本月微软补丁日共六个漏洞被提前公开,其中两个Windows特权提升漏洞CVE-2019-0797和CVE-2019-0808被国外的安全研究员发现了野外利用,微软紧急修复了这两个Win32k提权0day漏洞。
CVE-2019-0797是一个win32k驱动程序中存在竞争条件引发的漏洞,它的产生是由于未记录的系统调用NtDCompositionDiscardFrame和NtDCompositionDestroyConnection之间缺乏正确同步。黑客需登录系统,并通过运行特制的应用程序利用该漏洞进行攻击,成功利用漏洞可以让黑客在内核模式下运行任意代码,黑客可以完全控制受影响的系统。
这是除了CVE-2018-8589和CVE-2018-8611之外,同一APT组织SandCat所使用的第三种利用竞争条件的0day漏洞攻击。该漏洞影响从Windows 8到Windows 10 1703 64位的所有操作系统。
CVE-2019-0808则是上周被公布在野利用的一枚0day漏洞,该漏洞的利用方式与前者类似,成功利用它可以让黑客在内核模式下运行任意代码。
攻击者将它和Chrome浏览器0day漏洞CVE-2019-5786组合在一起发动漏洞利用攻击。在CVE-2019-5786帮助攻击者逃离Chrome安全沙箱后,再利用CVE-2019-0808是提升的管理员权限执行其恶意代码。
除此之外,本月还一次性公布了3个Windows DHCP客户端远程执行代码漏洞(CVE-2019-0697,CVE-2019-0698,CVE-2019-0726),影响Windows 10 1803- Windows 10 1809的所有系统,无需用户交互即可被利用,成功利用后可在客户端计算机上运行任意代码。漏洞威胁程度较高,建议优先修复。
漏洞编号:CVE-2019-0808
漏洞曝光时间:2019-03-13
漏洞风险程度:重要
漏洞曝光程度:已公开
受影响软件以及版本:
|
Windows 7 for 32-bit Systems Service Pack 1 |
|
Windows 7 for 32-bit Systems Service Pack 1 |
|
Windows 7 for x64-based Systems Service Pack 1 |
|
Windows 7 for x64-based Systems Service Pack 1 |
|
Windows Server 2008 for 32-bit Systems Service Pack 2 |
|
Windows Server 2008 for 32-bit Systems Service Pack 2 |
|
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
|
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
|
Windows Server 2008 for Itanium-Based Systems Service Pack 2 |
|
Windows Server 2008 for Itanium-Based Systems Service Pack 2 |
|
Windows Server 2008 for x64-based Systems Service Pack 2 |
|
Windows Server 2008 for x64-based Systems Service Pack 2 |
|
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
|
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
|
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
|
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
|
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
|
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
|
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
|
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
漏洞编号:CVE-2019-0797
漏洞曝光时间:2019-03-13
漏洞风险程度:重要
漏洞曝光程度:已公开
受影响软件以及版本:
|
Windows 10 for 32-bit Systems |
|
Windows 10 for x64-based Systems |
|
Windows 10 Version 1607 for 32-bit Systems |
|
Windows 10 Version 1607 for x64-based Systems |
|
Windows 10 Version 1703 for 32-bit Systems |
|
Windows 10 Version 1703 for x64-based Systems |
|
Windows 10 Version 1709 for 32-bit Systems |
|
Windows 10 Version 1709 for 64-based Systems |
|
Windows 10 Version 1709 for ARM64-based Systems |
|
Windows 10 Version 1803 for 32-bit Systems |
|
Windows 10 Version 1803 for ARM64-based Systems |
|
Windows 10 Version 1803 for x64-based Systems |
|
Windows 10 Version 1809 for 32-bit Systems |
|
Windows 10 Version 1809 for ARM64-based Systems |
|
Windows 10 Version 1809 for x64-based Systems |
|
Windows 8.1 for 32-bit systems |
|
Windows 8.1 for 32-bit systems |
|
Windows 8.1 for x64-based systems |
|
Windows 8.1 for x64-based systems |
|
Windows RT 8.1 |
|
Windows Server 2012 |
|
Windows Server 2012 |
|
Windows Server 2012 (Server Core installation) |
|
Windows Server 2012 (Server Core installation) |
|
Windows Server 2012 R2 |
|
Windows Server 2012 R2 |
|
Windows Server 2012 R2 (Server Core installation) |
|
Windows Server 2012 R2 (Server Core installation) |
|
Windows Server 2016 |
|
Windows Server 2016 (Server Core installation) |
|
Windows Server 2019 |
|
Windows Server 2019 (Server Core installation) |
|
Windows Server, version 1709 (Server Core Installation) |
|
Windows Server, version 1803 (Server Core Installation) |
目前,腾讯电脑管家已第一时间推送以上漏洞补丁,为避免被黑客攻击,建议大家进及时行漏洞修复,保护个人隐私安全。
微软安全公告链接:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0797;
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0808;
参考链接:
https://securelist.com/cve-2019-0797-zero-day-vulnerability/89885/
