{"id":62238,"date":"2019-12-26T09:00:56","date_gmt":"2019-12-26T01:00:56","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=62238"},"modified":"2021-07-20T18:11:18","modified_gmt":"2021-07-20T10:11:18","slug":"62238","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=62238","title":{"rendered":"\u4ec0\u9ebc\u662f\u96f6\u6642\u5dee\u6f0f\u6d1e (Zero-Day Vulnerability)? \u6709\u54ea\u4e9b\u6f0f\u6d1e\u653b\u64ca\u624b\u6cd5?"},"content":{"rendered":"\n

\u6240\u8b02\u96f6\u6642\u5dee\u653b\u64ca(zero-day attack)\u5c31\u662f\u5229\u7528\u5c1a\u672a\u4fee\u88dc\u7684\u6f0f\u6d1e\u9032\u884c\u653b\u64ca\u3002\u901a\u5e38\uff0c\u672a\u4fee\u88dc\u7684\u6f0f\u6d1e\u5728\u5ee0\u5546\u91cb\u51fa\u4fee\u88dc\u66f4\u65b0\u4e4b\u524d\uff0c\u5c31\u662f\u4e00\u5834\u99ed\u5ba2\u8207\u5ee0\u5546\u4e4b\u9593\u7684\u7af6\u8cfd\uff0c\u524d\u8005\u8a66\u5716\u958b\u767c\u6f0f\u6d1e\u653b\u64ca\u624b\u6cd5\uff0c\u5f8c\u8005\u5247\u8a66\u5716\u4fee\u88dc\u6f0f\u6d1e\u3002 <\/strong><\/p>\n\n\n\n

<\/div>\n\n\n\n
\"\u6aa2\u8996\u5716\u6587\u89e3\u8aaa\uff1a\u8cc7\u5b89\u57fa\u790e\u89c0\u5ff5\uff1a\u96f6\u6642\u5dee\u6f0f\u6d1e\u8207\u6f0f\u6d1e\u653b\u64ca\u624b\u6cd5\"
\u6aa2\u8996\u5716\u6587\u89e3\u8aaa\uff1a\u8cc7\u5b89\u57fa\u790e\u89c0\u5ff5\uff1a\u96f6\u6642\u5dee\u6f0f\u6d1e\u8207\u6f0f\u6d1e\u653b\u64ca\u624b\u6cd5 <\/figcaption><\/figure><\/div>\n\n\n\n

<\/a><\/p>\n\n\n\n

\u6240\u8b02\u96f6\u6642\u5dee\u653b\u64ca(zero-day attack)\u5c31\u662f\u5229\u7528\u5c1a\u672a\u4fee\u88dc\u7684\u6f0f\u6d1e<\/a>\u9032\u884c\u653b\u64ca\uff0c\u56e0\u6b64\u4f01\u696d\u82e5\u6b63\u5728\u4f7f\u7528\u542b\u6709\u6f0f\u6d1e\u7684\u7cfb\u7d71\uff0c\u5c07\u6df1\u53d7\u5f71\u97ff\u3002\u901a\u5e38\uff0c\u672a\u4fee\u88dc\u7684\u6f0f\u6d1e\u5728\u5ee0\u5546\u91cb\u51fa\u4fee\u88dc\u66f4\u65b0\u4e4b\u524d\uff0c\u5c31\u662f\u4e00\u5834\u99ed\u5ba2\u8207\u5ee0\u5546\u4e4b\u9593\u7684\u7af6\u8cfd\uff0c\u524d\u8005\u8a66\u5716\u958b\u767c\u6f0f\u6d1e\u653b\u64ca\u624b\u6cd5<\/a>\uff0c\u5f8c\u8005\u5247\u8a66\u5716\u4fee\u88dc\u6f0f\u6d1e\u3002\u4ee5\u4e0b\u5c07\u8a73\u7d30\u8aaa\u660e\u4f01\u696d\u5c0d\u65bc\u96f6\u6642\u5dee\u6f0f\u6d1e\u6240\u8a72\u77e5\u9053\u7684\u4e8b\uff0c\u5305\u62ec\u4f55\u8b02\u96f6\u6642\u5dee\u6f0f\u6d1e\u4ee5\u53ca\u96f6\u6642\u5dee\u6f0f\u6d1e\u5982\u4f55\u904b\u4f5c\uff0c\u4ee5\u5354\u52a9\u4f01\u696d\u66f4\u6709\u6548\u964d\u4f4e\u81ea\u8eab\u7684\u98a8\u96aa\uff0c\u9632\u7bc4\u5c08\u9580\u5229\u7528\u9019\u985e\u6f0f\u6d1e\u7684\u5a01\u8105\u3002<\/p>\n\n\n\n

<\/h3>\n\n\n\n
<\/div>\n\n\n\n

\u4f55\u8b02\u96f6\u6642\u5dee\u6f0f\u6d1e(zero-day vulnerability)\uff1f<\/h2>\n\n\n\n



\u6240\u8b02\u7684\u96f6\u6642\u5dee\u6f0f\u6d1e<\/strong>\u6216\u96f6\u65e5\u6f0f\u6d1e<\/strong>\uff08\u82f1\u8a9e\uff1a0<\/strong>-day vulnerability\u3001zero-day vulnerability\uff09\u662f\u6307\u8edf\u9ad4<\/a>\u3001\u97cc\u9ad4<\/a>\u6216\u786c\u9ad4<\/a>\u8a2d\u8a08\u7576\u4e2d\u5df2\u88ab\u516c\u958b\u63ed\u9732\u4f46\u5ee0\u5546\u537b\u4ecd\u672a\u4fee\u88dc\u7684\u7f3a\u5931\u3001\u5f31\u9ede\u6216\u932f\u8aa4\u3002\u6216\u8a31\uff0c\u7814\u7a76\u4eba\u54e1\u5df2\u7d93\u63ed\u9732\u9019\u9805\u6f0f\u6d1e\uff0c\u5ee0\u5546\u53ca\u958b\u767c\u4eba\u54e1\u4e5f\u5df2\u7d93\u77e5\u9053\u9019\u9805\u7f3a\u5931\uff0c\u4f46\u537b\u5c1a\u672a\u6b63\u5f0f\u91cb\u51fa\u66f4\u65b0\u4f86\u4fee\u88dc\u9019\u9805\u6f0f\u6d1e\u3002<\/p>\n\n\n\n

\u9019\u6a23\u7684\u7f3a\u5931\u5c31\u662f\u6240\u8b02\u7684\u300c\u96f6\u6642\u5dee\u300d\u6f0f\u6d1e\uff0c\u56e0\u70ba\u5ee0\u5546\u53ca\u958b\u767c\u4eba\u54e1\n(\u4ee5\u53ca\u53d7\u6b64\u6f0f\u6d1e\u5f71\u97ff\u7684\u4f01\u696d\u548c\u4f7f\u7528\u8005) \u624d\u525b\u77e5\u9053\u9019\u500b\u6f0f\u6d1e\u7684\u5b58\u5728\u3002\u96a8\u5f8c\uff0c\u7576\u5ee0\u5546\u53ca\u958b\u767c\u4eba\u54e1\u91dd\u5c0d\u9019\u500b\u6f0f\u6d1e\u63d0\u4f9b\u4e86\u4fee\u88dc\u66f4\u65b0\uff0c\u90a3\u9019\u6f0f\u6d1e\u5c31\u6703\u8b8a\u6210\u300c\u5df2\u77e5\u300d\u6f0f\u6d1e (\u6709\u6642\u4ea6\u7a31\u70ba\nN-day \u6f0f\u6d1e)\u3002<\/p>\n\n\n\n

\n\n\n\n
<\/div>\n\n\n\n
\"\"\/<\/figure>
\n

<\/p>\n\n\n\n

\u865b\u64ec\u4fee\u88dc\u5982\u4f55\u5354\u52a9\u9632\u7bc4\u5df2\u77e5\u548c\u672a\u77e5\u7684\u6f0f\u6d1e<\/a><\/strong><\/h4>\n\n\n\n

<\/strong> \u7576\u61c9\u7528\u7a0b\u5f0f\u6216\u4f01\u696d IT \u57fa\u790e\u67b6\u69cb\u542b\u6709\u672a\u4fee\u88dc\u6f0f\u6d1e\u6703\u5982\u4f55\uff1f\u9019\u4efd\u5716\u6587\u89e3\u8aaa\u89e3\u91cb\u4e86\u865b\u64ec\u4fee\u88dc\u5982\u4f55\u5354\u52a9\u4f01\u696d\u89e3\u6c7a\u6f0f\u6d1e\u8207\u4fee\u88dc\u7ba1\u7406\u7684\u56f0\u5883\u3002 <\/p>\n<\/div><\/div>\n\n\n\n\n\n\n\n

\n\n\n\n
<\/div>\n\n\n\n

\u4f55\u8b02\u96f6\u6642\u5dee\u6f0f\u6d1e\u653b\u64ca\u624b\u6cd5\u6216\u96f6\u6642\u5dee\u653b\u64ca\uff1f<\/h3>\n\n\n\n



\u7576\u99ed\u5ba2\u6216\u72af\u7f6a\u96c6\u5718\u6210\u529f\u91dd\u5c0d\u67d0\u9805\u5ee0\u5546\u5c1a\u672a\u91cb\u51fa\u4fee\u88dc\u66f4\u65b0 (\u6216\u8005\u5ee0\u5546\u6839\u672c\u4e0d\u77e5\u9053) \u7684\u6f0f\u6d1e\u958b\u767c\u51fa\u6982\u5ff5\u9a57\u8b49\u653b\u64ca\u624b\u6cd5 (PoC) \u6216\u662f\u5be6\u969b\u7684\u60e1\u610f\u7a0b\u5f0f\u6642\uff0c\u9019\u5c31\u662f\u6240\u8b02\u7684\u96f6\u6642\u5dee\u6f0f\u6d1e\u653b\u64ca\u624b\u6cd5\u6216\u96f6\u6642\u5dee\u653b\u64ca\u3002\u5118\u7ba1\u5ee0\u5546\u548c\u958b\u767c\u4eba\u54e1\u4ee5\u53ca\u8cc7\u5b89\u7814\u7a76\u4eba\u54e1\u548c\u5c08\u5bb6\u90fd\u96a8\u6642\u5728\u52aa\u529b\u5c0b\u627e\u4e26\u4fee\u6b63\u8cc7\u5b89\u6f0f\u6d1e\uff0c\u4f46\u99ed\u5ba2\u548c\u72af\u7f6a\u96c6\u5718\u4e5f\u540c\u6a23\u5b5c\u5b5c\u4e0d\u5026\u5730\u52aa\u529b\u5c0b\u627e\u6f0f\u6d1e\u548c\u653b\u64ca\u624b\u6cd5\u3002\u9019\u6a23\u7684\u7d50\u679c\u5c31\u662f\u4e00\u5834\u96d9\u65b9\u9663\u71df\u7684\u8ecd\u5099\u7af6\u8cfd\uff1a\u6b79\u5f92\u62fc\u547d\u653b\u64ca\u6f0f\u6d1e\uff0c\u5ee0\u5546\u5247\u62fc\u547d\u4fee\u88dc\u6f0f\u6d1e\u3002<\/p>\n\n\n\n

\n\n\n\n
<\/div>\n\n\n\n
\"\"\/<\/figure>
\n

\u8da8\u52e2\u79d1\u6280\u5e74\u5ea6\u671f\u4e2d\u8cc7\u5b89\u7e3d\u8a55\uff1a2019 \u4e0a\u534a\u5e74\u6f0f\u6d1e\u60c5\u52e2<\/a> <\/h4>\n\n\n\n

\n\n\u6211\u5011\u7684\u5e74\u5ea6\u671f\u4e2d\u8cc7\u5b89\u7e3d\u8a55\u5831\u544a\u8a73\u7d30\u5256\u6790\u4e86 2019 \u4e0a\u534a\u5e74\u51fa\u73fe\u7684\u4e00\u4e9b\u91cd\u5927\u5a01\u8105\uff0c\u4e26\u63d0\u4f9b\u4e00\u4e9b\u8cc7\u5b89\u5206\u6790\u8207\u5efa\u8b70\u4f86\u5354\u52a9\u4f01\u696d\u548c\u4f7f\u7528\u8005\u9078\u64c7\u9069\u7576\u7684\u8cc7\u5b89\u89e3\u6c7a\u65b9\u6848\u548c\u9632\u79a6\u7b56\u7565\u3002\n\n<\/p>\n<\/div><\/div>\n\n\n\n

\n\n\n\n
<\/div>\n\n\n\n

\u96f6\u6642\u5dee\u6f0f\u6d1e\u548c\u6f0f\u6d1e\u653b\u64ca\u624b\u6cd5\u70ba\u4f55\u91cd\u8981\uff1f<\/h3>\n\n\n\n


\u767c\u73fe\u96f6\u6642\u5dee\u6f0f\u6d1e\u653b\u64ca\u624b\u6cd5\u4e0d\u50c5\u53ef\u5728\u5408\u6cd5\u7684\u6f0f\u6d1e\u61f8\u8cde\u8a08\u756b\u4e2d\u7372\u5f97\u9ad8\u984d\u734e\u91d1 (\u6700\u591a\u751a\u81f3\u9ad8\u9054200 \u842c\u7f8e\u5143<\/a>)\uff0c\u9019\u985e\u6f0f\u6d1e\u653b\u64ca\u624b\u6cd5\u5728\u5730\u4e0b<\/a>\u5e02\u5834<\/a>\u4e5f\u662f\u76f8\u7576\u7099\u624b\u53ef\u71b1\u3002\u5c0d\u72af\u7f6a\u96c6\u5718\u4f86\u8aaa\uff0c\u96f6\u6642\u5dee\u6f0f\u6d1e\u653b\u64ca\u624b\u6cd5\u53ef\u8aaa\u662f\u4ed6\u5011\u7684\u6551\u661f\uff0c\u56e0\u70ba\u5927\u591a\u6578\u7684\u8cc7\u5b89\u9632\u79a6\u90fd\u662f\u91dd\u5c0d\u5df2\u77e5\u6f0f\u6d1e\u800c\u8a2d\u8a08\u3002\u6240\u4ee5\uff0c\u5229\u7528\u672a\u77e5\u6216\u672a\u4fee\u88dc\u6f0f\u6d1e\u7684\u653b\u64ca\uff0c\u5c31\u80fd\u6697\u4e2d\u9032\u884c\u5f88\u9577\u4e00\u6bb5\u6642\u9593\u800c\u4e0d\u88ab\u767c\u73fe\u3002<\/p>\n\n\n\n

\u6b64\u5916\uff0c\u96f6\u6642\u5dee\u653b\u64ca\u7684\u6210\u529f\u8207\u5426\u9084\u8981\u770b\u4f01\u696d\u7684\u300c\u66b4\u96aa\u7a7a\u7a97\u671f\u300d\u6709\u591a\u4e45\uff0c\u4e5f\u5c31\u662f\u5f9e\u6f0f\u6d1e\u767c\u73fe\u3001\u5230\u5ee0\u5546\u91cb\u51fa\u4fee\u88dc\u66f4\u65b0\u3001\u518d\u5230\u4f01\u696d\u5b8c\u6210\u90e8\u7f72\u7684\u9019\u6bb5\u671f\u9593\u3002\u5373\u4f7f\u662f\u5df2\u77e5\u7684\u6f0f\u6d1e\uff0c\u9019\u6bb5\u66b4\u96aa\u7a7a\u7a97\u671f\u4f9d\u7136\u53ef\u80fd\u5f88\u4e45\uff0c\u9019\u6709\u6642\u662f\u4f01\u696d\u7684\u4fee\u88dc\u7ba1\u7406\u653f\u7b56\u4f7f\u7136\uff0c\u6709\u6642\u5247\u662f\u56e0\u70ba\u4fee\u88dc\u66f4\u65b0\u7684\u958b\u767c\u6709\u76f8\u7576\u7684\u96e3\u5ea6\u3002\u7a7a\u7a97\u671f\u8d8a\u9577\uff0c\u99ed\u5ba2\u5c31\u8d8a\u6709\u6a5f\u6703\u767c\u52d5\u653b\u64ca\u6216\u9577\u671f\u6f5b\u4f0f\u800c\u4e0d\u88ab\u767c\u73fe\u3002<\/p>\n\n\n\n

<\/div>\n\n\n\n
\n\n\n\n
\"\"\/<\/figure>
\n

\u5716\u6587\u89e3\u8aaa\uff1a\u5c0f\u5fc3\u8cc7\u5b89\u6f0f\u6d1e\uff1a\u865b\u64ec\u4fee\u88dc\u5982\u4f55\u4fdd\u969c\u4f01\u696d\u5b89\u5168<\/a> <\/h4>\n\n\n\n

\u4e00\u822c\u4f01\u696d\u7d04\u9700 30 \u5929\u7684\u6642\u9593\u4f86\u4fee\u88dc\u96fb\u8166\u4f5c\u696d\u7cfb\u7d71\u8207\u8edf\u9ad4\uff0c\u800c\u66f4\u8907\u96dc\u7684\u61c9\u7528\u7a0b\u5f0f\u548c\u7cfb\u7d71\u5247\u9700\u8981\u66f4\u4e45\u7684\u6642\u9593\u3002\u9019\u4efd\u5716\u6587\u89e3\u8aaa\u544a\u8a34\u60a8\u865b\u64ec\u4fee\u88dc\u6280\u8853\u5982\u4f55\u5354\u52a9\u4f01\u696d\u964d\u4f4e\u6f0f\u6d1e\u7684\u5a01\u8105\u3002
<\/p>\n<\/div><\/div>\n\n\n\n

\n\n\n\n
<\/div>\n\n\n\n

\u96f6\u6642\u5dee\u6f0f\u6d1e\u653b\u64ca\u624b\u6cd5\u5982\u4f55\u61c9\u7528\u5728\u653b\u64ca\u7576\u4e2d\uff1f<\/h3>\n\n\n\n


\u6b79\u5f92\u4f7f\u7528\u96f6\u6642\u5dee\u6f0f\u6d1e\u653b\u64ca\u624b\u6cd5\u7684\u65b9\u5f0f\u6709\u5e7e\u7a2e\uff1a<\/p>\n\n\n\n