Microsoft Windows内核整数溢出本地特权提升漏洞

发表评论 (0) 查看评论

漏洞起因
边界条件错误
 
影响系统
Microsoft Windows XP Tablet PC Edition SP3
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows XP Professional x64 Edition SP3
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows XP Professional SP3
Microsoft Windows XP Professional SP2
Microsoft Windows XP Media Center Edition SP3
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Home SP3
Microsoft Windows XP Home SP2
Microsoft Windows Vista x64 Edition SP2
Microsoft Windows Vista x64 Edition SP1
Microsoft Windows Vista x64 Edition 0
Microsoft Windows Vista Ultimate 64-bit edition SP2
Microsoft Windows Vista Ultimate 64-bit edition SP1
Microsoft Windows Vista Ultimate 64-bit edition 0
Microsoft Windows Vista Home Premium 64-bit edition SP2
Microsoft Windows Vista Home Premium 64-bit edition SP1
Microsoft Windows Vista Home Premium 64-bit edition 0
Microsoft Windows Vista Home Basic 64-bit edition SP2
Microsoft Windows Vista Home Basic 64-bit edition SP1
Microsoft Windows Vista Home Basic 64-bit edition 0
Microsoft Windows Vista Enterprise 64-bit edition SP2
Microsoft Windows Vista Enterprise 64-bit edition SP1
Microsoft Windows Vista Enterprise 64-bit edition 0
Microsoft Windows Vista Business 64-bit edition SP2
Microsoft Windows Vista Business 64-bit edition SP1
Microsoft Windows Vista Business 64-bit edition 0
Microsoft Windows Vista Ultimate SP2
Microsoft Windows Vista Ultimate SP1
Microsoft Windows Vista Ultimate
Microsoft Windows Vista Home Premium SP2
Microsoft Windows Vista Home Premium SP1
Microsoft Windows Vista Home Premium
Microsoft Windows Vista Home Basic SP2
Microsoft Windows Vista Home Basic SP1
Microsoft Windows Vista Home Basic
Microsoft Windows Vista Enterprise SP2
Microsoft Windows Vista Enterprise SP1
Microsoft Windows Vista Enterprise
Microsoft Windows Vista Business SP2
Microsoft Windows Vista Business SP1
Microsoft Windows Vista Business
Microsoft Windows Vista 0
Microsoft Windows Server 2008 Standard Edition SP2
Microsoft Windows Server 2008 Standard Edition 0
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2008 for x64-based Systems 0
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems 0
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2008 for 32-bit Systems 0
Microsoft Windows Server 2008 Enterprise Edition SP2
Microsoft Windows Server 2008 Enterprise Edition 0
Microsoft Windows Server 2008 Datacenter Edition SP2
Microsoft Windows Server 2008 Datacenter Edition 0
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Server 2003 Itanium SP2
Microsoft Windows Server 2003 Enterprise x64 Edition SP2
Microsoft Windows Server 2003 Datacenter x64 Edition SP2
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Advanced Server SP4
3DM Software Disk Management Software SP2
 
不受影响系统
 
危害
本地攻击者可以利用漏洞以内核模式执行任意代码。
 
攻击所需条件
攻击者必须访问Microsoft Windows。
 
漏洞信息
Microsoft Windows是一款流行的操作系统。
Microsoft Windows内核不正确处理64位值到32位值的截断,本地攻击者可以利用漏洞以内核模式执行任意代码。
攻击者借此可安装程序;查看,更改或删除数据;或以系统特权建立新帐户。
 
测试方法
 
厂商解决方案
用户可参考如下供应商提供的安全补丁:
Microsoft Windows XP Media Center Edition SP2
Microsoft Security Update for Windows XP (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=cece4c55-0756 -4357-9d2d-6709e8426068
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Security Update for Windows Server 2008 (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=71aec6f6-a36b -465e-8885-b094dfd30423
Microsoft Windows Vista x64 Edition 0
Microsoft Security Update for Windows Vista for x64-based Systems (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=13a3fe0b-e300 -4568-aa08-d586ab8d5434
Microsoft Windows Server 2003 Datacenter x64 Edition SP2
Microsoft Security Update for Windows Server 2003 x64 Edition (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=95286b8d-4b53 -4e6c-af59-e9e18fad3559
Microsoft Windows Vista Home Basic SP1
Microsoft Security Update for Windows Vista (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=acf6f3e6-282e -4f05-9060-8d0ebb874b97
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Security Update for Windows XP (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=cece4c55-0756 -4357-9d2d-6709e8426068
Microsoft Windows XP Media Center Edition SP3
Microsoft Security Update for Windows XP (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=cece4c55-0756 -4357-9d2d-6709e8426068
Microsoft Windows Vista Home Premium
Microsoft Security Update for Windows Vista (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=acf6f3e6-282e -4f05-9060-8d0ebb874b97
Microsoft Windows Vista Enterprise
Microsoft Security Update for Windows Vista (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=acf6f3e6-282e -4f05-9060-8d0ebb874b97
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Security Update for Windows XP x64 Edition (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=5459b7d4-1fab -4a04-ab9d-b8323505c1e2
Microsoft Windows Vista 0
Microsoft Security Update for Windows Vista (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=acf6f3e6-282e -4f05-9060-8d0ebb874b97
Microsoft Windows Vista Business
Microsoft Security Update for Windows Vista (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=acf6f3e6-282e -4f05-9060-8d0ebb874b97
Microsoft Windows Server 2003 x64 SP2
Microsoft Security Update for Windows Server 2003 x64 Edition (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=95286b8d-4b53 -4e6c-af59-e9e18fad3559
Microsoft Windows Vista x64 Edition SP1
Microsoft Security Update for Windows Vista for x64-based Systems (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=13a3fe0b-e300 -4568-aa08-d586ab8d5434
Microsoft Windows Vista Ultimate SP1
Microsoft Security Update for Windows Vista (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=acf6f3e6-282e -4f05-9060-8d0ebb874b97
Microsoft Windows XP Tablet PC Edition SP3
Microsoft Security Update for Windows XP (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=cece4c55-0756 -4357-9d2d-6709e8426068
Microsoft Windows Server 2008 for x64-based Systems 0
Microsoft Security Update for Windows Server 2008 x64 Edition (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=88f4189f-71fe -404a-869e-3f76692acf94
Microsoft Windows Vista Home Basic
Microsoft Security Update for Windows Vista (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=acf6f3e6-282e -4f05-9060-8d0ebb874b97
Microsoft Windows Vista Business SP1
Microsoft Security Update for Windows Vista (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=acf6f3e6-282e -4f05-9060-8d0ebb874b97
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Security Update for Windows Server 2008 for Itanium-based Systems (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=3e0f0b1c-ca5d -43fc-9770-73396a5f191c
Microsoft Windows 2000 Advanced Server SP4
Microsoft Security Update for Windows 2000 (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=bdfa6583-28a2 -4d6b-91d2-157a8518b664
Microsoft Windows Vista Ultimate
Microsoft Security Update for Windows Vista (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=acf6f3e6-282e -4f05-9060-8d0ebb874b97
3DM Software Disk Management Software SP2
Microsoft Security Update for Windows Server 2003 (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=1e3f3842-f8fd -4969-a2cf-706db38d7580
Microsoft Windows Vista Home Premium SP1
Microsoft Security Update for Windows Vista (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=acf6f3e6-282e -4f05-9060-8d0ebb874b97
Microsoft Windows XP Home SP2
Microsoft Security Update for Windows XP (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=cece4c55-0756 -4357-9d2d-6709e8426068
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Security Update for Windows Server 2008 x64 Edition (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=88f4189f-71fe -404a-869e-3f76692acf94
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Security Update for Windows 2000 (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=bdfa6583-28a2 -4d6b-91d2-157a8518b664
Microsoft Windows Server 2003 Itanium SP2
Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=faef714b-5f46 -47f2-bea7-881df05a1bc0
Microsoft Windows Server 2008 Standard Edition 0
Microsoft Security Update for Windows Server 2008 (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=71aec6f6-a36b -465e-8885-b094dfd30423
Microsoft Windows XP Home SP3
Microsoft Security Update for Windows XP (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=cece4c55-0756 -4357-9d2d-6709e8426068
Microsoft Windows Vista x64 Edition SP2
Microsoft Security Update for Windows Vista for x64-based Systems (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=13a3fe0b-e300 -4568-aa08-d586ab8d5434
Microsoft Windows Server 2008 for Itanium-based Systems 0
Microsoft Security Update for Windows Server 2008 for Itanium-based Systems (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=3e0f0b1c-ca5d -43fc-9770-73396a5f191c
Microsoft Windows XP Professional SP3
Microsoft Security Update for Windows XP (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=cece4c55-0756 -4357-9d2d-6709e8426068
Microsoft Windows Server 2008 for 32-bit Systems 0
Microsoft Security Update for Windows Server 2008 (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=71aec6f6-a36b -465e-8885-b094dfd30423
Microsoft Windows XP Professional SP2
Microsoft Security Update for Windows XP (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=cece4c55-0756 -4357-9d2d-6709e8426068
Microsoft Windows 2000 Server SP4
Microsoft Security Update for Windows 2000 (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=bdfa6583-28a2 -4d6b-91d2-157a8518b664
Microsoft Windows Server 2003 Enterprise x64 Edition SP2
Microsoft Security Update for Windows Server 2003 x64 Edition (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=95286b8d-4b53 -4e6c-af59-e9e18fad3559
Microsoft Windows Server 2008 Datacenter Edition 0
Microsoft Security Update for Windows Server 2008 (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=71aec6f6-a36b -465e-8885-b094dfd30423
Microsoft Windows 2000 Professional SP4
Microsoft Security Update for Windows 2000 (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=bdfa6583-28a2 -4d6b-91d2-157a8518b664
Microsoft Windows Server 2008 Enterprise Edition 0
Microsoft Security Update for Windows Server 2008 (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=71aec6f6-a36b -465e-8885-b094dfd30423
Microsoft Windows Vista Enterprise SP1
Microsoft Security Update for Windows Vista (KB971486)
http://www.microsoft.com/downloads/details.aspx?familyid=acf6f3e6-282e -4f05-9060-8d0ebb874b97
 
漏洞提供者
Tavis Ormandy and Neel Mehta

发表评论?

0 条评论。

发表评论