【漏洞通告】CVE-2020-17008 Windows Kernel 0day漏洞
发布时间 2020-12-240x00 漏洞概述
CVE ID | CVE-2020-17008 | 时 间 | 2020-12-24 |
类 型 | 等 级 | 高危 | |
远程利用 | 否 | 影响范围 |
0x01 漏洞详情
今年6月,Microsoft发布安全公告,Windows kernel中存在一个权限提升漏洞(CVE-2020-0986)。该漏洞是由于Windows kernel无法正确处理内存中的对象,其CVSS评分为7.8。成功利用此漏洞的攻击者可以在kernel模式下运行任意代码,最终导致攻击者在系统上安装恶意程序、更改或删除数据、创建帐户等。但要利用此漏洞,攻击者必须先登录并控制系统。Microsoft在6月发布的安全更新中通过更改Windows kernel处理内存中对象的方式来修复此漏洞。
但由于Microsoft发布的补丁程序无法修复CVE-2020-0986,攻击者仍然可以通过发送偏移量来触发此漏洞,以提高其对kernel的权限,此漏洞被分配的CVE ID为CVE-2020-17008。
CVE-2020-0986是由于任意指针引用,允许攻击者控制指向memcpy函数的“src”和“dest”指针。Microsoft的补丁程序是不正确的,因为它更改了指向偏移量的指针,因此攻击者仍可以控制该函数的参数。由于披露期限超期,目前该漏洞的PoC已经公布。
影响范围:
Windows Server 2012
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 for x64-based Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for 32-bit Systems
Windows 10 for 32-bit Systems
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows Server, version 1803 (Server Core Installation)
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
0x02 处置建议
Microsoft计划在2020年11月发布该漏洞的补丁,但由于在测试阶段发现问题,因此推迟到2021年1月12日星期二发布,建议等待官方发布补丁并做好相关防护措施。
0x03 参考链接
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0986
https://www.bleepingcomputer.com/news/security/windows-zero-day-with-bad-patch-gets-new-public-exploit-code/
https://bugs.chromium.org/p/project-zero/issues/detail?id=2096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17008
0x04 时间线
2020-12-23 Stone披露漏洞
2020-12-24 VSRC发布安全通告
0x05 附录
CVSS评分标准官网:http://www.first.org/cvss/