CVE-2020-0787 Windows 全版本

2020-07-02 22:09:15 Author: forum.90sec.com
觉得文章还不错?,点我收藏



一、漏洞概述:

2020年3月10日,微软官方公布了一个本地提权漏洞CVE-2020-0787,根据微软的漏洞描述声称,攻击者在使用低权限用户登录系统后,可以利用该漏洞构造恶意程序直接提权到administrator或者system权限。system是windows所有操作系统中权限最大的账户。
微软官方声明:

二、影响范围

基本上Windows全版本了

  • Windows 10 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 Version 1607 for x64-based Systems
  • Windows 10 Version 1709 for 32-bit Systems
  • Windows 10 Version 1709 for ARM64-based Systems
  • Windows 10 Version 1709 for x64-based Systems
  • Windows 10 Version 1803 for 32-bit Systems
  • Windows 10 Version 1803 for ARM64-based Systems
  • Windows 10 Version 1803 for x64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1903 for 32-bit Systems
  • Windows 10 Version 1903 for ARM64-based Systems
  • Windows 10 Version 1903 for x64-based Systems
  • Windows 10 Version 1909 for 32-bit Systems
  • Windows 10 Version 1909 for ARM64-based Systems
  • Windows 10 Version 1909 for x64-based Systems
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows 8.1 for 32-bit systems
  • Windows 8.1 for x64-based systems
  • Windows RT 8.1
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for Itanium-Based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2016
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2019
  • Windows Server 2019 (Server Core installation)
  • Windows Server, version 1803 (Server Core Installation)
  • Windows Server, version 1903 (Server Core installation)
  • Windows Server, version 1909 (Server Core installation

三、漏洞利用

全世界最猛的同性社交网站 Github 中已经有dalao做出了漏洞利用的 Exp
连接如下:

下载如下exe文件:

我的Windows测试机:

左侧cmd为普通用的whoami执行结果,右测cmd为执行exe后的自动弹框

最终提权成功,输入whoami看到已经成功获取system权限。

四、修复建议:

跟着微软升级好了~

License:

本文仅供相关知识学习研究,任何使用本文内容进行涉及违法犯罪的行为及后果与该文及作者无关。

  • 通过
  • 未通过

0 投票者




觉得文章还不错?,点我收藏



如果文章侵犯到您的版权,请联系我:buaq.net[#]pm.me