¡¾Îó²îͨ¸æ¡¿Windows Wi-FiÇý¶¯³ÌÐòÔ¶³Ì´úÂëÖ´ÐÐÎó²î(CVE-2024-30078)

Ðû²¼Ê±¼ä 2024-06-17

Ò»¡¢Îó²î¸ÅÊö

Îó²îÃû³Æ

    Windows   Wi-Fi Çý¶¯³ÌÐòÔ¶³Ì´úÂëÖ´ÐÐÎó²î

CVE   ID

CVE-2024-30078

Îó²îÀàÐÍ

RCE

·¢Ã÷ʱ¼ä

2024-06-12

Îó²îÆÀ·Ö

8.8

Îó²îÆ·¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

Ïà½ü

ËùÐèȨÏÞ

ÎÞ

ʹÓÃÄѶÈ

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

δ¹ûÕæ

ÔÚҰʹÓÃ

δ·¢Ã÷

 

6 ÔÂ12ÈÕ£¬£¬£¬£¬£¬£¬Z6×ðÁú¿­Ê±¼¯ÍÅVSRC¼à²âµ½Î¢Èí6ÔÂÇå¾²¸üÐÂÖÐÐÞ¸´ÁËWindows Wi-Fi Çý¶¯³ÌÐòÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2024-30078£©£¬£¬£¬£¬£¬£¬ÆäCVSSÆÀ·ÖΪ8.8£¬£¬£¬£¬£¬£¬¸ÃÎó²îÓ°ÏìÁË Windows ²Ù×÷ϵͳµÄËùÓÐÊÜÖ§³Ö°æ±¾¡£ ¡£¡£¡£¡£

Windows Wi-Fi Çý¶¯³ÌÐòÖб£´æÊäÈëÑéÖ¤²»µ±Îó²î£¬£¬£¬£¬£¬£¬Î´¾­Éí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉÒÔÏòʹÓÃWi-FiÍøÂçÊÊÅäÆ÷µÄÏàÁÚϵͳ/×°±¸·¢ËͶñÒâÍøÂçÊý¾Ý°ü£¬£¬£¬£¬£¬£¬µ¼ÖÂÔÚÎÞÐèÓû§½»»¥µÄÇéÐÎÏÂʵÏÖÔ¶³Ì´úÂëÖ´ÐС£ ¡£¡£¡£¡£Ê¹ÓøÃÎó²îÐèÒª¿¿½üÄ¿µÄϵͳÀ´·¢ËͺÍÎüÊÕÎÞÏߵ紫Êä¡£ ¡£¡£¡£¡£

 

 

¶þ¡¢Ó°Ïì¹æÄ£

ÊÜÓ°Ïìϵͳ¼°°æ±¾

ƽ̨

ÊÜÓ°ÏìµÄ΢ÈíÇý¶¯³ÌÐò°æ±¾

Windows   10 Version 1809

32-bit   Systems

x64-based   Systems

ARM64-based   Systems

10.0.0   - 10.0.17763.5936֮ǰ

Windows   Server 2019

x64-based   Systems

10.0.0   - 10.0.17763.5936֮ǰ

Windows   Server 2019 (Server Core installation)

x64-based   Systems

10.0.0   - 10.0.17763.5936֮ǰ

Windows   Server 2022

x64-based   Systems

 10.0.0 -10.0.20348.2527֮ǰ

10.0.0   - 10.0.20348.2522֮ǰ

Windows   11 version 21H2

x64-based   Systems

ARM64-based   Systems

10.0.0   - 10.0.22000.3019֮ǰ

Windows   10 Version 21H2

32-bit   Systems

ARM64-based   Systems

(x64-based   Systems)

10.0.0   - 10.0.19043.4529֮ǰ

Windows   11 version 22H2

ARM64-based   Systems

x64-based   Systems

10.0.0   - 10.0.22621.3737֮ǰ

Windows   10 Version 22H2

x64-based   Systems

ARM64-based   Systems

32-bit   Systems

10.0.0   - 10.0.19043.4529֮ǰ

Windows   11 version 22H3

ARM64-based   Systems

10.0.0   - 10.0.22631.3737֮ǰ

Windows   11 Version 23H2

x64-based   Systems

10.0.0   - 10.0.22631.3737֮ǰ

Windows   Server 2022¡¢23H2 Edition (Server Core installation)

x64-based   Systems

10.0.0   - 10.0.25398.950֮ǰ

Windows   10 Version 1507

32-bit   Systems

x64-based   Systems

10.0.0   - 10.0.10240.20680֮ǰ

Windows   10 Version 1607

32-bit   Systems

x64-based   Systems

10.0.0   - 10.0.14393.7070֮ǰ

Windows   Server 2016

x64-based   Systems

10.0.0   - 10.0.14393.7070֮ǰ

Windows   Server 2016 (Server Core installation)

x64-based   Systems

10.0.0   -10.0.14393.7070֮ǰ

Windows   Server 2008 Service Pack 2

32-bit   Systems

6.0.0   - 6.0.6003.22720֮ǰ

Windows   Server 2008 Service Pack 2 (Server Core installation)

32-bit   Systems

x64-based   Systems

6.0.0   - 6.0.6003.22720֮ǰ

Windows   Server 2008 Service Pack 2

x64-based   Systems

6.0.0   - 6.0.6003.22720֮ǰ

Windows   Server 2008 R2 Service Pack 1

x64-based   Systems

6.1.0   - 6.1.7601.27170֮ǰ

Windows   Server 2008 R2 Service Pack 1 (Server Core installation)

x64-based   Systems

6.0.0   - 6.1.7601.27170֮ǰ

Windows   Server 2012

x64-based   Systems

6.2.0   - 6.2.9200.24919֮ǰ

Windows   Server 2012 (Server Core installation)

x64-based   Systems

6.2.0   - 6.2.9200.24919֮ǰ

Windows   Server 2012 R2

x64-based   Systems

6.3.0   - 6.3.9600.22023֮ǰ

Windows   Server 2012 R2 (Server Core installation)

x64-based   Systems

6.3.0   - 6.3.9600.22023֮ǰ

 

 


Èý¡¢Çå¾²²½·¥

3.1 Éý¼¶°æ±¾

΢ÈíÒÑÔÚ6Ô²¹¶¡ÈÕÖÐÐû²¼Á˸ÃÎó²îµÄÇå¾²¸üУ¬£¬£¬£¬£¬£¬½¨ÒéÊÜÓ°ÏìÓû§ÊµÊ±×°Öò¹¶¡ÐÞ¸´¸ÃÎó²î¡£ ¡£¡£¡£¡£

£¨Ò»£© Windows Update×Ô¶¯¸üÐÂ

Microsoft UpdateĬÈÏÆôÓ㬣¬£¬£¬£¬£¬µ±ÏµÍ³¼ì²âµ½¿ÉÓøüÐÂʱ£¬£¬£¬£¬£¬£¬½«»á×Ô¶¯ÏÂÔظüв¢ÔÚÏÂÒ»´ÎÆô¶¯Ê±×°Öᣠ¡£¡£¡£¡£Ò²¿ÉÑ¡Ôñͨ¹ýÒÔÏ°취ÊÖ¶¯¾ÙÐиüУº

1¡¢µã»÷¡°×îÏȲ˵¥¡±»ò°´Windows¿ì½Ý¼ü£¬£¬£¬£¬£¬£¬µã»÷½øÈë¡°ÉèÖá±

2¡¢Ñ¡Ôñ¡°¸üкÍÇå¾²¡±£¬£¬£¬£¬£¬£¬½øÈë¡°Windows¸üС±£¨Windows 8¡¢Windows 8.1¡¢Windows Server 2012ÒÔ¼°Windows Server 2012 R2¿Éͨ¹ý¿ØÖÆÃæ°å½øÈë¡°Windows¸üС±£¬£¬£¬£¬£¬£¬Ïêϸ°ì·¨Îª¡°¿ØÖÆÃæ°å¡±->¡°ÏµÍ³ºÍÇå¾²¡±->¡°Windows¸üС±£©

3¡¢Ñ¡Ôñ¡°¼ì²é¸üС±£¬£¬£¬£¬£¬£¬ÆÚ´ýϵͳ×Ô¶¯¼ì²é²¢ÏÂÔØ¿ÉÓøüС£ ¡£¡£¡£¡£

4¡¢¸üÐÂÍê³ÉºóÖØÆôÅÌËã»ú£¬£¬£¬£¬£¬£¬¿Éͨ¹ý½øÈë¡°Windows¸üС±->¡°Éó²é¸üÐÂÀúÊ·¼Í¼¡±Éó²éÊÇ·ñÀÖ³É×°ÖÃÁ˸üС£ ¡£¡£¡£¡£¹ØÓÚûÓÐÀÖ³É×°ÖõĸüУ¬£¬£¬£¬£¬£¬¿ÉÒÔµã»÷¸Ã¸üÐÂÃû³Æ½øÈë΢Èí¹Ù·½¸üÐÂÐÎòÁ´½Ó£¬£¬£¬£¬£¬£¬µã»÷×îеÄSSUÃû³Æ²¢ÔÚÐÂÁ´½ÓÖеã»÷¡°Microsoft ¸üÐÂĿ¼¡±£¬£¬£¬£¬£¬£¬È»ºóÔÚÐÂÁ´½ÓÖÐÑ¡ÔñÊÊÓÃÓÚÄ¿µÄϵͳµÄ²¹¶¡¾ÙÐÐÏÂÔز¢×°Öᣠ¡£¡£¡£¡£

£¨¶þ£© ÊÖ¶¯×°ÖøüÐÂ

Microsoft¹Ù·½ÏÂÔØÏìÓ¦²¹¶¡¾ÙÐиüС£ ¡£¡£¡£¡£

ÏÂÔØÁ´½Ó£º

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30078

3.2 ÔÝʱ²½·¥

ÔÝÎÞ¡£ ¡£¡£¡£¡£

3.3 ͨÓý¨Òé

l  °´ÆÚ¸üÐÂϵͳ²¹¶¡£¬£¬£¬£¬£¬£¬ïÔ̭ϵͳÎó²î£¬£¬£¬£¬£¬£¬ÌáÉýЧÀÍÆ÷µÄÇå¾²ÐÔ¡£ ¡£¡£¡£¡£

l  ÔöǿϵͳºÍÍøÂçµÄ»á¼û¿ØÖÆ£¬£¬£¬£¬£¬£¬Ð޸ķÀ»ðǽսÂÔ£¬£¬£¬£¬£¬£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻòЧÀÍ£¬£¬£¬£¬£¬£¬ïÔÌ­½«Î£ÏÕЧÀÍ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬£¬£¬£¬£¬£¬ïÔÌ­¹¥»÷Ãæ¡£ ¡£¡£¡£¡£

l  ʹÓÃÆóÒµ¼¶Çå¾²²úÆ·£¬£¬£¬£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂçÇå¾²ÐÔÄÜ¡£ ¡£¡£¡£¡£

l  ÔöǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬£¬£¬£¬ÆôÓöàÒòËØÈÏÖ¤»úÖƺÍ×îСȨÏÞÔ­Ôò£¬£¬£¬£¬£¬£¬Óû§ºÍÈí¼þȨÏÞÓ¦¼á³ÖÔÚ×îµÍÏ޶ȡ£ ¡£¡£¡£¡£

l  ÆôÓÃÇ¿ÃÜÂëÕ½ÂÔ²¢ÉèÖÃΪ°´ÆÚÐ޸ġ£ ¡£¡£¡£¡£

3.4 ²Î¿¼Á´½Ó

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30078

https://www.cve.org/CVERecord?id=CVE-2024-30078

 


ËÄ¡¢°æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

±¸×¢

V1.0

2024-06-17

Ê×´ÎÐû²¼

 

 

Îå¡¢¸½Â¼

5.1 Z6×ðÁú¿­Ê±¼ò½é

Z6×ðÁú¿­Ê±½¨ÉèÓÚ1996Ä꣬£¬£¬£¬£¬£¬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ½¨ÉèµÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢Çå¾²¸ß¿Æ¼¼ÆóÒµ¡£ ¡£¡£¡£¡£ÊǺ£ÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢Çå¾²²úÆ·¡¢Ç徲ЧÀͽâ¾ö¼Æ»®µÄÁ캽ÆóÒµÖ®Ò»¡£ ¡£¡£¡£¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°Z6×ðÁú¿­Ê±´óÏ㬣¬£¬£¬£¬£¬¹«Ë¾Ô±¹¤6000ÓàÈË£¬£¬£¬£¬£¬£¬Ñз¢ÍŶÓ1200ÓàÈË, ÊÖÒÕЧÀÍÍŶÓ1300ÓàÈË¡£ ¡£¡£¡£¡£ÔÚÌìϸ÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬£¬£¬£¬£¬£¬ÓµÓÐÁýÕÖÌìϵÄÏúÊÛϵͳ¡¢ÇþµÀϵͳºÍÊÖÒÕÖ§³Öϵͳ¡£ ¡£¡£¡£¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐС°å¹ÒÅÆÉÏÊС£ ¡£¡£¡£¡££¨¹ÉƱ´úÂ룺002439£©

¶àÄêÀ´£¬£¬£¬£¬£¬£¬Z6×ðÁú¿­Ê±ÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷Á¢ÒìµÄÇå¾²²úÆ·ºÍ×î¼Ñʵ¼ùЧÀÍ£¬£¬£¬£¬£¬£¬×ÊÖú¿Í»§ÖÜÈ«ÌáÉýÆäIT»ù´¡ÉèÊ©µÄÇå¾²ÐÔºÍÉú²úЧÄÜ£¬£¬£¬£¬£¬£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Çå¾²¹¤ÒµÁì¾üÆ·Åƶø²»Ð¸Æ𾢡£ ¡£¡£¡£¡£

5.2 ¹ØÓÚZ6×ðÁú¿­Ê±

Z6×ðÁú¿­Ê±Çå¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÒÑÐû²¼1000¶à¸öÎó²îͨ¸æºÍΣº¦Ô¤¾¯£¬£¬£¬£¬£¬£¬ÎÒÃǽ«Ò»Á¬¸ú×ÙÈ«Çò×îеÄÍøÂçÇå¾²ÊÂÎñºÍÎó²î£¬£¬£¬£¬£¬£¬ÎªÆóÒµµÄÐÅÏ¢Çå¾²±£¼Ý»¤º½¡£ ¡£¡£¡£¡£

¹Ø×¢ÎÒÃÇ£º

image.png