Windows Notepad App Remote Code Ukuphunyezwa Sesichengeni

Kuchongiwe ukuba sesichengeni kweWindows Notepad ye-Remote Code (RCE), evumela abahlaseli ukuba baphumeze ikhowudi engafanelekanga kwiinkqubo ezichaphazelekayo ngokuqhatha abasebenzisi ukuba bavule ifayile eyenziwe ngokukodwa. Ukuqonda indlela obu buthathaka busebenza ngayo - kunye nendlela yokukhusela iziseko zophuhliso lweshishini lakho - kubalulekile kuwo nawuphi na umbutho osebenza kwindawo yanamhlanje eyingozi.

Yintoni kanye kanye iNotepad yeRemote yokuSebenza kwiKhowudi ekude?

I-Notepad yeWindows, ekudala ijongwa njengengenabungozi, i-barebones text editor ehlanganiswe nayo yonke inguqulelo ye-Microsoft Windows, ngokwembali ibithathwa njengento elula kakhulu ukugcina iziphene zokhuseleko ezinzulu. Loo ngcinga ingqineke ingalunganga ngokuyingozi. Ukuba sesichengeni kokwenziwa kweKhowudi ye-Notepad ye-App ye-Remote ye-Windows isebenzisa ubuthathaka kwindlela i-Notepad ecalula ngayo iifomati ezithile zefayile kwaye iphathe ulwabiwo lwenkumbulo ngexesha lonikezelo lomxholo wombhalo.

Embindini walo, olu didi lobuthathaka lubandakanya ukuphuphuma kwe-buffer okanye impazamo yokonakala kwememori eqaliswe xa i-Notepad iqhuba ifayile eyakhiwe ngokukhohlakeleyo. Xa umsebenzisi evula uxwebhu olwenziweyo - luhlala lufihliwe njengengenabungozi .txt okanye ifayile yelog - i-shellcode yomhlaseli iphumeza kumxholo weseshoni yomsebenzisi yangoku. Ngenxa yokuba i-Notepad isebenza ngeemvume zomsebenzisi ongeneyo, umhlaseli unokufumana ulawulo olupheleleyo lwamalungelo okufikelela aloo akhawunti, kuquka ukufikelela kokufunda/ukubhala kwiifayile ezinovakalelo kunye nemithombo yenethiwekhi.

I-Microsoft iye yajongana neengcebiso ezininzi zokhuseleko ezinxulumene ne-Notepad kwiminyaka yakutshanje ngemijikelo yayo yePatch ngoLwesibini, kunye nobuthathaka obubhalwe phantsi kwee-CVE ezichaphazela Windows 10, Windows 11, kunye ne-Windows Server editions. Indlela yokusebenza ayiguquguquki: ukusilela kwingqiqo yokwahlulahlula kudala iimeko ezisebenzisekayo ezidlula ukhuseleko olusemgangathweni lwenkumbulo.

Isebenza Njani iVector yoHlaselo kwiiMeko zokwenyani zeHlabathi?

Ukuqonda ikhonkco lokuhlasela kunceda imibutho yakhe ukhuseleko olusebenzayo. Imeko yoxhatshazo eqhelekileyo ilandela ulandelelwano oluqikelelwayo:

• Unikezelo: Umhlaseli wenza ifayile ekhohlakeleyo kwaye ayisasaze nge-imeyile yokukhohlisa, amakhonkco okukhuphela anobungozi, iidrive zenethiwekhi ekwabelwana ngazo, okanye iinkonzo zokugcina ilifu ezisengozini.
• Execution trigger: Ixhoba licofa kabini ifayile, evula kwiNotepad ngokungagqibekanga ngenxa yemimiselo yonxulumano lwefayile yeWindows ye .txt, .log, kunye nezandiso ezinxulumeneyo.
• Ukusetyenziswa kwememori: Injini yokwahlulahlula yeNotepad idibana nedatha engalunganga, ibangele imfumba okanye isitaki siphuphumale esivala izikhombisi zememori ezibalulekileyo ezinexabiso elilawulwa ngumhlaseli.
• Ukwenziwa kwekhowudi yeShell: Ulawulo lokuhamba luthunyelwa kumthwalo olungisiweyo, onokukhuphela i-malware eyongezelelweyo, imisele ukuzingisa, ikhuphe idatha, okanye ihambe ecaleni kwinethiwekhi.
• Ilungelo lokunyuka (ukhetho): Ukuba kudityaniswe ne-second local privilege escalation exploit, umhlaseli unokunyusa ukusuka kwiseshoni yomsebenzisi esemgangathweni ukuya kwi-SYSTEM-level access.

Yintoni eyenza oku kube yingozi ngakumbi kukuthembela okubekwe ngabasebenzisi kwi-Notepad. Ngokungafaniyo neefayile eziphunyezwayo, amaxwebhu abhaliweyo angenanto awafane ahlolwe ngabasebenzi abaxhalabele ukhuseleko, nto leyo eyenza ukuba ukuhanjiswa kweefayile kubunjineli boluntu kusebenze kakhulu.

I-Insight engundoqo: Ubuthathaka obunobungozi abusoloko bufumaneka kwi-complex, izicelo ezijongene ne-intanethi - zihlala zihlala kwizixhobo ezithembekileyo, zemihla ngemihla imibutho engazange icinge njengento esongelayo. I-Notepad yeWindows ngumzekelo wencwadi yokufunda wendlela uqikelelo lwelifa malunga nesoftware "ekhuselekileyo" edala amathuba okuhlasela angoku.

Iyintoni imingcipheko yokuthelekisa Kwimo engqongileyo yee-Windows ezahlukeneyo?

Ubungqongqo bobu buthathaka buyahluka ngokuxhomekeke kwimeko-bume yeWindows, uqwalaselo lwelungelo lomsebenzisi, kunye nokuma kolawulo lweziqephu. Iimeko zeshishini eziqhubayo Windows 11 kunye nohlaziyo lwamva nje olongezelekayo kunye neMicrosoft Defender emiliselwe kwimowudi yebhloko ubuso obuncitshisiweyo kakhulu ukuvezwa xa kuthelekiswa nemibutho eqhuba imidala, engapakishwanga Windows 10 okanye iimeko zeWindows Server.

Ivuliwe Windows 11, iMicrosoft iye yaphinda yakha iNotepad ngokupakishwa kwenkqubo yangoku, iyisebenzisa njengebhokisi yesanti yeMicrosoft Store ebekwe yodwa yeAppContainer kulungiselelo oluthile. Olu tshintsho lwezakhiwo lubonelela ngokunciphisa okunentsingiselo - nokuba i-RCE iphunyeziwe, indawo yomhlaseli ithintelwe ngumda we-AppContainer. Nangona kunjalo, le sandboxing ayisetyenziswa jikelele kuzo zonke Windows 11 ulungelelwaniso, kwaye Windows 10 imo engqongileyo ayifumani ukhuseleko olunjalo ngokungagqibekanga.

Imibutho eye yacima uHlaziyo lweWindows oluzenzekelayo — ulungelelwaniso oluxhaphakileyo ngokumangalisayo kwindawo eqhuba isoftware yelifa — ihlala ibhengeziwe ixesha elide emva kokuba uMicrosoft ekhuphe iipetshi. Umngcipheko uyaphindaphindeka kwindawo apho abasebenzisi basebenza ngokwesiqhelo ngamalungelo omlawuli wasekhaya, ulungelelwaniso olwaphula umthetho-siseko welona lungelo lincinci kodwa liqhubeleka ngokubanzi kumashishini amancinci naphakathi.

Ngawaphi aManyathelo aKhawulezayo ekufuneka aMashishini awaThathe ukuNciphisa obu Sesichengeni?

Unciphiso olusebenzayo lufuna indlela eyakhiweyo ejongana nokuba sesichengeni kwangoku kunye nezikhewu zokuma kokhuseleko ezenza ukuba uxhatshazo lwenzeke:

1. Faka iipetshi ngoko nangoko: Qinisekisa ukuba zonke iisistim zeWindows zinohlaziyo lwamva nje lokhuseleko olufakelweyo. Ukubeka phambili iziphelo ezisetyenziswa ngabasebenzi abaphatha unxibelelwano lwangaphandle kunye neefayile.
2. Phicotha useto lonxulumano lwefayile: Hlaziya kwaye uthintele ukuba zeziphi izicelo ezisetwe njengabaphangi abangagqibekanga be .txt kunye .log iifayile kulo lonke ishishini, ngakumbi kwiindawo zexabiso eliphezulu.
3. Qinisekisa ilungelo elilodwa: Susa amalungelo omlawuli wasekhaya kwiiakhawunti eziqhelekileyo zomsebenzisi. Nokuba i-RCE iphunyeziwe, amalungelo amiselweyo omsebenzisi anciphisa kakhulu impembelelo yomhlaseli.
4. Sebenzisa ubhaqo lwendawo yokugqibela: Qwalasela izisombululo zokuchongwa kwesiphelo kunye nokuphendula (EDR) ukujonga indlela yokuziphatha kwenkqubo ye-Notepad, ukuxela ukudalwa kwenkqubo yomntwana engaqhelekanga okanye uqhagamshelo lwenethiwekhi.
5. Uqeqesho lolwazi lwabasebenzisi: Ukufundisa abasebenzi ukuba neefayile ezibhaliweyo ezicacileyo zinokuxhotyiswa, okomeleza amathandabuzo aphilileyo kwiifayile ezingacelwanga nokuba zingandiswa.

Njani iiplatifti zeShishini zale mihla ziNcedisa ukuNciphisa uHlaselo lwakho lulonke?

Ubuthathaka obunje ngeWindows Notepad RCE igxininisa ubunzulu benyaniso: amaqhekeza, izixhobo zelifa kudala umngcipheko wokhuseleko owahlulwayo. Zonke izicelo zedesktop ezongezelelweyo ezisebenza kwiindawo zokusebenza zabasebenzi sisixhobo esinokubakho. Imibutho ehlanganisa ushishino kumaqonga ale mihla, afumaneka kwilifu inciphisa ukuthembela kwayo kwii-aplikeshini ze-Windows ezifakwe ekuhlaleni - kwaye ngokufanelekileyo icutha uhlaselo lwayo kwinkqubo.

Amaqonga afana Mewayz, inkqubo yokusebenza yeshishini yeemodyuli ezingama-207 ethenjwe ngabasebenzisi abangaphezu kwe-138,000, yenza amaqela alawule iCRM, ukuqhutywa komsebenzi weprojekthi, ukusebenza kwe-e-commerce, imibhobho yesikhangeli somxholo ngokusingqongileyo, kunye nonxibelelwano olukhuselekileyo. Xa imisebenzi engundoqo yoshishino ihlala kwiziseko ezingundoqo zamafu endaweni yosetyenziso lweWindows olufakwe ekuhlaleni, umngcipheko obangelwa bubuthathaka obufana ne-Notepad RCE ucuthelwe kakhulu kwimisebenzi yemihla ngemihla.

Imibuzo Ebuzwa Rhoqo

Ingaba iNotepad yeWindows isesemngciphekweni ukuba ndineWindows Defender yenziwe yasebenza?

I-Windows Defender ibonelela ngokhuseleko olunentsingiselo ngokuchasene nemisayino yokuxhaphaza eyaziwayo, kodwa ayithatheli indawo yokuchwetheza. Ukuba ubuthathaka yi-zero-day okanye isebenzisa i-shellcode efihliweyo engekabonwa ngotyikityo lwe-Defender, ukhuseleko lwe-endpoint lulodwa alunakukuthintela ukuxhaphaza. Soloko ubeka phambili ukusebenzisa iipetshi zokhuseleko zeMicrosoft njengolona nciphiso luphambili, kunye neDefender esebenza njengomaleko wokhuselo oncedisayo.

Ngaba obu buthathaka buchaphazela zonke iinguqulelo zeWindows?

Utyhileko oluthile luyohluka ngokoguqulelo lweWindows kunye nenqanaba lephetshi. Windows 10 kunye neemeko zeWindows Server ngaphandle kohlaziyo oluqokelelweyo lwamva nje lusemngciphekweni omkhulu. Windows 11 nge-Notepad esecaleni ye-AppContainer inokunciphisa ulwakhiwo, nangona ezi zingasetyenziswanga jikelele. Ufakelo lwe-Server Core olungabandakanyi i-Notepad kuqwalaselo lwalo olungagqibekanga luncitshise ukuvezwa. Soloko ujonga iSikhokelo soHlaziyo loKhuseleko lweMicrosoft malunga nokusebenziseka koguqulelo oluthile lweCVE.

Ndingatsho njani ukuba inkqubo yam sele ifakwe esichengeni ngenxa yobu sechengeni?

Izalathi zokulala zibandakanya iinkqubo ezingalindelekanga zomntwana eziveliswe yinotepad.exe, uqhagamshelo olungaqhelekanga lwenethiwekhi oluphuma kwinkqubo yeNotepad, imisebenzi emitsha ecwangcisiweyo okanye izitshixo zobhaliso ezenziweyo zenziwe malunga nexesha lokuvulwa kwefayile ekrokrisayo, kunye nomsebenzi ongaqhelekanga weakhawunti yomsebenzisi olandela isiganeko sokuvula uxwebhu. Uphononongo lweMicimbi yeMicimbi kaWindows, ngakumbi uKhuseleko kunye neelog zeSicelo, kunye neereferensi ezinqamlezileyo nge-EDR telemetry ukuba ikhona.

Ukuhlala phambi kobuthathaka kufuna zombini uqwalaselo kunye neziseko zokusebenza ezichanekileyo. Mewayz inika ishishini lakho ukhuseleko, iqonga langoku lokuhlanganisa imisebenzi kunye nokunciphisa ukuxhomekeka kwilifa lezixhobo zedesktop — iqala nje kwi-$19/ngenyanga. Jonga iMewayz kwi-app.mewayz.com kwaye ubone indlela 0fer ,0138 more namhlanje.