微软å
¬å¸äº2015å¹´4æ14æ¥çè¡¥ä¸æ¥ï¼ä¿®å¤äºä¸ä¸ªåå¨äº Windows http.sysä¸çæ´æ°æº¢åºæ¼æ´ã该æ¼æ´ç¼å·ä¸ºCVE-2015-1635ï¼MS15-034ï¼ï¼å¯ä»¥å¯¼è´è¿ç¨ä»£ç æ§è¡ææç»æå¡ã该æ¼æ´æå
ç±ç¾å½ææ°å
¬å¸çå®å
¨å¢éæ¥åã微软å®æ¹å
¬å请è§
https://technet.microsoft.com/enus/library/security/MS15-034严éç¨åº¦ï¼
æ¼æ´ç±äºWindowså议驱å¨http.sysæªå¯¹http请æ±ä¸çRangeå段è¿è¡åçæ£æ¥é æï¼å¯ä»¥å¯¼è´æ´æ°æº¢åºãä»»ææ»å»è
å¯ä»¥éè¿åææ¼æ´çæå¡å¨åéç²¾å¿æé çæ°æ®ï¼è¾¾å°æç»æå¡çè
è¿ç¨æ§è¡å½ä»¤çç®çï¼å©ç¨æååï¼æ»å»ä»£ç å°ä¸ææ¼æ´çç¨åºå
·æç¸åçç³»ç»æéã该æ¼æ´ä¸ºä¸¥é级å«ã
å½±åèå´ï¼
æ¼æ´å½±åç主è¦æ¯IISæå¡å¨ï¼å
¶ä»ä½¿ç¨http.sysçæå¡ä¹åå½±åãä»»ä½å®è£
æIIS 6.0以ä¸çæ¬çWindows Server 2008 R2/Windows Server 2012 /Windows Server 2012 R2以åWindows 7以ä¸çç³»ç»é½åå°æ¤æ¼æ´å½±åã
å®å
¨å»ºè®®ï¼
1.尽快å级Windowsç³»ç»è¡¥ä¸KB 3042553
2.å
¶ä»ç¼è§£æªæ½å
æ¬å
³éIIS Kernel cachingï¼å
·ä½å¯ä»¥åè
https://technet.microsoft.com/en-us/library/cc731903(v=ws.10).aspx
3.è¶å¿ç§æ æå¡å¨æ·±åº¦å®å
¨é²æ¤ç³»ç»(Deep Security) ç¨æ·ï¼ 请æ´æ°è§åå°DSRU-1006620ææ´æ°ï¼ 以é»æ¢é对该æ¼æ´çæ»å»ã
æ´å¤ä¿¡æ¯ï¼
http.sys& Range Header
http.sysæ¯ä¸ºWindowsç³»ç»æä¾httpåè®®åºç¡æå¡ç驱å¨ãå®çå¬æ¥èªç½ç»çhttp请æ±ï¼å¹¶å°è¿äºè¯·æ±ä¼ éç»IISå¤çï¼å¤çå®æåï¼åå°ç»æè¿åç»å®¢æ·ç«¯ãå®è´è´£æä¾å
æ ¸çº§å«çç¼å²ã请æ±éåã请æ±é¢å¤ç以åå®å
¨æ¹é¢çè¿æ»¤ãå
æ ¸ç¼å²ï¼Kernel-cachingï¼åè½ä¹æ£æ¯åå¨æ¼æ´çé¨åã
Range头ç¨æ¥å¨http请æ±ä¸æå®è¿åä¸é¨åèµæºãä¾å¦Range: bytes=500-999
æ¼æ´æå
http.sysä¸çUlpParseRange没æ对http请æ±ä¸Range头çæ°å¼å¤§å°ååçéå¶ï¼å¯¼è´åå¨æ´æ°æº¢åºçå¯è½ï¼å½è¾å
¥ä¸º18446744073709551615å³åå
è¿å¶ç0xFFFFFFFFFFFFFFFFæ¶ï¼ä»¥ä¸ä»£ç é ææ´æ°æº¢åº
èå¨å½æ°UlAdjustRangesToContentSizeä¸ï¼ä¼å¯¹Rangeçé¿åº¦è¿è¡åæ³æ§æ£æ¥ï¼è¥Range.Length + Range.Start大äºHTTP请æ±æ件ççå®å¤§å°ï¼ Range.Lenthå°ä¼è¢«ä¿®æ£ä¸ºæ£ç¡®çåæ³é¿åº¦ã å¦è¿ä¸è¿°ä»£ç ç段é æRange.Length+Range.Start溢åºï¼åæä¸ä¸ªè¾å°çå¼ï¼ä»èå¯ä»¥ç»è¿è¿æ®µä¿®æ£ä»£ç ãèå
¶ä»ä»£ç ä¼ç´æ¥å¼ç¨è¿ä¸ªè¶
大æ°å¼ï¼é æå´©æºã
æ¼æ´æµè¯
ç¨ç¸å
³éªè¯æ§ä»£ç 对å®è£
æIIS7çWindows 7 32bitç³»ç»è¿è¡æµè¯ï¼å¨åéæ°æ®å
ä¹åï¼ç®æ ç³»ç»å´©æºã
å
¶ä»ä¿¡æ¯
该æ¼æ´å¦ææåå©ç¨è¿å¯è½å¯¼è´å
åä¿¡æ¯æ³é²çè
æ§è¡ä»»æ代ç ã
å½å¤æå°ä¸äº¤æç½ç«æ¥åæ°å¢é对该æ¼æ´çå©ç¨ï¼æ®ç§°å¯ä»¥è¾¾å°è¿ç¨ä»£ç æ§è¡ã