当前位置:首页 > 安全预警 > 正文

Windows ALPC本地提权漏洞(CVE-2019-1162)预警

发布时间:2019-08-15 19:47:19,来源:中国信息通信研究院

      一、基本情况

Windows操作系统高级本地过程调用(ALPC)中存在一个本地提权漏洞,CVE编号: CVE-2019-1162。攻击者利用此漏洞可提权至 SYSTEM获取对目标系统的最高控制权。

      二、漏洞描述

MSRC发布了安全通告修复了关于Windows操作系统高级本地过程调用(ALPC)中的一个本地提权漏洞(CVE-2019-1162)。为了成功利用此漏洞,需要攻击者已经拥有了在目标系统上执行代码的普通用户权限。攻击者可通过包括但不限于以下两种方式获取该权限:

恶意攻击者对目标服务器上安装的服务进行远程攻击,从而获取可执行任意代码的普通用户权限。典型的场景如对目标服务器上的 Web 服务进行攻击,从而获取 Webshell。

在企业办公场景中,通常企业办公网由 Windows 域搭建。该场景下,默认所有域账号(员工账号)可以对几乎所有域内主机(办公终端、服务器)进行控制台登陆,从而获得在该主机上执行代码的普通用户权限。

攻击者在目标主机获取了可执行任意代码的普通用户权限后,通过成功利用该漏洞,可提升至最高权限,对目标主机进行完全控制。

      三、影响范围

该漏洞影响所有Microsoft Windows版本,受影响的版本如下:

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1703 for 32-bit Systems

Windows 10 Version 1703 for x64-based Systems

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for 64-based Systems

Windows 10 Version 1709 for ARM64-basedSystems

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for ARM64-basedSystems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-basedSystems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for ARM64-basedSystems

Windows 10 Version 1903 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit SystemsService Pack 2

Windows Server 2008 for 32-bit SystemsService Pack 2 (Server Core installation)

Windows Server 2008 for Itanium-Based SystemsService Pack 2

Windows Server 2008 for x64-based SystemsService Pack 2

Windows Server 2008 for x64-based SystemsService Pack 2 (Server Core installation)

Windows Server 2008 R2 for Itanium-BasedSystems Service Pack 1

Windows Server 2008 R2 for x64-based SystemsService Pack 1

Windows Server 2008 R2 for x64-based SystemsService Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Coreinstallation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Coreinstallation)

Windows Server 2016

Windows Server 2016 (Server Coreinstallation)

Windows Server 2019

Windows Server 2019 (Server Coreinstallation)

Windows Server, version 1803 (Server CoreInstallation)

Windows Server, version 1903 (Server Coreinstallation)

      四、处置建议

微软官方目前已发布补丁以修复这些漏洞,请及时进行修复:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1162

      五、参考链接

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1162