Microsoft Outlook¤Ë¶ÛµÞ¤ÎÀȼåÀ­¡¢¥¢¥Ã¥×¥Ç¡¼¥È¤ò

Check Point Software Technologies¤Ï2·î14Æü(Êƹñ»þ´Ö)¡¢¡ÖCheck Point Research Unveils Critical #MonikerLink Vulnerability in Microsoft Outlook with a 9.8 CVSS Severity Score - Check Point Blog¡×¤Ë¤ª¤¤¤Æ¡¢Microsoft Outlook¤Ë¶ÛµÞ¤ÎÀȼåÀ­¡Ö#MonikerLink¡×¤òȯ¸«¤·¤¿¤È¤·¤Æ¡¢Ãí°Õ¤ò´­µ¯¤·¤¿¡£¤³¤ÎÀȼåÀ­¤ò°­ÍѤµ¤ì¤ë¤È¡¢¥ê¥â¡¼¥È¤Î¹¶·â¼Ô¤Ë¤è¤êNTLM»ñ³Ê¾ðÊó¤ÎÀà¼è¤äǤ°Õ¤Î¥³¡¼¥É¤ò¼Â¹Ô¤µ¤ì¤ë²ÄǽÀ­¤¬¤¢¤ë¡£

Check Point Research Unveils Critical #MonikerLink Vulnerability in Microsoft Outlook with a 9.8 CVSS Severity Score - Check Point Blog

¡ûÀȼåÀ­¡ÖMonikerLink¡×¤Î³µÍ×

ȯ¸«¤µ¤ì¤¿ÀȼåÀ­¤Ï¡¢¡Öfile://¡×¥×¥í¥È¥³¥ë¤ò»ÈÍѤ·¤¿ÆÃÊ̤ʥϥ¤¥Ñ¡¼¥ê¥ó¥¯¤òOutlook¤¬½èÍý¤¹¤ëºÝ¤ËȯÀ¸¤¹¤ë¤È¤¤¤¦¡£Outlook(¥×¥ì¥Ó¥å¡¼¥¦¥£¥ó¥É¥¦¤ò´Þ¤à)¾å¤Ç¤³¤Î¥ê¥ó¥¯¤ò¥¯¥ê¥Ã¥¯¤¹¤ë¤È¡¢SMB(Server Message Block)¥×¥í¥È¥³¥ë¤òÍѤ¤¤Æ¹¶·â¼Ô¤¬À©¸æ¤¹¤ë°­°Õ¤Î¤¢¤ë¥ê¥â¡¼¥È¥µ¡¼¥Ð¤ØÀܳ¤¬³«»Ï¤µ¤ì¡¢¤½¤ÎºÝ¤ËNTLM»ñ³Ê¾ðÊó¤¬Ï³±Ì¤¹¤ë¡£¤½¤Î·ë²Ì¡¢Ï³±Ì¤·¤¿»ñ³Ê¾ðÊó¤¬Äɲäι¶·â¤ËÍøÍѤµ¤ì¤ë²ÄǽÀ­¤¬¤¢¤ë¡£¤Þ¤¿¡¢¤³¤ÎÀȼåÀ­¤ÏÄ̾ïɽ¼¨¤µ¤ì¤ë¥»¥­¥å¥ê¥Æ¥£·Ù¹ð¤ä¥¨¥é¡¼¥á¥Ã¥»¡¼¥¸¤Ê¤É¤ò¥Ð¥¤¥Ñ¥¹¤¹¤ë¡£

Check Point¤Ï¡¢NTML»ñ³Ê¾ðÊó¤ÎÀà¼è°Ê³°¤Ë¤âͫθ¤¹¤Ù¤­ÌäÂ꤬¤³¤ÎÀȼåÀ­¤Ë¤Ï¤¢¤ë¤È»ØŦ¤·¤Æ¤¤¤ë¡£¤½¤ì¤ÏɸŪ¤Î´Ä¶­¤ÇǤ°Õ¤Î¥³¡¼¥É¤ò¼Â¹Ô¤Ç¤­¤ë²ÄǽÀ­¤¬¤¢¤ë¤È¤¤¤¦ÅÀ¡£

¹¶·â¼Ô¤Ï°­°Õ¤Î¤¢¤ë¥Ï¥¤¥Ñ¡¼¥ê¥ó¥¯¤ò¡ÖMoniker Link¡×¤È¤·¤Æ½èÍý¤µ¤»¤ë¤³¤È¤ÇCOM¥ª¥Ö¥¸¥§¥¯¥È¤ò¸Æ¤Ó½Ð¤·¡¢Ç¤°Õ¤Î¥³¡¼¥É¤ò¥ê¥â¡¼¥È¤«¤é¼Â¹Ô¤µ¤»¤ë¤³¤È¤¬¤Ç¤­¤ë¡£¤³¤Î¥×¥í¥»¥¹¤Ë¤ÏOffice¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎÊݸî¥Ó¥å¡¼¥â¡¼¥É¤Ï´Þ¤Þ¤ì¤Ê¤¤¤¿¤á¡¢¹¶·â¼Ô¤Ï¤³¤ÎÊݸîÁؤò¥Ð¥¤¥Ñ¥¹¤·¤Æ¥³¡¼¥É¤ò¼Â¹Ô²Äǽ¤Ç¡¢¥·¥¹¥Æ¥àÁ´ÂΤò¿¯³²¤¹¤ë²ÄǽÀ­¤¬¤¢¤ë(»²¹Í¡§¡ÖURL Monikers - Win32 apps | Microsoft Learn¡×)¡£

¡ûÀȼåÀ­¤¬¤â¤¿¤é¤¹±Æ¶Á

¤³¤ÎÀȼåÀ­¤Ï¡ÖCVE-2024-21413¡×¤È¤·¤ÆÄÉÀפµ¤ì¤Æ¤ª¤ê¡¢¿¼¹ïÅ٤϶۵Þ(Critical)¤Èɾ²Á¤µ¤ì¤Æ¤¤¤ë¡£Microsoft¤Ï2·î13Æü(Êƹñ»þ´Ö)¡¢¡ÖCVE-2024-21413 - Security Update Guide - Microsoft - Microsoft Outlook Remote Code Execution Vulnerability¡×¤Ë¤ª¤¤¤Æ¡¢¤³¤ÎÀȼåÀ­¤ò½¤Àµ¤¹¤ë¥¢¥Ã¥×¥Ç¡¼¥È¤ò¸ø³«¤·¤¿¡£Microsoft Outlook¤ÎÍøÍѼԤϱƶÁ¤ò³Îǧ¤·¡¢Â®¤ä¤«¤Ë¥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ë¤³¤È¤¬Ë¾¤Þ¤ì¤Æ¤¤¤ë¡£