Windows漏出多个内核提权漏洞,附POC
时间:2019-10-11 22:26 作者:admin 分类: 业界新闻
首先... 这是非常值得重视的安全漏洞。
这两天,Google 安全研究团队一口气报了6个Windows 内核的高危漏洞。当中四个属于读跨界漏洞,一个空指针引用漏洞和一个win32k.sys TTF 字体处理漏洞。
Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
#CVE 号
在里面,至少有三个CVE号,影响范围相当的大.
CVE-2019-1341
Windows 提权漏洞
影响范围:Win7及以上全体desktop和server版本的Windows系统。
CVE-2019-1362
Windows Win32k 提权漏洞
影响范围:Win7、Win2008、Win2008R2 及其细分版本。
CVE-2019-1364
Windows Win32k 提权漏洞
影响范围:Win7、Win2008、Win2008R2 及其细分版本。
(除此之外,近日公布漏洞还有一个远程桌面客户端任意代码执行漏洞(CVE-2019-1333))
#漏洞细节
Google 安全研究团队公布了触发漏洞的细节,exploit-db上可以清楚地看到相应的bug触发条件和崩溃日志,以及触发此漏洞的POC。
#1 Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
触发漏洞的细节:
https://www.exploit-db.com/exploits/47484
poc:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47484.zip
#2 Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
触发漏洞的细节:
https://www.exploit-db.com/exploits/47485
poc:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47485.zip
#3 Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
触发漏洞的细节:
https://www.exploit-db.com/exploits/47486
poc:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47486.zip
#4 Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
触发漏洞细的节:
https://www.exploit-db.com/exploits/47487
poc:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47487.zip
#5 Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
触发漏洞的细节:
https://www.exploit-db.com/exploits/47488
poc:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47488.zip
#6 Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File
触发漏洞的细节:
https://www.exploit-db.com/exploits/47489
poc:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47489.zip
Google团队只提供了能触发漏洞的细节,并没有写相应的利用工具。
鉴于如此高危的漏洞集体蹦了出来,咱可爱的用户们... 赶紧点击Windows更新,打一下补丁...
推荐阅读: