j9九游会官方营救读取此类文献进行渲染图标、缩略图和详备信息-九游娱乐(中国)有限公司-官方网站

1、间隙空洞

近日，微软发布 windows 操作系统更新建设间隙，其中 Windows 文献资源治理器诱拐间隙（CVE-2025-24071、CVE-2025-24054）正被庸碌诈欺，提倡您实时开展安全风险自查。

据描述，由于 windows 的资源治理器默许信任 libray-ms 文献，营救读取此类文献进行渲染图标、缩略图和详备信息。当压缩包内存在此类文献时，用户解压包含 smb（文献分享做事）旅途设立的 libray-ms 文献，会自动被 windows 资源治理器内置文献默机会制默契，将受害者的 NTLM 身份信息发送到袭击者 smb 做事器。袭击者诈欺这种隐式信任和自动文献处理作为来显露左证，然后不错诈欺这些左证进行哈希传递袭击或脱机 NTLM 哈希破解。袭击者不错诈欺该间隙以治理员权限实验操作，包括但不限于创建新用户、修改现存用户的权限、安设坏心软件等。

间隙影响的居品和版块：

Windows Server 2022

Windows Server 2019 ( Server Core installation )

Windows Server 2019

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows Server 2012 R2 ( Server Core installation )

Windows Server 2012 R2

Windows Server 2016 ( Server Core installation )

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server 2025

Windows 11 Version 24H2 for x64-based Systems

Windows 11 Version 24H2 for ARM64-based Systems

Windows Server 2022, 23H2 Edition ( Server Core installation )

Windows 11 Version 23H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows Server 2025 ( Server Core installation )

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows Server 2022 ( Server Core installation )

2、间隙复现

3、财富测绘

4、治理决议

升级建设

现在 windows 已发布建设安全补丁：

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24071

5、参考聚会

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24054

https://www.ddpoc.com/DVB-2023-8999.html

原文聚会j9九游会官方