Poyamba ife za kusatetezeka kwa tsiku la ziro mu Internet Explorer, zomwe zimalola kugwiritsa ntchito fayilo ya MHT yokonzedwa mwapadera kutsitsa zambiri kuchokera pakompyuta ya wosuta kupita ku seva yakutali. Posachedwapa, chiwopsezo ichi, chomwe chinapezedwa ndi katswiri wa chitetezo John Page, adaganiza zofufuza ndi kuphunzira katswiri wina wodziwika bwino pa ntchitoyi - Mitya Kolsek, mkulu wa ACROS Security, kampani yowunikira chitetezo, komanso woyambitsa nawo ntchito ya micropatch 0patch. Iye mbiri yonse ya kafukufuku wake, kusonyeza kuti Microsoft inapeputsa kuopsa kwa vutolo.
Zodabwitsa ndizakuti, Kolsek poyambirira sanathe kubwereza zomwe zidafotokozedwa ndikuwonetsa ndi John, pomwe adagwiritsa ntchito Internet Explorer kuthamanga Windows 7 kutsitsa ndikutsegula fayilo yoyipa ya MHT. Ngakhale woyang'anira ndondomeko yake adawonetsa kuti system.ini, yomwe idakonzedweratu kuti ikhale yobedwa, idawerengedwa ndi script yobisika mu fayilo ya MHT, koma sinatumizidwe ku seva yakutali.
"Izi zinkawoneka ngati zochitika zapamwamba zapaintaneti," alemba a Kolsek. "Fayilo ikalandilidwa kuchokera pa intaneti, kugwiritsa ntchito bwino Windows monga osatsegula ndi maimelo amawonjezera chizindikiro pafayilo yotereyi. yotchedwa Zone.Identifier yomwe ili ndi zingwe ZoneId = 3. Izi zimathandiza kuti mapulogalamu ena adziwe kuti fayiloyo inachokera kumalo osadalirika choncho iyenera kutsegulidwa mu sandbox kapena malo ena oletsedwa."
Wofufuzayo adatsimikizira kuti IE idayikadi chizindikiro chotere cha fayilo ya MHT yotsitsidwa. Kolsek ndiye anayesa kutsitsa fayilo yomweyo pogwiritsa ntchito Edge ndikuitsegula mu IE, yomwe imakhalabe yokhazikika pamafayilo a MHT. Mosayembekezeka, maseΕ΅erawo anagwira ntchito.
Choyamba, wofufuzayo adayang'ana "mark-of-the-Web", zidapezeka kuti Edge imasunganso gwero la fayilo munjira ina ya data kuwonjezera pa chizindikiritso chachitetezo, chomwe chingadzutse mafunso okhudza zinsinsi za izi. njira. Kolsek ankaganiza kuti mizere yowonjezera ikhoza kusokoneza IE ndikulepheretsa kuwerenga SID, koma momwe zikuwonekera, vuto linali kwina. Pambuyo pakuwunika kwanthawi yayitali, katswiri wachitetezo adapeza chifukwa chake pazolemba ziwiri pamndandanda wowongolera mwayi wopeza zomwe zidawonjezera ufulu wowerengera fayilo ya MHT ku ntchito ina yadongosolo, yomwe Edge adawonjezera pamenepo atayitsitsa.
James Foreshaw wochokera ku gulu lodzipereka latsiku la ziro - Google Project Zero - tweeted kuti zolemba zomwe zawonjezeredwa ndi Edge zikunena zozindikiritsa chitetezo chamagulu pa phukusi Microsoft.MicrosoftEdge_8wekyb3d8bbwe. Pambuyo pochotsa mzere wachiwiri wa SID S-1-15-2 - * kuchokera pamndandanda wowongolera mwayi wa fayilo yoyipa, kugwiritsa ntchito sikunagwirenso ntchito. Zotsatira zake, mwanjira ina chilolezo chowonjezeredwa ndi Edge chinalola kuti fayiloyo idutse sandbox ku IE. Monga a Kolsek ndi anzawo adanenera, Edge amagwiritsa ntchito zilolezozi kuteteza mafayilo otsitsidwa kuti asapezeke ndi njira zodalirika poyendetsa fayilo pamalo akutali.
Kenako, wofufuzayo adafuna kumvetsetsa bwino zomwe zimapangitsa kuti chitetezo cha IE chilephereke. Kufufuza mozama pogwiritsa ntchito ndondomeko ya Process Monitor ndi IDA disassembler potsirizira pake kunavumbula kuti kusintha kwa Edge kwalepheretsa ntchito ya Win Api GetZoneFromAlternateDataStreamEx kuti iwerenge mtsinje wa fayilo ya Zone.Identifier ndikubwezera zolakwika. Kwa Internet Explorer, cholakwika choterechi popempha chizindikiro chachitetezo cha fayilo sichinali chosayembekezereka, ndipo, mwachiwonekere, msakatuliyo adawona kuti cholakwikacho chinali chofanana ndi chakuti fayiloyo inalibe chizindikiro cha "chizindikiro-cha-Web", zomwe zimapangitsa kuti zikhale zodalirika, pambuyo pa chifukwa chake IE inalola kuti zolemba zobisika mu fayilo ya MHT zigwire ndi kutumiza fayilo ya komweko ku seva yakutali.
"Kodi ukuona zoseketsa apa?" akufunsa Kolsek. "Chitetezo chopanda zikalata chomwe Edge adagwiritsa ntchito chidalepheretsa zomwe zinalipo kale, mosakayika zofunika kwambiri (chizindikiro cha pa intaneti) mu Internet Explorer."
Ngakhale kuchulukirachulukira kwachiwopsezo, komwe kumalola kuti script yoyipa iyendetsedwe ngati script yodalirika, palibe chomwe chikuwonetsa kuti Microsoft ikufuna kukonza cholakwikacho posachedwa, ngati chingakonzedwe. Chifukwa chake, tikupangirabe kuti, monga m'nkhani yapitayi, musinthe pulogalamu yokhazikika yotsegulira mafayilo a MHT pa msakatuli aliyense wamakono.
Inde, kafukufuku wa Kolsek sanapite popanda kudzikonda pang'ono. Pamapeto pa nkhaniyi, adawonetsa kachidutswa kakang'ono kolembedwa m'chinenero cha msonkhano chomwe chingagwiritse ntchito ntchito ya 0patch yopangidwa ndi kampani yake. 0patch imangozindikira pulogalamu yomwe ili pachiwopsezo pakompyuta ya wogwiritsa ntchito ndikuyika tinthu tating'onoting'ono payo pouluka. Mwachitsanzo, pa nkhani yomwe tafotokoza, 0patch idzalowa m'malo mwa uthenga wolakwika mu GetZoneFromAlternateDataStreamEx ntchito ndi mtengo wofanana ndi fayilo yosadalirika yolandilidwa kuchokera pa intaneti, kotero kuti IE isalole zolembedwa zobisika kuti zichitidwe molingana ndi zomangidwa- mu ndondomeko ya chitetezo.
Source: 3dnews.ru