Google¤Î¤ªÊú¤¨¥Ï¥Ã¥«¡¼¤¬Windows¤Î¥Ð¥°¤òȯ¸«¡¢¿¼¹ïÅÙ¤ÏÄ㤤¤¬¥µ¡¼¥Ó¥¹µñÈݾõÂ֤˴٤붲¤ì¤¢¤ê
By turalmammadzada
Windows¤Î°Å¹æ¥é¥¤¥Ö¥é¥ê¡ÖSymCrypt¡×¤Î¥Ð¥°¾ðÊ󤬥ϥå«¡¼¤Ë¤è¤Ã¤ÆTwitter¤Ç¸ø³«¤µ¤ì¤Þ¤·¤¿¡£¤³¤Î¥Ï¥Ã¥«¡¼¡¢¥¿¥ô¥£¥¹¡¦¥ª¡¼¥Þ¥ó¥Ç¥£¤µ¤ó¤ÏGoogle½ê°¤Î¥Û¥ï¥¤¥È¥Ï¥Ã¥«¡¼¤Ç¡¢»öÁ°¤ËMicrosoft¤Ë¥Ð¥°È¯¸«¤òÊó¹ð¤·¤Æ¤¤¤Þ¤·¤¿¡£¤·¤«¤·¡¢Microsoft¤«¤éÊÖÅú¤Î¤¢¤Ã¤¿´üÆü¤Þ¤Ç¤ËÂбþ¤¬¹Ô¤ï¤ì¤Ê¤«¤Ã¤¿¤¿¤á¡¢¾ðÊó¤Î¸ø³«¤ËƧ¤ßÀڤ俤ȤΤ³¤È¡£
https://bugs.chromium.org/p/project-zero/issues/detail?id=1804
SymCrypt Bug Would Let Attacker "Take Down Entire Windows Fleet"
https://www.cbronline.com/news/symcrypt-bug
Flaw in SymCrypt Can Trigger DDoS - Infosecurity Magazine
https://www.infosecurity-magazine.com/news/flaw-in-symcrypt-can-trigger-ddos-1-1/
¥ª¡¼¥Þ¥ó¥Ç¥£¤µ¤ó¤¬»ØŦ¤·¤¿¥Ð¥°¤Ï¡¢Windows¾å¤ÎÁ´¤Æ¤Î°Å¹æ²½¤ò¤Ä¤«¤µ¤É¤ë°Å¹æ¥é¥¤¥Ö¥é¥êSymCrypt¤ò³èÍѤ¹¤ë¥×¥í¥È¥³¥ë¤Ê¤É¤Ç̵¸Â¥ë¡¼¥×¤ò¶¯À©Åª¤ËȯÀ¸¤µ¤»¤ë¤È¤¤¤¦¤â¤Î¤Ç¤¹¡£S/MIME¡¢authenticode¡¢IPsec¡¢IIS¤Ê¤É¤ÏSymCrypt¤Ë¤è¤ë°Å¹æ²½¤ò»ÈÍѤ·¤Æ¤¤¤ë¤Î¤Ç¡¢VPN¤äMicrosoft Exchange Server¤ò¼Â¹Ô¤·¤è¤¦¤È¤·¤¿¥¿¥¤¥ß¥ó¥°¤Ç¡¢È¯¸«¤µ¤ì¤¿ÀȼåÀ¤ò»È¤Ã¤Æ¥Ç¥Ã¥É¥í¥Ã¥¯¤Ë´Ù¤é¤»¤Æ¥µ¡¼¥Ó¥¹µñÈÝ(DoS)¾õÂ֤˴٤餻¤ë¤³¤È¤¬²Äǽ¤È¤Î¤³¤È¡£
¥ª¡¼¥Þ¥ó¥Ç¥£¤µ¤ó¤Ï¤³¤Î¡ÖÈæ³ÓŪ¿¼¹ïÅÙ¤¬Ä㤤¡×¤È¤¤¤¦¥Ð¥°¤òMicrosoft¤ËÊó¹ð¡£Êó¹ð¤ò¼õ¤±¤ÆMicrosoft¤Ï90Æü°ÊÆâ¤Ë½¤Àµ¤¹¤ë¤³¤È¤ò¥ª¡¼¥Þ¥ó¥Ç¥£¤µ¤ó¤ËÌ󫤷¤Þ¤·¤¿¤¬¡¢´üÆü¤Þ¤Ç¤Ë½¤Àµ¤¬¹Ô¤ï¤ì¤Ê¤«¤Ã¤¿¤¿¤á¡¢¥ª¡¼¥Þ¥ó¥Ç¥£¤µ¤ó¤Ï¥Ð¥°¤Î¾ðÊó¤òTwitter¤Çȯɽ¤·¤Þ¤·¤¿¡£
I noticed a bug in SymCrypt, the core library that handles all crypto on Windows. It's a DoS, but this means basically anything that does crypto in Windows can be deadlocked (s/mime, authenticode, ipsec, iis, everything). Microsoft committed to fixing it in 90 days, then didn't.— Tavis Ormandy (@taviso) June 11, 2019
Microsoft¤Î¹ÊóôÅö¼Ô¤ÏInfosecurity Magazine¤ËÂФ·¤Æ¡ÖMicrosoft¤ÏÊó¹ð¤µ¤ì¤¿¥Ð¥°¤Ë¤Ç¤¤ë¸Â¤êÁ᤯Âн褹¤ë¤è¤¦ÀÕǤ¤ò»ý¤Ã¤Æ¼è¤êÁȤó¤Ç¤¤¤Þ¤¹¡£¤â¤Á¤í¤ó´ü¸Â¤Ë´Ö¤Ë¹ç¤¦¤è¤¦¤ËÁ´ÎϤò¿Ô¤¯¤·¤Æ¤¤¤Þ¤¹¤¬¡¢ÌµÍý¤ä¤ê´ü¸Â¤Ë´Ö¤Ë¹ç¤ï¤»¤ë¤È°±Æ¶Á¤¬½Ð¤Æ¤·¤Þ¤¤¤Þ¤¹¡£¥»¥¥å¥ê¥Æ¥£¥¢¥Ã¥×¥Ç¡¼¥È¤Î³«È¯¤Ï®ÅÙ¤ÈÀµ³ÎÀ¤Î¥Ð¥é¥ó¥¹¤òµá¤á¤é¤ì¤ë¥Ç¥ê¥±¡¼¥È¤Êºî¶È¤Ç¤¹¡£¥Ð¥°¤Î±Æ¶Á¤ò¤Ç¤¤ë¸Â¤ê¾¯¤Ê¤¯¤·¤Ê¤¬¤é¡¢¤Ç¤¤ë¸Â¤ê¿¤¯¤ÎPC¤Î¥»¥¥å¥ê¥Æ¥£¤òÊݸ¤ë¤³¤È¤òÌÜɸ¤È¤·¤Æ¤¤¤Þ¤¹¡×¤È¥á¡¼¥ë¤Ç²óÅú¤·¤Æ¤¤¤Þ¤¹¡£¤Ê¤ª¡¢¥ª¡¼¥Þ¥ó¥Ç¥£¤µ¤ó¤Ë¤è¤ë¤È¤³¤Î¥Ð¥°¤Ï¡ÖÈæ³ÓŪ¿¼¹ïÅÙ¤¬Ä㤤¡×¤È¤Î¤³¤È¤Ç¤¹¡£