\u6743\u9650\uff0c\u8d8b\u52bf\u79d1\u6280Zero Day Initiative\uff08ZDI\uff09\u56e2\u961f\u5219\u8bf4\uff0c\u8fd9\u7c7b\u7684\u6f0f\u6d1e\u901a\u5e38\u4f1a\u7ed3\u5408\u8fdc\u7a0b\u7a0b\u5e8f\u653b\u51fb\u6f0f\u6d1e\uff0c \u4ee5\u7528\u6765\u6563\u5e03\u6076\u610f\u7a0b\u5e8f\u3002<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

\u81f3\u4e8eCVE-2023-24932\u5219\u4e3a\u5b89\u5168\u5f00\u673a\uff08Secure Boot\uff09\u7684\u5b89\u5168\u529f\u80fd\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u6b64\u4e00\u6f0f\u6d1e\u5141\u8bb8\u9a87\u5ba2\u5728\u542f\u7528\u5b89\u5168\u5f00\u673a\u7684\u60c5\u51b5\u4e0b\uff0c\u4e8eUEFI\u7b49\u7ea7\u6267\u884c\u81ea\u6211\u7b7e\u7f72\u7684\u4ee3\u7801\uff0c\u9ed1\u5ba2\u901a\u5e38\u5229\u7528\u8fd9\u7c7b\u7684\u6f0f\u6d1e\u6765\u8eb2\u907f\u4fa6\u6d4b\u6216\u4f01\u56fe\u6c38\u4e45\u8fdb\u9a7b\u7cfb\u7edf\u3002 \u4e0d\u8fc7\uff0c\u653b\u51fb\u8be5\u6f0f\u6d1e\u7684\u524d\u63d0\u662f\u9ed1\u5ba2\u5fc5\u987b\u5b9e\u9645\u5b58\u53d6\u76ee\u6807\u88c5\u7f6e\uff0c\u6216\u662f\u53d6\u5f97\u76ee\u6807\u88c5\u7f6e\u7684\u672c\u5730\u7ba1\u7406\u6743\u9650\u3002<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

\u76ee\u524d\u5df2\u77e5\u4e13\u95e8\u7528\u6765\u653b\u51fbUEFI\u5b89\u5168\u5f00\u673a\u529f\u80fd\u7684BlackLotus bootkit\u6076\u610f\u7a0b\u5e8f\uff0c\u5df2\u5229\u7528CVE-2023-24932\u6f0f\u6d1e\u6765\u7ed5\u8fc7\u5fae\u8f6f\u4e8e\u53bb\u5e741\u6708\u6240\u4fee\u8865\u7684\u7c7b\u4f3c\u6f0f\u6d1eCVE-2022-21894\u3002<\/p>\n\n\n\n

\u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0c\u5fae\u8f6f\u51c6\u5907\u5206\u9636\u6bb5\u4fee\u8865CVE-2023-24932\uff0c\u672c\u5468\u5373\u4f7f\u5df2\u91ca\u51fa\u4fee\u8865\u7a0b\u5e8f\uff0c\u4f46\u5176\u90e8\u7f72\u9884\u8bbe\u503c\u662f\u5173\u95ed\u7684\uff0c\u4e5f\u65e0\u6cd5\u63d0\u4f9b\u4fdd\u62a4\uff0c\u56e0\u4e3a\u5fae\u8f6f\u5e0c\u671b\u7528\u6237\u8c28\u614e\u5730\u624b\u52a8\u90e8\u7f72\u6b64\u4e00\u66f4\u65b0\uff0c\u5e76\u63d0\u4f9b\u8be6\u7ec6\u7684\u90e8\u7f72\u6307\u5357; \u63a5\u7740\u5c06\u4e8e7\u670811\u65e5\u91ca\u51fa\u7b2c\u4e8c\u4e2a\u66f4\u65b0\u7248\u672c\uff0c\u4ee5\u63d0\u4f9b\u989d\u5916\u7684\u66f4\u65b0\u9009\u62e9\u5e76\u7b80\u5316\u4fdd\u62a4\u7684\u90e8\u7f72\uff0c\u660e\u5e74\u7b2c\u4e00\u5b63\u624d\u4f1a\u91ca\u51fa\u81ea\u52a8\u5316\u7684\u6b63\u5f0f\u66f4\u65b0\u3002<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

\u5fae\u8f6f\u89e3\u91ca\uff0c\u6b64\u4e00\u5b89\u5168\u5f00\u673a\u529f\u80fd\u5f97\u4ee5\u7cbe\u786e\u63a7\u5236\u64cd\u4f5c\u7cfb\u7edf\u5728\u542f\u52a8\u65f6\u6240\u52a0\u8f7d\u7684\u5f00\u673a\u5a92\u4f53\uff0c\u5018\u82e5\u672a\u80fd\u59a5\u5584\u90e8\u7f72\u66f4\u65b0\uff0c\u53ef\u80fd\u9020\u6210\u4e2d\u65ad\u800c\u65e0\u6cd5\u542f\u52a8\u7cfb\u7edf\u3002<\/p>\n\n\n\n

CVE-2023-29325\u4e3a\u5fae\u8f6f\u672c\u5468\u6240\u4fee\u8865\u7684\u96f6\u65f6\u5dee\u6f0f\u6d1e\u4e2d\u98ce\u9669\u6700\u9ad8\u7684\uff0c\u5176CVSS\u8bc4\u5206\u4e3a8.1\uff0c\u5b83\u4e3aWindows OLE\u7684\u8fdc\u7a0b\u7a0b\u5e8f\u653b\u51fb\u6f0f\u6d1e\uff0c\u867d\u7136\u662f\u4e2a\u5df2\u77e5\u6f0f\u6d1e\uff0c\u4f46\u5c1a\u672a\u906d\u5230\u9ed1\u5ba2\u5229\u7528\u3002 Windows OLE\u63d0\u4f9b\u5bf9\u8c61\u8fde\u7ed3\u4e0e\u5d4c\u5165\u529f\u80fd\uff0c\u9a87\u5ba2\u53ef\u501f\u7531\u4f20\u9001\u542b\u6709\u6076\u610f\u4e30\u5bcc\u5a92\u4f53\u5185\u5bb9\u7684\u7535\u5b50\u90ae\u4ef6\u5c55\u5f00\u653b\u51fb\uff0c\u56e0\u6b64\u5fae\u8f6f\u5efa\u8bae\u7528\u6237\u6700\u597d\u4ee5\u7eaf\u6587\u5b57\u6a21\u5f0f\u6765\u9605\u8bfb\u7535\u5b50\u90ae\u4ef6\u4ee5\u514d\u53d7\u5230\u5371\u5bb3\u3002<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

ZDI\u56e2\u961f\u63d0\u9192\uff0c\u8be5\u6f0f\u6d1e\u7684\u653b\u51fb\u5a92\u4ecb\u4e3a\u9884\u89c8\u7a97\u53e3\uff0c\u5c31\u7b97\u7528\u6237\u6ca1\u6709\u76f4\u63a5\u8bfb\u53d6\u90ae\u4ef6\u6216\u4fe1\u606f\uff0c\u800c\u53ea\u662f\u9884\u89c8\uff0c\u90fd\u6709\u53ef\u80fd\u53d7\u5bb3\u3002 \u6b64\u5916\uff0c\u5373\u4f7f\u5fae\u8f6f\u5df2\u63d0\u4f9b\u4e86\u4e0d\u4fee\u8865CVE-2023-29325\u7684\u6682\u65f6\u56e0\u5e94\u529e\u6cd5\uff0c\u4f46\u8be5\u6f0f\u6d1e\u5df2\u4e8e\u793e\u4ea4\u5a92\u4f53\u4e0a\u6380\u8d77\u4e86\u5e7f\u6cdb\u7684\u8ba8\u8bba\uff0cWindows\u7528\u6237\u6700\u597d\u8fd8\u662f\u5c3d\u5feb\u6d4b\u8bd5\u4e0e\u4fee\u8865\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"

\u5fae\u8f6f\u4e8e5\u670810\u65e5\u7684Patch Tuesday\u4fee\u8865\u4e8638\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u5305\u62ec3\u4e2a\u96f6\u65f6\u5dee\u6f0f\u6d1e\uff0c\u5f53\u4e2d\u6d89\u53caWin32k\u7684CVE-2023-29336\uff0c\u4ee5\u53ca\u4e0eSecure Boot\u5b89\u5168\u529f\u80fd\u6709\u5173\u7684…<\/p>\n","protected":false},"author":5,"featured_media":6722,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"special":[],"_links":{"self":[{"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/posts\/6718"}],"collection":[{"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/comments?post=6718"}],"version-history":[{"count":2,"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/posts\/6718\/revisions"}],"predecessor-version":[{"id":6727,"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/posts\/6718\/revisions\/6727"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/media\/6722"}],"wp:attachment":[{"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/media?parent=6718"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/categories?post=6718"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/tags?post=6718"},{"taxonomy":"special","embeddable":true,"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/special?post=6718"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}