code blue 2014 : マイクロソフトの脆弱性調査 :...
TRANSCRIPT
! ! !
! ! !
! ! ! !
! ! ! ! !
!
!
!
! !
! ! !
!
!
MSVR
! MSRC ! Microso+ Security Response Center
!
! Microso+ Bounty Programs ! Web
!
MSVR
! HackerOne !
MSVR
!
! ! ! !
MSVR
! !
! !
MSVR
! Web ! h>p://technet.microso+.com/en-‐us/security/msvr
! !
! Windows
! Adobe Reader, Oracle Java PC
! PC !
! !
Reference: h>p://download.microso+.com/download/5/0/3/50310CCE-‐8AF5-‐4FB4-‐83E2-‐03F1DA92F33C/Microso+_Security_Intelligence_Report_Volume_15_English.pdf
! ! ! DNS ! SSL
!
! MSVR
! Adobe, AOL, Apple, Blackberry, CA, Cisco, CiZbank, Comodo, Fidelity, Google, Hex-‐Rays, HP, IBM, Intel, Intuit, Lenovo, Mozilla, Nullso+, Nvidia, OpenOffice, Opera, Oracle, PGP, RealNetworks, SAP, Symantec, VMware, Wireshark, WordPress, Yahoo!
!
!
! 0-‐day ! !
Reference: h>p://blogs.technet.com/b/msrc/archive/2011/04/19/coordinated-‐vulnerability-‐disclosure-‐from-‐philosophy-‐to-‐pracZce.aspx
! !
!
!
!
?
! !
!
! ! : Office Word PDF
Adobe Reader
!
! !
! !
! SDL !
XSS SQL
!
! iPhone
! ROI
MSVR
! …
! CVD ! CVD: Coordinated Vulnerability Disclosure -‐
( “responsible disclosure -‐ ” ) ! 0-‐day
! MSVR ! : ! MSVR
! CVD ! ! ( )
! Microso+ ( ) ! Online Service ( )
! MiZgaZon Bypass ( ) ! : ! !
MSVR
1:
1 :
! <insert any Windows 0day full disclosure post here in the last 20 years>
2:
! : !
! ! ! !
!
!
2 :
! Windows ! 8
! NumLock ! 8 !
3:
! ? ! SSL SSL ?
! Web Internet Explorer ?
!
3 : 0-DAY
! Microso+ :
! Bing
! : “Bing ”
4:
! ( Web ! ☺
! PGP S/MIME ! PGP …
!
4 :
! : ID
! : ID Web
! : ID ?
! :
! :
5:
!
!
!
!
5 : !
! 6
6:
! !
! ” ” ☺
6 :
! : ! < >
! : !
7: MSVR
! !
!
! !
!
! MSVR
7B: MSVR
!
: LIBAVCODEC
! MSVR12-‐017 ! FFmpeg Libavcodec
! VLC WMA ! !
Reference: h>p://technet.microso+.com/en-‐us/security/msvr/msvr12-‐017
: LIBAVCODEC
! !Exploitable (Windbg) libavcodec_plugin.dll WriteAV
! VLC A/V
! WMA
: LIBAVCODEC
: LIBAVCODEC
! 0x0001 0x0007
! word ? ! ?
: LIBAVCODEC
! OffVis ! “Microso+ Office VisualizaZon Tool(Offivis) IT
doc*, xls*, ppt*Microso+ Office ”
! Web
! GUT
Reference: h>p://www.microso+.com/en-‐us/download/details.aspx?id=2096
: LIBAVCODEC
: LIBAVCODEC
! !
! ASF WMA
! ASF “Number of Channels” ! 16bit ! WAVEFORMATEX ! “number of audio channels”( )
! 0x0003 0x0008 ! 0x0009 VLC WMA2
Reference: h>p://msdn.microso+.com/en-‐us/library/bb643323.aspx
: LIBAVCODEC
! 2 ! pop ebx
! call dword ptr[ebx+30h]
! ? ☺
! ! ebx ! call pop
: LIBAVCODEC
! msvr@microso+.com
! MSVR ! ! !
: LIBAVCODEC
! 2012 5
: LIBAVCODEC
: VMWARE
! MSVR13-‐002 ! VMware OVF Tool
! 1: VMware ? ! VMX ! VMDK ! OVF
! …more
Reference: h>p://technet.microso+.com/en-‐us/security/msvr/msvr13-‐002
: VMWARE
! 2: OVF ? ! (Open Virtual Machine Format)
! “ ”
Reference: h>p://www.vmware.com/pdf/ovf_whitepaper_specificaZon.pdf
: VMWARE
! XML ! XML
: VMWARE
! 3: VMware OVF ?
! ov+ool.exe ! VMware player OVF
: VMWARE
4: OVFTool ?
: VMWARE
5:
<?xml version="1.0" encoding="uy-‐8"?>
<ovf:Envelope xmlns:xsi="h>p://www.w3.org/2001/XMLSchema-‐instance" xmlns:ovf="%p.%p.%p.%p.%p.%p.%p.%p" xmlns:vssd="h>p://schemas.dmy.org/wbem/wscim/1/cim-‐schema/2/CIM_VirtualSystemSe{ngData" … </ovf:Envelope>
: VMWARE
…
: VMWARE
: BLACKBERRY PTG
! “Blackberry Print To Go Auth Bypass” ! ?
! Blackberry PTG ? ! PC BlackBerry Playbook ” ” ! PC
PDF Playbook
: BLACKBERRY PTG
: BLACKBERRY PTG
! Playbook ! BlackBerry ID( ID/ )
! Playbook PTG ! PIN Playbook
! ! Playbook ” ” BlackBerry
: BLACKBERRY PTG
: BLACKBERRY PTG
! 1234 …
! URL Webh>p://localhost:1234/myserverlet/
! !
: BLACKBERRY PTG
! ! 1234
: BLACKBERRY PTG
: BLACKBERRY PTG
: BLACKBERRY PTG
: BLACKBERRY PTG
! ? ! Playbook
! BlackBerry BlackBerry security
! BlackBerry ! “ BlackBerry ID
”
! Playbook ! !
! ! ! !
! ! Web
!
! MSVR !
MSVR
!
!
! ROI
!
! ” ” ! : HackerOne ” ”
!
! (PGP S/MIME)
! ! !
! !
! ! ! ( ) !
!
!
! msvr@microso+.com
©2014 Microso+ CorporaZon. All Rights Reserved.
This document is provided "as-‐is." InformaZon and views expressed in this document, including URL and other Internet Web site references, may change without noZce. You bear the risk of using it. Some examples are for illustraZon only and are ficZZous. No real associaZon is intended or inferred. This document does not provide you with any legal rights to any intellectual property owned by Microso+. You may copy and use this document for your internal, reference purposes.