2019年8月13日,MSRC(微软安全应急响应中心)发布安全通告修复了 Windows操作系统高级本地过程调用(ALPC)中的一个本地提权漏洞(CVE-2019-1162)。

利用条件:
攻击者需要事先获得了在目标系统中执行代码的权限才可利用此漏洞。成功利用此漏洞的攻击者可提权至 SYSTEM 获取对目标系统的最高控制权。

目前该漏洞相关利用代码已被公开,建议尽早修复。
影响范围:
Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1703 for 32-bit Systems

Windows 10 Version 1703 for x64-based Systems

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for 64-based Systems

Windows 10 Version 1709 for ARM64-basedSystems

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for ARM64-basedSystems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-basedSystems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for ARM64-basedSystems

Windows 10 Version 1903 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit SystemsService Pack 2

Windows Server 2008 for 32-bit SystemsService Pack 2 (Server Core installation)

Windows Server 2008 for Itanium-Based SystemsService Pack 2

Windows Server 2008 for x64-based SystemsService Pack 2

Windows Server 2008 for x64-based SystemsService Pack 2 (Server Core installation)

Windows Server 2008 R2 for Itanium-BasedSystems Service Pack 1

Windows Server 2008 R2 for x64-based SystemsService Pack 1

Windows Server 2008 R2 for x64-based SystemsService Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Coreinstallation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Coreinstallation)

Windows Server 2016

Windows Server 2016 (Server Coreinstallation)

Windows Server 2019

Windows Server 2019 (Server Coreinstallation)

Windows Server, version 1803 (Server CoreInstallation)

Windows Server, version 1903 (Server Coreinstallation)

修复建议:
微软官方目前已发布补丁以修复这些漏洞,请及时进行修复。

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1162

最后修改:2021 年 03 月 09 日
© 允许规范转载
如果觉得我的文章对你有用,请随意赞赏