Hacker News

Windows Notepad App Rauni na Kisa Code

Windows Notepad App Rauni na Kisa Code Wannan cikakken bincike na windows yana ba da cikakken bincike na ainihin abubuwan da ke tattare da shi da kuma fa'ida. Mahimman wuraren Mayar da hankali Tattaunawar ta ta'allaka ne akan: Mahimman hanyoyin...

10 min read Via www.cve.org

Mewayz Team

Editorial Team

Hacker News
An gano rashin lahani mai mahimmanci na Windows Notepad App Remote Code Execution (RCE), yana bawa maharan damar aiwatar da lambar sabani akan tsarin da abin ya shafa ta hanyar yaudarar masu amfani don buɗe fayil ɗin da aka kera na musamman. Fahimtar yadda wannan raunin ke aiki - da kuma yadda ake kare ababen more rayuwa na kasuwanci - yana da mahimmanci ga kowace kungiya da ke aiki a cikin yanayin barazanar yau.

Menene Ainihin Rashin Lalacewar Ƙaddamarwar Codepad na Windows?

Windows Notepad, wanda aka daɗe ana ɗaukarsa mara lahani, editan rubutu mara lahani tare da kowane nau'in Microsoft Windows, a tarihi ana ɗaukarsa a matsayin mai sauƙi don ɗaukar manyan lahani na tsaro. Wannan zato ya tabbatar da kuskure ba daidai ba. Windows Notepad App Remote Code Execution rashin lahani yana cin gajiyar rauni a yadda Notepad ke tantance wasu tsarin fayil da sarrafa adadin ƙwaƙwalwar ajiya yayin aiwatar da abun ciki na rubutu.

A ainihinsa, wannan nau'in raunin yawanci ya ƙunshi cirewa ko ɓarna ɓarna na ƙwaƙwalwar ajiyawanda ke jawo lokacin da Notepad ke aiwatar da fayil ɗin da aka ƙeta. Lokacin da mai amfani ya buɗe takaddun da aka ƙera - galibi ana kama shi azaman .txt mara lahani ko fayil ɗin log - lambar harsashi mai harin yana aiwatarwa a cikin mahallin zaman mai amfani na yanzu. Saboda Notepad yana aiki tare da izinin mai amfani da ya shiga, maharin na iya yuwuwar samun cikakken iko akan haƙƙin shiga asusun, gami da karanta/rubutu damar samun fayiloli masu mahimmanci da albarkatun cibiyar sadarwa.

Microsoft ya magance shawarwarin tsaro da yawa masu alaƙa da Notepad a cikin 'yan shekarun nan ta hanyar zagayowar sa na ranar Talata, tare da ƙima da aka lissafa a ƙarƙashin CVEs waɗanda ke shafar Windows 10, Windows 11, da bugu na Windows Server. Tsarin yana da daidaito: ƙaddamar da gazawar dabaru yana haifar da yanayi masu amfani waɗanda ke ƙetare daidaitattun kariyar ƙwaƙwalwar ajiya.

Ta Yaya Vector Attack Aiki A Cikin Yanayin Duniya na Gaskiya?

Fahimtar sarkar kai hari yana taimaka wa ƙungiyoyi su gina ingantattun kariya. Halin yanayin amfani na yau da kullun yana bin jerin abubuwan da za a iya faɗi:

  • Isarwa: Maharin ya ƙirƙira fayil ɗin mugunta kuma yana rarraba ta ta imel ɗin phishing, mahaɗar zazzagewa qeta, hanyar sadarwar hanyar sadarwa da aka raba, ko lalata ayyukan ajiyar girgije.
  • Kisa: Wanda aka azabtar ya danna fayil sau biyu, wanda ke buɗewa a cikin Notepad ta tsohuwa saboda saitunan ƙungiyoyin fayilolin Windows don .txt, .log, da ƙari masu alaƙa.
  • Amfani da ƙwaƙwalwar ajiya: Injin tantancewa na Notepad ya ci karo da bayanan da ba su da kyau, yana haifar da tuli ko tari wanda ke sake rubuta mahimman bayanan ƙwaƙwalwar ajiya tare da ƙimar sarrafa maharan.
  • Kisa Shellcode: Ana karkatar da kwararar sarrafawa zuwa kayan aikin da aka saka, wanda zai iya zazzage ƙarin malware, kafa dagewa, fitar da bayanai, ko matsar da kai ta hanyar hanyar sadarwa.
  • Haɓaka gata (na zaɓi): Idan an haɗa shi tare da haɓaka gata na biyu na gida, maharin na iya haɓaka daga daidaitaccen zaman mai amfani zuwa isa ga matakin SYSTEM.

Abin da ya sa wannan ke da haɗari musamman shine amintattun masu amfani da su a cikin Notepad. Ba kamar fayilolin da za a iya aiwatarwa ba, ma'aikatan da suka san tsaro ba su cika bincika takaddun rubutu ba, suna sa isar da fayil ɗin da aka ƙera a cikin jama'a sosai.

Key Insight: Ba koyaushe ake samun raunin mafi haɗari a cikin hadaddun aikace-aikacen intanet ba - galibi suna zaune a cikin amintattun kayan aikin yau da kullun waɗanda ƙungiyoyi ba su taɓa yin la'akari da yanayin barazana ba. Windows Notepad misali ne na littafin karatu na yadda zato na gado game da software "lafiya" ke haifar da damar kai hari na zamani.

Mene ne Hatsarin Kwatancen Kwatancen Tsakanin Muhallin Windows daban-daban?

Tsananin wannan raunin ya bambanta dangane da yanayin Windows, daidaitawar gata mai amfani, da yanayin sarrafa facin. Yanayin kasuwancin da ke gudana Windows 11 tare da sabbin abubuwan tarawa na sabuntawa da kuma Microsoft Defender da aka saita a yanayin toshe fuska ya ragu sosai idan aka kwatanta da ƙungiyoyin da ke da tsofaffi, waɗanda ba a buɗe ba Windows 10 ko na Windows Server.

💡 DID YOU KNOW?

Mewayz replaces 8+ business tools in one platform

CRM · Invoicing · HR · Projects · Booking · eCommerce · POS · Analytics. Free forever plan available.

Start Free →
A cikin Windows 11, Microsoft ya sake gina Notepad tare da fakitin aikace-aikacen zamani, yana tafiyar da shi azaman aikace-aikacen Shagon Microsoft mai yashi tare da keɓewar AppContainer a wasu saitunan. Wannan canjin tsarin gine-gine yana ba da ragi mai ma'ana - ko da an sami RCE, an takurawa maharin ta iyakar AppContainer. Duk da haka, ba a yin amfani da wannan sandboxing na duniya gabaɗaya a duk Windows 11 daidaitawa, kuma Windows 10 mahalli ba su sami irin wannan kariya ta tsohuwa.

Ƙungiyoyin da suka kashe Sabuntawar Windows ta atomatik - abin mamaki gama gari a cikin mahallin da ke gudanar da software na gado - ya kasance cikin fallasa tsawon lokaci bayan da Microsoft ya fitar da faci. Haɗarin yana ƙaruwa a cikin wuraren da masu amfani ke aiki akai-akai tare da gata na mai gudanarwa na gida, tsarin da ya saba wa ƙa'idar mafi ƙarancin gata amma yana ci gaba da yawa a cikin ƙananan masana'antu da matsakaici.

Waɗanne Matakai Nan da nan Ya Kamata Kasuwanci su ɗauka don Rage Wannan Lalacewar?

Madaidaicin rangwame yana buƙatar tsarin da ya dace wanda ke magance duka raunin nan da nan da gibin tsaro da ke haifar da yin amfani da su:

  1. Aika faci nan da nan: Tabbatar cewa duk tsarin Windows an shigar da sabbin abubuwan sabunta tsaro na yau da kullun. Ba da fifikon wuraren ƙarshe da ma'aikatan ke amfani da su wajen sadarwa da fayiloli.
  2. Saitunan ƙungiyoyin fayil na tantancewa: Yi bita kuma taƙaita waɗanne aikace-aikacen da aka saita azaman tsoho don fayilolin .txt da .log fayiloli a duk faɗin kasuwancin, musamman akan madaidaitan ma'auni.
  3. Tabbatar da mafi ƙarancin gata: Cire haƙƙin mai gudanarwa na gida daga daidaitattun asusun mai amfani. Ko da an samu RCE, iyakantaccen gata mai amfani yana rage tasirin maharin.
  4. Yi ƙaddamar da gano ƙarshen ƙarshen: Sanya hanyoyin gano ƙarshen wuri da amsa (EDR) don saka idanu kan halayen tsari na Notepad, ba da alamar ƙirar ƙirar yara da ba a saba gani ba ko haɗin yanar gizo.
  5. Koyarwar wayar da kan masu amfani: Koyar da ma'aikata cewa ko da fayilolin rubutu na zahiri za a iya amfani da su, yana ƙarfafa kyakkyawan shakku ga fayilolin da ba a buƙata ba tare da la'akari da tsawo.

Ta Yaya Dabarun Kasuwancin Zamani Zasu Taimakawa Rage Hare-Harenku Gabaɗaya?

Rashin lahani kamar Windows Notepad RCE yana nuna gaskiya mai zurfi: rarrabuwar kawuna, kayan aikin gado yana haifar da ɓarnawar haɗarin tsaro. Kowane ƙarin aikace-aikacen tebur da ke gudana akan wuraren aikin ma'aikata shine yuwuwar vector. Ƙungiyoyin da ke haɓaka ayyukan kasuwanci zuwa na zamani, dandamali na asali na girgije suna rage dogaro ga aikace-aikacen Windows da aka shigar a cikin gida - kuma da ma'ana suna rage tasirin harinsu a cikin tsari.

dandamali kamar Mewayz, cikakken tsarin kasuwanci na 207-module wanda aka amince da fiye da masu amfani da 138,000, yana bawa ƙungiyoyi damar sarrafa CRM, ayyukan aiki, kasuwancin e-ciniki gabaɗaya, amintattun ayyukan abokin ciniki, hanyoyin sadarwa, bututun abun ciki. Lokacin da ainihin ayyukan kasuwanci ke rayuwa cikin ƙaƙƙarfan kayan aikin girgije maimakon shigar da aikace-aikacen Windows na gida, haɗarin da ke tattare da lahani kamar Notepad RCE yana raguwa sosai don ayyukan yau da kullun.

Tambayoyin da ake yawan yi

Shin Windows Notepad har yanzu yana da rauni idan ina kunna Windows Defender?

Windows Defender yana ba da kariya mai ma'ana daga sanannun sa hannu na amfani, amma ba madadin faci ba. Idan raunin ya zama sifili-rana ko yana amfani da ɓoyayyiyar lambar shela da sa hannun Mai tsaro bai gano ba tukuna, kariyar ƙarshen ƙarshen ita kaɗai na iya hana cin zarafi. Koyaushe ba da fifikon yin amfani da facin tsaro na Microsoft a matsayin ragewa na farko, tare da Mai tsaro yana aiki a matsayin madaidaicin matakin tsaro.

Shin wannan raunin yana shafar duk nau'ikan Windows?

Takamammen bayyanarwa ya bambanta ta sigar Windows da matakin faci. Windows 10 da mahallin Windows Server ba tare da tarawa na kwanan nan suna cikin haɗari mafi girma ba. Windows 11 tare da AppContainer-keɓe Notepad yana da wasu raguwa na gine-gine, kodayake waɗannan ba a amfani da su a duk duniya. Sabar Core shigarwar da ba ya haɗa da Notepad a cikin tsohowar saitin su ya rage fallasa. Koyaushe duba Jagoran Sabunta Tsaro na Microsoft don ƙayyadaddun yanayin CVE na musamman.

Ta yaya zan iya sanin ko tsarina ya rigaya ya lalace ta wannan raunin?

Malamai na sasantawa sun haɗa da ayyukan yara da ba zato ba tsammani waɗanda aka haifar ta hanyar notepad.exe, haɗin yanar gizo da ba a saba gani ba daga tsarin Notepad, sabbin ayyuka da aka tsara ko maɓallan gudanar da rajista da aka ƙirƙira a lokacin da aka buɗe fayil ɗin tuhuma, da ayyukan asusun mai amfani mara kyau biyo bayan taron buɗe takarda. Bita Logs Events na Windows, musamman Tsaro da rajistan ayyukan aikace-aikace, da kuma giciye tare da na'urar wayar salula na EDR idan akwai.

Kasancewa a gaban rashin lahani yana buƙatar duka taka tsantsan da ingantaccen kayan aikin aiki. Mewayz yana ba kasuwancin ku amintacce, dandamali na zamani don haɓaka ayyuka da rage dogaro ga kayan aikin tebur na gado - farawa daga $19 a wata. yau.