Windows漏出多个内核提权漏洞,附POC

2019-10-12
网站源码
来自: 网络收集

Windows漏出多个内核提权漏洞,附POC

首先... 这是非常值得重视的安全漏洞。这两天,Google 安全研究团队一口气报了6个Windows 内核的高危漏洞。当中四个属于读跨界漏洞,一个空指针引用漏洞和一个win32k.sys TTF 字体处理漏洞。
Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE FileWindows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE FileWindows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE FileWindows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE FileWindows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE FileWindows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter

#CVE 号

在里面,至少有三个CVE号,影响范围相当的大.

CVE-2019-1341

Windows 提权漏洞

影响范围:Win7及以上全体desktop和server版本的Windows系统。

CVE-2019-1362

Windows Win32k 提权漏洞

影响范围:Win7、Win2008、Win2008R2 及其细分版本。

CVE-2019-1364

Windows Win32k 提权漏洞

影响范围:Win7、Win2008、Win2008R2 及其细分版本。

(除此之外,近日公布漏洞还有一个远程桌面客户端任意代码执行漏洞(CVE-2019-1333))

#漏洞细节

Google 安全研究团队公布了触发漏洞的细节,exploit-db上可以清楚地看到相应的bug触发条件和崩溃日志,以及触发此漏洞的POC。

#1 Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter

触发漏洞的细节:

https://www.exploit-db.com/exploits/47484

poc:

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47484.zip

#2 Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File

触发漏洞的细节:

https://www.exploit-db.com/exploits/47485

poc:

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47485.zip

#3 Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File

触发漏洞的细节:

https://www.exploit-db.com/exploits/47486

poc:

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47486.zip

#4 Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File

触发漏洞细的节:

https://www.exploit-db.com/exploits/47487

poc:

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47487.zip

#5 Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File

触发漏洞的细节:

https://www.exploit-db.com/exploits/47488

poc:

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47488.zip

#6 Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File

触发漏洞的细节:

https://www.exploit-db.com/exploits/47489

poc:

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47489.zip

Google团队只提供了能触发漏洞的细节,并没有写相应的利用工具。

鉴于如此高危的漏洞集体蹦了出来,咱可爱的用户们... 赶紧点击Windows更新,打一下补丁...
Windows漏出多个内核提权漏洞
天猫紫色立体渐变手机端首页模板源文件下载
民萌 各大网站二次元美图应有尽有b站也有