当前位置:首页 > 报告详情

毁灭的标志:展望RCE再次来袭.pdf

上传人: 竿*** 编号:982141 2025-11-29 27页 3.76MB

1、#SECTORCA BlackHatEventsSignature of Destruction:Outlook RCE Strikes AgainMichael Gorelik&Arnold Osipov#SECTORCA BlackHatEventsAuthenticated SafeAuthentication creates a false sense of security.Post-login features rarely undergo the same validation and sanitization,leaving exploitable gaps.#SECTORCA

2、 BlackHatEventsWHOAMIFounder,Windows Reverse engineer,Red Teamer,MSC Computer Science,Vulnerability and Malware Researcher,Incident Responder,Speaker,Microsoft MVR 2025 Chief Technology Officerat Morphisecsmgoreli Michael GoreliksmgorelikMichael Gorelik#SECTORCA BlackHatEventsWHOAMIWindows Reverse e

3、ngineer,Red Teamer,Malware Researcher,Speaker,Microsoft MVR 2025Lead Malware researcherat Morphisecosipov_arArnold OsipovArnold Osipov#SECTORCA BlackHatEventsAgenda Recap-Defcon+BlueHat 2024-Outlook Unleashing RCE Chaos”Forms RCE CVE-2025-21357 Outlook Roaming Settings Roaming Signatures CVE-2025-41

4、176+Patch#SECTORCA BlackHatEventsRecapDEFCON 32-Outlook Unleashing RCE Chaos CVE-2024CVE-2024-21378 NetSPI CVE-2024-30103https:/ BlackHatEventsRecapBlueHat 2024-Outlook Unleashing RCE Chaos CVE-2024CVE-2024-38173https:/ BlackHatEventsCVE-2025-21357Dereferencing of potentially controlled pointer lead

5、s to a crash#SECTORCA BlackHatEvents#SECTORCA BlackHatEventsRoaming Settings GET/PATCH/DELETE/ows/v1/OutlookCloudSettings/settings/account Hosts:,App barSignaturesCalendar Filterhttps:/ BlackHatEventsCaching Settings Locally#SECTORCA BlackHatEventsRoaming SignaturesIn New Outlook,Microsoft uses roam

6、ing signatures October 2022,signatures are stored in the cloud tied to the mailbox not the profile or device.#SECTORCA BlackHatEventsCreate Signature on Desktop#SECTORCA BlackHatEventsLocal SignaturesAll signatures are roamed into a special folder:%AppData%RoamingMicrosoftSignatu

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
1. **Outlook RCE漏洞**:Outlook存在多个远程代码执行(RCE)漏洞,如CVE-2024-21378、CVE-2024-30103、CVE-2024-38173和CVE-2025-21357。 2. **Roaming Signatures**:Outlook使用云存储签名,存储在云中,与邮箱相关,而非设备或配置文件。 3. **CVE-2025-41176**:此漏洞因路径遍历导致RCE,被分类为重要,并已修复。 4. **补丁不足**:补丁仅对特定字符进行限制,未对所有漫游设置进行清理。 5. **研究方向**:新签名类型未验证,非标准密钥可能用于持久性和后门,以及“txt”类型未清理。 6. **建议**:立即修补CVE-2025-41176,禁用或限制漫游签名,监控同步异常,并采用多层次防御策略。
"Outlook RCE漏洞,你了解多少?" "签名安全漏洞,如何防范?" "Outlook漫游签名,风险有多大?"
客服
商务合作
小程序
服务号
折叠