{"id":15897,"date":"2020-08-13T19:34:58","date_gmt":"2020-08-13T22:34:58","guid":{"rendered":"https:\/\/www.kaspersky.com.br\/blog\/?p=15897"},"modified":"2020-08-13T20:08:41","modified_gmt":"2020-08-13T23:08:41","slug":"cve-2020-1380-vulnerability","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.br\/blog\/cve-2020-1380-vulnerability\/15897\/","title":{"rendered":"Opera\u00e7\u00e3o\u00a0PowerFall: Duas vulnerabilidades\u00a00-day\u00a0"},"content":{"rendered":"<p><span data-contrast=\"auto\">Nossas tecnologias impediram um ataque a uma empresa sul-coreana recentemente. Voc\u00ea pode dizer que foi apenas mais um dia normal\u00a0<\/span><span data-contrast=\"auto\">para a<\/span><span data-contrast=\"auto\"> gente, mas, ao analisar as ferramentas dos cibercriminosos, nossos especialistas descobriram duas vulnerabilidades <a href=\"https:\/\/www.kaspersky.com.br\/blog\/kaspersky-oday-windows\/11169\/\" target=\"_blank\" rel=\"noopener\">0-<\/a><\/span><span data-contrast=\"auto\">day<\/span><span data-contrast=\"auto\">. Eles encontraram\u00a0<\/span><span data-contrast=\"auto\">a<\/span><span data-contrast=\"auto\">\u00a0primeir<\/span><span data-contrast=\"auto\">a<\/span><span data-contrast=\"auto\">\u00a0em um mecanismo do\u00a0<\/span><span data-contrast=\"auto\">JavaScript<\/span><span data-contrast=\"auto\"> para o Internet Explorer 11. A falha permitiu aos invasores executar um c\u00f3digo arbitr\u00e1rio remotamente. A outra, detectada em um servi\u00e7o do sistema operacional, permite aos invasores aumentar privil\u00e9gios e executar a\u00e7\u00f5es n\u00e3o autorizadas.<\/span><span data-ccp-props='{\"201341983\":0,\"335559739\":160,\"335559740\":259}'>\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">As explora\u00e7\u00f5es\u00a0<\/span><span data-contrast=\"auto\">d<\/span><span data-contrast=\"auto\">essas vulnerabilidades operaram em conjunto. Primeiro, a v\u00edtima recebeu um script malicioso<\/span><span data-contrast=\"auto\">\u00a0que uma lacuna do\u00a0<\/span><span data-contrast=\"auto\">Internet Explorer 11 permitiu a execu\u00e7\u00e3o<\/span><span data-contrast=\"auto\">.<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">E<\/span><span data-contrast=\"auto\">m seguida, uma falha no servi\u00e7o do sistema\u00a0<\/span><span data-contrast=\"auto\">concedeu ainda mais\u00a0<\/span><span data-contrast=\"auto\">privil\u00e9gios\u00a0<\/span><span data-contrast=\"auto\">a<\/span><span data-contrast=\"auto\">o processo malicioso. Como resultado, os invasores conseguiram assumir o controle do sistema.\u00a0<\/span><span data-contrast=\"auto\">O\u00a0<\/span><span data-contrast=\"auto\">objetivo\u00a0<\/span><span data-contrast=\"auto\">deles\u00a0<\/span><span data-contrast=\"auto\">era comprometer\u00a0<\/span><span data-contrast=\"auto\">as m\u00e1quinas\u00a0<\/span><span data-contrast=\"auto\">de v\u00e1rios funcion\u00e1rios e penetrar na rede interna.<\/span><span data-ccp-props='{\"201341983\":0,\"335559739\":160,\"335559740\":259}'>\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Nossos especialistas\u00a0<\/span><span data-contrast=\"auto\">intitularam<\/span><span data-contrast=\"auto\">\u00a0essa campanha maliciosa de Opera\u00e7\u00e3o\u00a0<\/span><span data-contrast=\"auto\">PowerFall<\/span><span data-contrast=\"auto\">. No momento, n\u00e3o encontraram nenhuma liga\u00e7\u00e3o indiscut\u00edvel entre esta campanha e atores conhecidos. No entanto, a julgar pela semelhan\u00e7a d<\/span><span data-contrast=\"auto\">os\u00a0<\/span><span data-contrast=\"auto\">exploits<\/span><span data-contrast=\"auto\">, n\u00e3o descartaram o envolvimento do <\/span><span data-contrast=\"auto\">grupo\u00a0<\/span><a href=\"https:\/\/www.kaspersky.com\/blog\/the-dark-story-of-darkhotel\/15022\/\" target=\"_blank\" rel=\"noopener nofollow\"><span data-contrast=\"none\">DarkHotel<\/span><\/a><span data-contrast=\"auto\">.<\/span><span data-ccp-props='{\"201341983\":0,\"335559739\":160,\"335559740\":259}'>\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Quando nossos pesquisadores informaram\u00a0<\/span><span data-contrast=\"auto\">para\u00a0<\/span><span data-contrast=\"auto\">a Microsoft sobre\u00a0<\/span><span data-contrast=\"auto\">as\u00a0<\/span><span data-contrast=\"auto\">descobertas, a empresa disse que j\u00e1 sabia sobre a segunda vulnerabilidade (no servi\u00e7o do sistema) e\u00a0<\/span><span data-contrast=\"auto\">que\u00a0<\/span><span data-contrast=\"auto\">at\u00e9\u00a0<\/span><span data-contrast=\"auto\">j\u00e1 havia feito\u00a0<\/span><span data-contrast=\"auto\">um<\/span><span data-contrast=\"auto\">a<\/span><span data-contrast=\"auto\">\u00a0patch para ela. Mas at\u00e9\u00a0<\/span><span data-contrast=\"auto\">o momento em\u00a0<\/span><span data-contrast=\"auto\">que\u00a0<\/span><span data-contrast=\"auto\">foram informados<\/span><span data-contrast=\"auto\">\u00a0sobre a primeira vulnerabilidade (<\/span><span data-contrast=\"auto\">a do Internet Explorer 11<\/span><span data-contrast=\"auto\">), eles consideraram\u00a0<\/span><span data-contrast=\"auto\">a descoberta\u00a0<\/span><span data-contrast=\"auto\">improv\u00e1vel<\/span><span data-contrast=\"auto\">.<\/span><span data-ccp-props='{\"201341983\":0,\"335559739\":160,\"335559740\":259}'>\u00a0<\/span><\/p>\n<h2><span data-contrast=\"none\">Qual \u00e9 o perigo d<\/span><span data-contrast=\"none\">a<\/span><span data-contrast=\"none\">\u00a0<\/span><span data-contrast=\"none\">CVE-2020-1380<\/span><span data-contrast=\"none\">?<\/span><span data-ccp-props='{\"201341983\":0,\"335559738\":40,\"335559739\":0,\"335559740\":259}'>\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">A primeira vulnerabilidade est\u00e1 na biblioteca jscript9.dll, que todas as vers\u00f5es do Internet Explorer desde o IE9 usam por padr\u00e3o. Em outras palavras, a explora\u00e7\u00e3o dessa\u00a0<\/span><span data-contrast=\"auto\">falha<\/span><span data-contrast=\"auto\">\u00a0\u00e9 perigosa para as vers\u00f5es\u00a0<\/span><span data-contrast=\"auto\">atuais<\/span><span data-contrast=\"auto\">\u00a0do navegador. (\u201c<\/span><span data-contrast=\"auto\">Atuais<\/span><span data-contrast=\"auto\">\u201d talvez\u00a0<\/span><span data-contrast=\"auto\">seja\u00a0<\/span><span data-contrast=\"auto\">um nome um pouco impr\u00f3prio, visto que a Microsoft parou de desenvolver o Internet Explorer ap\u00f3s o lan\u00e7amento do Edge, com o Windows 10). Mas, junto com o Edge, o Internet Explorer ainda \u00e9 instalado\u00a0<\/span><span data-contrast=\"auto\">(por padr\u00e3o) nas vers\u00f5es mais recentes do\u00a0<\/span><span data-contrast=\"auto\">Windows e continua sendo um componente importante do sistema operacional.<\/span><span data-ccp-props='{\"201341983\":0,\"335559739\":160,\"335559740\":259}'>\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Mesmo que voc\u00ea n\u00e3o use o IE voluntariamente, e ele n\u00e3o seja seu navegador padr\u00e3o, isso n\u00e3o significa que o seu sistema n\u00e3o possa ser infectado por <\/span><span data-contrast=\"auto\">uma falha do navegador \u2013 alguns\u00a0<\/span><span data-contrast=\"auto\">aplicativos\u00a0<\/span><span data-contrast=\"auto\">ainda o\u00a0<\/span><span data-contrast=\"auto\">usam de vez em quando. Veja o Microsoft Office, por exemplo: ele usa o IE para exibir conte\u00fado de v\u00eddeo em documentos. Os cibercriminosos tamb\u00e9m podem\u00a0<\/span><span data-contrast=\"auto\">hackear\u00a0<\/span><span data-contrast=\"auto\">o Internet Explorer por meio de outras vulnerabilidades.<\/span><span data-ccp-props='{\"201341983\":0,\"335559739\":160,\"335559740\":259}'>\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">CVE-2020-1380 pertence \u00e0 classe\u00a0<\/span><a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/use-after-free\/\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">Use-<\/span><span data-contrast=\"none\">After<\/span><span data-contrast=\"none\">\u2013<\/span><span data-contrast=\"none\">Free<\/span><\/a><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">\u2013 essa <\/span><span data-contrast=\"auto\">vulnerabilidade<\/span><span data-contrast=\"auto\">\u00a0aproveita\u00a0<\/span><span data-contrast=\"auto\">o uso incorreto de mem\u00f3ria din\u00e2mica. Voc\u00ea pode ler uma descri\u00e7\u00e3o t\u00e9cnica detalhada do<\/span><span data-contrast=\"auto\">\u00a0problema\u00a0<\/span><span data-contrast=\"auto\">com indicadores de comprometimento\u00a0<\/span><span data-contrast=\"auto\">no post\u00a0<\/span><span data-contrast=\"auto\">\u201c<\/span><a href=\"https:\/\/securelist.com\/ie-and-windows-zero-day-operation-powerfall\/97976\/\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">Cadeia completa das explora\u00e7\u00f5es de zero-<\/span><span data-contrast=\"none\">day<\/span><span data-contrast=\"none\">\u00a0do Internet Explorer 11 e do Windows usados \u200b\u200bna Opera\u00e7\u00e3o\u00a0<\/span><span data-contrast=\"none\">PowerFall<\/span><\/a><span data-contrast=\"auto\">\u201d no <\/span><span data-contrast=\"auto\">Securelist<\/span><span data-contrast=\"auto\">.<\/span><span data-ccp-props='{\"201341983\":0,\"335559739\":160,\"335559740\":259}'>\u00a0<\/span><\/p>\n<h2><span data-contrast=\"none\">Como se proteger<\/span><span data-ccp-props='{\"201341983\":0,\"335559738\":40,\"335559739\":0,\"335559740\":259}'>\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">A Microsoft\u00a0<\/span><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-0986\" target=\"_blank\" rel=\"noopener nofollow\"><span data-contrast=\"none\">lan\u00e7ou um<\/span><span data-contrast=\"none\">a<\/span><span data-contrast=\"none\">\u00a0patch para o CVE-2020-0986<\/span><\/a><span data-contrast=\"auto\">\u00a0(no kernel do Windows) em 9 de junho de 2020. A segunda vulnerabilidade,\u00a0<\/span><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-1380\" target=\"_blank\" rel=\"noopener nofollow\"><span data-contrast=\"none\">CVE-2020-1380, foi corrigida em 11 de agosto<\/span><\/a><span data-contrast=\"auto\">. Se voc\u00ea\u00a0<\/span><span data-contrast=\"auto\">atualiza\u00a0<\/span><span data-contrast=\"auto\">seus sistemas operacionais regularmente, eles j\u00e1 devem estar protegido<\/span><span data-contrast=\"auto\">s<\/span><span data-contrast=\"auto\">\u00a0contra ataques do tipo\u00a0<\/span><span data-contrast=\"auto\">identificado na\u00a0<\/span><span data-contrast=\"auto\">Opera\u00e7\u00e3o\u00a0<\/span><span data-contrast=\"auto\">PowerFall<\/span><span data-contrast=\"auto\">.<\/span><span data-ccp-props='{\"201341983\":0,\"335559739\":160,\"335559740\":259}'>\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">No entanto, vulnerabilidades\u00a0<\/span><span data-contrast=\"auto\">zero-<\/span><span data-contrast=\"auto\">day<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">surgem o tempo todo. Para manter sua empresa segura, voc\u00ea precisa usar uma solu\u00e7\u00e3o com tecnologias\u00a0<\/span><span data-contrast=\"auto\">contra essas\u00a0<\/span><span data-contrast=\"auto\">amea\u00e7as<\/span><span data-contrast=\"auto\">, como <\/span><span data-contrast=\"auto\">o <a href=\"https:\/\/www.kaspersky.com.br\/small-to-medium-business-security?icid=br_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">Kaspersky\u00a0Security for Business<\/a><\/span><span data-contrast=\"auto\">. Um de seus componentes, o subsistema\u00a0<\/span><span data-contrast=\"auto\">Exploit<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">Prevention<\/span><span data-contrast=\"auto\">, identifica tentativas de explorar vulnerabilidades\u00a0<\/span><span data-contrast=\"auto\">zero-<\/span><span data-contrast=\"auto\">day<\/span><span data-contrast=\"auto\">.<\/span><span data-ccp-props='{\"201341983\":0,\"335559739\":160,\"335559740\":259}'>\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Al\u00e9m disso, recomendamos o uso de navegadores que recebem atualiza\u00e7\u00f5es de seguran\u00e7a regulares.<\/span><span data-ccp-props='{\"201341983\":0,\"335559739\":160,\"335559740\":259}'>\u00a0<\/span><\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial\">\n","protected":false},"excerpt":{"rendered":"<p>Duas vulnerabilidades\u00a00-day\u00a0(no Internet Explorer 11 e no Windows system\u00a0service)\u00a0foram usadas no APT Opera\u00e7\u00e3o PowerFall<\/p>\n","protected":false},"author":2581,"featured_media":15900,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[14],"tags":[89,71,2424],"class_list":{"0":"post-15897","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-0-day","9":"tag-apt","10":"tag-vulnerabilities"},"hreflang":[{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/cve-2020-1380-vulnerability\/15897\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/cve-2020-1380-vulnerability\/21674\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/cve-2020-1380-vulnerability\/17137\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/cve-2020-1380-vulnerability\/23004\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/cve-2020-1380-vulnerability\/21195\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/cve-2020-1380-vulnerability\/19890\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/cve-2020-1380-vulnerability\/23630\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/cve-2020-1380-vulnerability\/22527\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/cve-2020-1380-vulnerability\/28892\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/cve-2020-1380-vulnerability\/8697\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/cve-2020-1380-vulnerability\/36698\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/cve-2020-1380-vulnerability\/15437\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/cve-2020-1380-vulnerability\/13846\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/cve-2020-1380-vulnerability\/24867\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/cve-2020-1380-vulnerability\/11794\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/cve-2020-1380-vulnerability\/28981\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/cve-2020-1380-vulnerability\/25845\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/cve-2020-1380-vulnerability\/22717\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/cve-2020-1380-vulnerability\/27964\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/cve-2020-1380-vulnerability\/27794\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.br\/blog\/tag\/apt\/","name":"APT"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/posts\/15897","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/comments?post=15897"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/posts\/15897\/revisions"}],"predecessor-version":[{"id":15901,"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/posts\/15897\/revisions\/15901"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/media\/15900"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/media?parent=15897"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/categories?post=15897"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.br\/blog\/wp-json\/wp\/v2\/tags?post=15897"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}