Windows漏出多个内核提权漏洞,附POC

2019-10-11 / 0 评论 业界新闻 / Mrxn

本文共计 2472 字,感谢您的耐心浏览与评论.

首先... 这是非常值得重视的安全漏洞。


这两天,Google 安全研究团队一口气报了6个Windows 内核的高危漏洞。当中四个属于读跨界漏洞,一个空指针引用漏洞和一个win32k.sys TTF 字体处理漏洞。

Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter

#CVE 号

在里面,至少有三个CVE号,影响范围相当的大.


CVE-2019-1341

Windows 提权漏洞

影响范围:Win7及以上全体desktop和server版本的Windows系统。



CVE-2019-1362

Windows Win32k 提权漏洞

影响范围:Win7、Win2008、Win2008R2 及其细分版本。



CVE-2019-1364

Windows Win32k 提权漏洞

影响范围:Win7、Win2008、Win2008R2 及其细分版本。



(除此之外,近日公布漏洞还有一个远程桌面客户端任意代码执行漏洞(CVE-2019-1333)



#漏洞细节

Google 安全研究团队公布了触发漏洞的细节,exploit-db上可以清楚地看到相应的bug触发条件和崩溃日志,以及触发此漏洞的POC。



#1 Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter

触发漏洞的细节:

https://www.exploit-db.com/exploits/47484

poc:

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47484.zip


#2 Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File

触发漏洞的细节:

https://www.exploit-db.com/exploits/47485

poc:

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47485.zip


#3 Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File

触发漏洞的细节:

https://www.exploit-db.com/exploits/47486

poc:

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47486.zip



#Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File

触发漏洞细的节:

https://www.exploit-db.com/exploits/47487

poc:

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47487.zip



#Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File

触发漏洞的细节:

https://www.exploit-db.com/exploits/47488

poc:

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47488.zip



#Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File

触发漏洞的细节:

https://www.exploit-db.com/exploits/47489

poc:

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47489.zip


Google团队只提供了能触发漏洞的细节,并没有写相应的利用工具。


鉴于如此高危的漏洞集体蹦了出来,咱可爱的用户们... 赶紧点击Windows更新,打一下补丁...



标签: 漏洞 windows 提权

转载:转载请注明原文链接 - Windows漏出多个内核提权漏洞,附POC


0条回应:“Windows漏出多个内核提权漏洞,附POC”


发表评论

{view_code_no}