0x00簡介
2021年2月10日拉岁,微軟每月的例行補(bǔ)丁包中修復(fù)了一個(gè)Windows系統(tǒng)本地提權(quán)漏洞员舵,本地攻擊者可以利用此漏洞提升到system權(quán)限,據(jù)稱此漏洞被用于定向攻擊活動(dòng)虾啦。
0x01漏洞概述
該漏洞由函數(shù)win32kfull!xxxCreateWi ndowEx 對應(yīng)用層回調(diào)返回?cái)?shù)據(jù)校驗(yàn)不嚴(yán)導(dǎo)致乓梨,本地用戶執(zhí)行漏洞利用程序獲取系統(tǒng)權(quán)限瞄桨。
0x02影響范圍
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
0x03環(huán)境搭建
1纹冤,首先下載我們本次的復(fù)現(xiàn)環(huán)境的系統(tǒng)洒宝,地址:https://msdn.itellyou.cn/
2,然后我們選擇windows10的1909版本
3萌京,然后我們在虛擬機(jī)里面安裝這個(gè)windows10的版本雁歌,這里安裝過程我們省略,可以自行百度
0x04漏洞復(fù)現(xiàn)
1知残,首先我們下載漏洞復(fù)現(xiàn)的exp
地址:https://github.com/shanfenglan/test/blob/master/cve-2021-1732.exe
2将宪,創(chuàng)建一個(gè)普通用戶test
3,然后運(yùn)行exp
cve-2-21-1732.exe "whoami"
4橡庞,可以運(yùn)行添加一下用戶
cve-2021-1732 "net user a a /add"
0x05修復(fù)建議
直接更新微軟補(bǔ)丁,可通過以下鏈接獲取相關(guān)安全補(bǔ)队≌帷:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1732
