微软Windows MSCTF框架提权漏洞预警

报告编号：B6-2019-081601

报告来源：360-CERT

报告作者：360-CERT

更新日期：2019-08-16

0x00 漏洞背景

2019年8月13日，Google安全研究员Tavis Ormandy发布博客披露了Windows操作系统MSCTF中存在了多年的漏洞。

0x01 漏洞详情

Google安全研究员Tavis Ormandy在Windows文本服务框架(MSCTF)中发现了一些从Windows XP开始就存在的设计缺陷。已登录Windows系统的攻击者可以利用漏洞获得SYSTEM权限。Ormandy还在YouTube上发布了一个视频演示，通过利用该协议劫持系统用来显示登录屏幕的Windows LogonUI程序来在Windows中获得SYSTEM权限。

微软目前已经发布编号为CVE-2019-1162的安全补丁解决了Windows操作系统高级本地过程调用(ALPC)中相关的问题，目前尚不清楚是否还会发布针对其它组件的补丁来修补MSCTF。

0x02 影响版本

CVE-2019-1162受影响的版本如下：

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1703 for 32-bit Systems

Windows 10 Version 1703 for x64-based Systems

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for 64-based Systems

Windows 10 Version 1709 for ARM64-basedSystems

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for ARM64-basedSystems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-basedSystems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for ARM64-basedSystems

Windows 10 Version 1903 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit SystemsService Pack 2

Windows Server 2008 for 32-bit SystemsService Pack 2 (Server Core installation)

Windows Server 2008 for Itanium-Based SystemsService Pack 2

Windows Server 2008 for x64-based SystemsService Pack 2

Windows Server 2008 for x64-based SystemsService Pack 2 (Server Core installation)

Windows Server 2008 R2 for Itanium-BasedSystems Service Pack 1

Windows Server 2008 R2 for x64-based SystemsService Pack 1

Windows Server 2008 R2 for x64-based SystemsService Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Coreinstallation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Coreinstallation)

Windows Server 2016

Windows Server 2016 (Server Coreinstallation)

Windows Server 2019

Windows Server 2019 (Server Coreinstallation)

Windows Server, version 1803 (Server CoreInstallation)

Windows Server, version 1903 (Server Coreinstallation)

0x03 修复建议

目前漏洞利用相关代码已经公开，360CERT建议通过安装360安全卫士进行一键更新。应及时进行Microsoft Windows版本更新并且保持Windows自动更新开启，也可以通过下载参考链接中的软件包，手动进行升级。

0x04 时间线

2019-08-14 微软官方发布安全公告

2019-08-16 360CERT发布预警

0x05 参考链接

1. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1162
2. https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html

声明：本文来自360CERT，版权归作者所有。文章内容仅代表作者独立观点，不代表安全内参立场，转载目的在于传递更多信息。如有侵权，请联系 anquanneican@163.com。