Windows漏出多个内核提权漏洞,附POC

2019-10-12 13:40:28 作者: lanren [百度已收录] [搜狗已收录] [360已收录]

windows

首先... 这是非常值得重视的安全漏洞。
这两天,Google 安全研究团队一口气报了6个Windows 内核的高危漏洞。当中四个属于读跨界漏洞,一个空指针引用漏洞和一个win32k.sys TTF 字体处理漏洞。
Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter

#CVE 号

在里面,至少有三个CVE号,影响范围相当的大.

CVE-2019-1341

Windows 提权漏洞

影响范围:Win7及以上全体desktop和server版本的Windows系统。

CVE-2019-1362

Windows Win32k 提权漏洞

影响范围:Win7、Win2008、Win2008R2 及其细分版本。

CVE-2019-1364

Windows Win32k 提权漏洞

影响范围:Win7、Win2008、Win2008R2 及其细分版本。

(除此之外,近日公布漏洞还有一个远程桌面客户端任意代码执行漏洞(CVE-2019-1333))

#漏洞细节

Google 安全研究团队公布了触发漏洞的细节,exploit-db上可以清楚地看到相应的bug触发条件和崩溃日志,以及触发此漏洞的POC。

#1 Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter

触发漏洞的细节:

https://www.exploit-db.com/exploits/47484

poc:

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47484.zip

#2 Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File

触发漏洞的细节:

https://www.exploit-db.com/exploits/47485

poc:

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47485.zip

#3 Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File

触发漏洞的细节:

https://www.exploit-db.com/exploits/47486

poc:

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47486.zip

#4 Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File

触发漏洞细的节:

https://www.exploit-db.com/exploits/47487

poc:

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47487.zip

#5 Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File

触发漏洞的细节:

https://www.exploit-db.com/exploits/47488

poc:

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47488.zip

#6 Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File

触发漏洞的细节:

https://www.exploit-db.com/exploits/47489

poc:

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47489.zip

Google团队只提供了能触发漏洞的细节,并没有写相应的利用工具。

鉴于如此高危的漏洞集体蹦了出来,咱可爱的用户们... 赶紧点击Windows更新,打一下补丁...


Windows漏出多个内核提权漏洞

版权免责声明 1、本网站名称:三岁半资源网
2、本站永久网址:http://sansuib.com
3、本网站的资源部分来源于网络,如有侵权,请联系站长进行删除处理。
4、会员发帖仅代表会员个人观点,并不代表本站赞同其观点和对其真实性负责。
5、本站一律禁止以任何方式发布或转载任何违法的相关信息,访客发现请向站长举报
6、本站资源大多存储在云盘,如发现链接失效  点此反馈 我们会第一时间更新。

评论
本文作者 阅读排行 文章推荐

首页
最新
投稿
精选
我的