{"id":10171,"date":"2014-10-16T15:54:13","date_gmt":"2014-10-16T07:54:13","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=10171"},"modified":"2014-10-22T20:06:06","modified_gmt":"2014-10-22T12:06:06","slug":"%e5%be%ae%e8%bb%9f-windows-%e4%bd%9c%e6%a5%ad%e7%b3%bb%e7%b5%b1%e9%9b%b6%e6%99%82%e5%b7%ae%e5%bc%b1%e9%bb%9e-cve-2014-4114%e8%a2%ab%e7%94%a8%e4%be%86%e5%be%9e%e4%ba%8b%e7%b6%b2%e8%b7%af%e9%96%93","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=10171","title":{"rendered":"Windows \u96f6\u6642\u5dee\u5f31\u9ede CVE-2014-4114,\u88ab\u7528\u4f86\u5f9e\u4e8b\u7db2\u8def\u9593\u8adc\u6d3b\u52d5 ,\u5225\u8f15\u6613\u958b\u555f\u964c\u751f\u4eba\u5bc4\u4f86\u7684PowerPoint\u6a94\u6848"},"content":{"rendered":"<table  class=\" table table-hover\" width=\"650\">\n<tbody>\n<tr>\n<td>\u66f4\u65b0:<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=10209\">\u3010\u65b0\u805e\u5feb\u8a0a\u3011\u5fae\u8edfCVE-2014-4114 PPTX\/PPSX \u96f6\u6642\u5dee\u653b\u64ca \u5df2\u73fe\u8eab\u53f0\u7063<\/a><\/p>\n<p><strong>\u5fae\u8edf Windows \u4f5c\u696d\u7cfb\u7d71\u96f6\u6642\u5dee\u5f31\u9ede CVE-2014-4114<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>\u00a0<a href=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2014\/02\/weak.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-7383\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2014\/02\/weak.jpg\" alt=\"\u6f0f\u6d1e \u5f31\u9ede\u653b\u64ca\" width=\"1255\" height=\"750\" \/><\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>\u5fae\u8edf\u5728\u9031\u4e8c\u767c\u5e03\u7684\u4f8b\u884c\u6027\u5b89\u5168\u516c\u544a\uff0c\u5176\u4e2d\u7531 iSights \u6240\u767c\u73fe\u7684\u96f6\u6642\u5dee\u6f0f\u6d1e CVE-2014-4114\uff0c\u6b64\u6f0f\u6d1e\u5f71\u97ff Vista \u4e4b\u5f8c\u6240\u6709\u7248\u672c\u7684 Windows\u4f5c\u696d\u7cfb\u7d71 \u8207 Windows Server 2008\u53ca2012\u3002\u64da\u8da8\u52e2\u79d1\u6280\u8abf\u67e5\u986f\u793a\uff0c\u4e00\u500b\u4fc4\u7f85\u65af\u7684\u99ed\u5ba2\u5718\u9ad4\u5df2\u900f\u904e\u6b64\u4e00\u6f0f\u6d1e\u4f86\u767c\u52d5\u653b\u64ca\u6d3b\u52d5(Sandworm) \uff0c\u76ee\u6a19\u662f\u7aca\u53d6\u8207\u653b\u64ca\u5317\u5927\u897f\u6d0b\u516c\u7d04\u7d44\u7e54 (NATO)\u8207\u6b50\u76df\u7b49\u4f01\u696d\u8207\u91cd\u8981\u4eba\u58eb\u7684\u8cc7\u6599\u3002 \u9019\u9805\u6f0f\u6d1e\u5b58\u5728\u65bcWindows\u4f5c\u696d\u7cfb\u7d71\u4e2d\u7684OLE Package Manager\uff0c\u900f\u904eOffice PowerPoint\u6587\u4ef6\u89f8\u767c\u8a72\u6f0f\u6d1e\uff0c\u6703\u4e0b\u8f09\u4e26\u57f7\u884c\u7279\u5b9a\u7684INF\u6a94\u6848\uff0c\u4e26\u4e0b\u8f09\u4efb\u610f\u7a0b\u5f0f\u78bc\u3002\u6839\u64da<a href=\"https:\/\/www.isightpartners.com\/2014\/10\/cve-2014-4114\/\">\u5831\u5c0e<\/a>\uff0c\u4e00\u7fa4\u540d\u70ba\u300cSandworm Team\u300d(\u6c99\u87f2\u5c0f\u968a) \u7684\u99ed\u5ba2\u5229\u7528\u6b64\u6f0f\u6d1e (CVE-2014-4114) \u4f86\u5f9e\u4e8b\u7db2\u8def\u9593\u8adc\u6d3b\u52d5\u3002\u64da\u7a31\uff0c\u6b64\u6f0f\u6d1e\u5f9e 2013 \u5e74 8 \u6708\u958b\u59cb\u5373\u5df2\u6d41\u50b3\u81f3\u4eca\uff1a\u300c<a href=\"https:\/\/www.zdnet.com\/russian-hackers-target-nato-ukraine-through-windows-zero-day-exploit-7000034639\/\">\u4e3b\u8981\u662f\u88fd\u6210\u7279\u6b8a\u7684 PowerPoint \u6587\u4ef6\u7576\u6210\u6b66\u5668\u4f7f\u7528<\/a>\u300d\u3002\u6b64\u6f0f\u6d1e\u7684<a href=\"https:\/\/www.isightpartners.com\/2014\/10\/cve-2014-4114\/\">\u8a73\u7d30\u5167\u5bb9<\/a>\u5982\u4e0b\uff1a<\/p>\n<ul>\n<li>\u6b64\u6f0f\u6d1e\u5b58\u5728\u65bc Microsoft Windows \u7cfb\u7d71\u8207\u4f3a\u670d\u5668\u7576\u4e2d\u7684 OLE \u5c01\u88dd\u7ba1\u7406\u7a0b\u5f0f\u3002<\/li>\n<li>OLE \u5c01\u88dd\u7a0b\u5f0f (packager) \u53ef\u4e0b\u8f09\u4e26\u57f7\u884c INF \u6a94\u6848\u3002\u300c\u5728\u6240\u89c0\u5bdf\u5230\u7684\u6848\u4f8b\u4e2d\uff0c\u5c24\u5176\u662f\u5728\u8655\u7406 Microsoft PowerPoint \u6a94\u6848\u6642\uff0c\u5c01\u88dd\u7a0b\u5f0f\u53ef\u8b93\u5c01\u88dd\u7684 OLE \u7269\u4ef6\u53c3\u7167\u4efb\u610f\u5916\u90e8\u975e\u4fe1\u4efb\u4f86\u6e90\u7684\u6a94\u6848\uff0c\u5982 INF \u6a94\u6848\u3002\u300d<\/li>\n<li>\u7576\u653b\u64ca\u5f97\u901e\u6642\uff0c\u6b64\u6f0f\u6d1e\u53ef\u8b93\u99ed\u5ba2\u5f9e\u9060\u7aef\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc\u3002<\/li>\n<\/ul>\n<p>\u8da8\u52e2\u79d1\u6280\u7522\u54c1\u5df2\u7d93\u53ef\u4ee5\u5075\u6e2c\u5229\u7528\u6b64\u6f0f\u6d1e\u7684\u75c5\u6bd2\u7a0b\u5f0f\uff0c\u75c5\u6bd2\u540d\u7a31\u70ba\u201d TROJ_MDLOAD.PGTY\u201d\u3002\u7576\u958b\u555f\u99ed\u5ba2\u88fd\u4f5c\u7684 Power Point\u6a94\u6848\u4e4b\u5f8c\uff0c\u6703\u4e0b\u8f09\u4e00\u500bINF\u6a94\u60e1\u610f\u7a0b\u5f0f(\u88ab\u5075\u6e2c\u70ba\u201d INF_BLACKEN.A\u201d)\uff0c\u4e26\u5617\u8a66\u4e0b\u8f09\u8207\u57f7\u884c\u4e00\u652f\u88ab\u5075\u6e2c\u70ba\u201dBKDR_BLACKEN.A\u201d\u7684\u5f8c\u9580\u7a0b\u5f0f\u3002 \u8a73\u7d30\u75c5\u6bd2\u8cc7\u8a0a\u8acb\u53c3\u8003\u4e0b\u5217\u9023\u7d50\u3002<\/p>\n<p>TROJ_MDLOAD.PGTY<br \/>\n<a href=\"https:\/\/about-threats.trendmicro.com\/malware.aspx?language=en&amp;name=TROJ_MDLOAD.PGTY\">https:\/\/about-threats.trendmicro.com\/malware.aspx?language=en&amp;name=TROJ_MDLOAD.PGTY<\/a><br \/>\nINF_BLACKEN.A<br \/>\n<a href=\"https:\/\/about-threats.trendmicro.com\/malware.aspx?language=en&amp;name=INF_BLACKEN.A\">https:\/\/about-threats.trendmicro.com\/malware.aspx?language=en&amp;name=INF_BLACKEN.A<\/a><br \/>\nBKDR_BLACKEN.A<br \/>\n<a href=\"https:\/\/about-threats.trendmicro.com\/malware.aspx?language=en&amp;name=BKDR_BLACKEN.A\">https:\/\/about-threats.trendmicro.com\/malware.aspx?language=en&amp;name=BKDR_BLACKEN.A<\/a><\/p>\n<p>\u7531\u65bc\u6b64\u4e00\u653b\u64ca\u65b9\u5f0f\u4e26\u4e0d\u7279\u5225\u8907\u96dc\uff0c\u5f88\u6709\u53ef\u80fd\u5c0e\u81f4\u99ed\u5ba2\u5011\u5927\u91cf\u6feb\u7528\uff0c\u8da8\u52e2\u79d1\u6280\u6240\u63d0\u4f9b\u7684Smart Protection Network\u53ef\u5373\u6642\u5075\u6e2c\u900f\u904e\u672c\u6f0f\u6d1e\u6240\u57f7\u884c\u7684\u60e1\u610f\u7a0b\u5f0f\u3002<\/p>\n<p><strong>\u8da8\u52e2\u79d1\u6280\u00a0<\/strong><a href=\"https:\/\/www.trendmicro.tw\/tw\/enterprise\/cloud-solutions\/deep-security\/index.html\">Deep Security<\/a>\u00a0<strong>\u5ba2\u6236\u5efa\u8b70\u63aa\u65bd\uff1a<\/strong><\/p>\n<p>\u8da8\u52e2\u79d1\u6280\u7684 APT \u9632\u8b77\u89e3\u6c7a\u65b9\u6848\u5df2\u53ef\u91dd\u5c0d\u6b64\u6f0f\u6d1e\u9032\u884c\u9632\u8b77\uff0c\u900f\u904e\u201d\u60e1\u610f\u6587\u4ef6\u6307\u7d0b\u5075\u6e2c\u5f15\u64ce\u201d (ATSE\u975c\u614b\u5f15\u64ce)\u6210\u529f\u5075\u6e2c\u4e26\u6514\u963b\u6b64\u793e\u4ea4\u5de5\u7a0b\u4e4b\u60e1\u610f\u6587\u4ef6\u3002<\/p>\n<p>\u53e6\u5916\u8da8\u52e2\u79d1\u6280\u7528\u6236\u8acb\u76e1\u5feb\u66f4\u65b0\u6700\u65b0\u9632\u6bd2\u5143\u4ef6\uff0c\u4ee5\u5075\u6e2c\u6b64\u75c5\u6bd2\u7a0b\u5f0f\u3002\u82e5\u6709\u4f7f\u7528TrendMicro Deep Security\u8207OfficeScan IDF plug-in\u7684\u7528\u6236\u5011\u53ef\u5957\u7528\u4e0b\u65b9DPI\u898f\u5247\u9032\u884c\u5075\u6e2c\u3002<\/p>\n<ul>\n<li>1006290 \u2013 Microsoft Windows OLE Remote Code Execution Vulnerability (CVE-2014-4114)<\/li>\n<li>1006291\u00a0 Microsoft Windows OLE Remote Code Execution Vulnerability (CVE-2014-4114) \u2013 1<\/li>\n<\/ul>\n<p>\u6b64\u5916\uff0c\u6211\u5011\u5efa\u8b70\u7528\u6236\u76e1\u5feb\u91dd\u5c0d\u6b64\u4e00Windows\u4f5c\u696d\u7cfb\u7d71\u7684\u6f0f\u6d1e\u9032\u884c\u4fee\u88dc\uff0c\u5728\u5b8c\u6210\u4fee\u88dc\u524d\uff0c\u4e0d\u8981\u96a8\u610f\u958b\u555f\u964c\u751f\u4eba\u5bc4\u4f86\u7684PowerPoint\u6a94\u6848\uff0c\u4ee5\u964d\u4f4e\u88ab\u653b\u64ca\u7684\u98a8\u96aa\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p>\u25ce \u539f\u6587\u53c3\u8003\u51fa\u8655\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/ms-zero-day-used-in-attacks-against-european-sectors-industries\/\">MS Zero-Day Used in Attacks Against European Sectors, Industries<\/a><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u66f4\u65b0:\u3010\u65b0\u805e\u5feb\u8a0a\u3011\u5fae\u8edfCVE-2014-4114 PPTX\/PPSX \u96f6\u6642\u5dee\u653b\u64ca \u5df2\u73fe\u8eab\u53f0\u7063 \u5fae\u8edf Windo [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[185,1798,1799,156],"tags":[1803,1801,1800,1804,1802],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/10171"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10171"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/10171\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10171"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10171"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10171"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}