【漏洞通告】CVE-2020-17008 Windows Kernel 0day漏洞

发布时间 2020-12-24

0x00 漏洞概述

CVE  ID

CVE-2020-17008

时  间

2020-12-24

类   型


等  级

高危

远程利用

影响范围


 

0x01 漏洞详情

image.png

今年6月,微软发布安全公告,Windows kernel中存在一个权限提升漏洞(CVE-2020-0986)。该漏洞是由于Windows kernel无法正确处理内存中的对象,其CVSS评分为7.8。成功利用此漏洞的攻击者可以在kernel模式下运行任意代码,最终导致攻击者在系统上安装恶意程序、更改或删除数据、创建帐户等。但要利用此漏洞,攻击者必须先登录并控制系统。微软在6月发布的安全更新中通过更改Windows kernel处理内存中对象的方式来修复此漏洞。

但由于微软发布的补丁程序无法修复CVE-2020-0986,攻击者仍然可以通过发送偏移量来触发此漏洞,以提高其对kernel的权限,此漏洞被分配的CVE ID为CVE-2020-17008。

CVE-2020-0986是由于任意指针引用,允许攻击者控制指向memcpy函数的“src”和“dest”指针。微软的补丁程序是不正确的,因为它更改了指向偏移量的指针,因此攻击者仍可以控制该函数的参数。由于披露期限超期,目前该漏洞的PoC已经公布。

影响范围

Windows Server 2012

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 for x64-based Systems

Windows 10 Version 1709 for x64-based Systems

Windows 10 Version 1709 for 32-bit Systems

Windows Server, version 1909 (Server Core installation)

Windows 10 Version 1909 for ARM64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for 32-bit Systems

Windows 10 for 32-bit Systems

Windows Server, version 1903 (Server Core installation)

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1709 for ARM64-based Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows Server, version 1803 (Server Core Installation)

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

 

0x02 处置建议

微软计划在2020年11月发布该漏洞的补丁,但由于在测试阶段发现问题,因此推迟到2021年1月12日星期二发布,建议等待官方发布补丁并做好相关防护措施。

0x03 参考链接

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0986

https://www.bleepingcomputer.com/news/security/windows-zero-day-with-bad-patch-gets-new-public-exploit-code/

https://bugs.chromium.org/p/project-zero/issues/detail?id=2096

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17008

 

0x04 时间线

2020-12-23  Stone披露漏洞

2020-12-24  VSRC发布安全通告

 

0x05 附录

 

CVSS评分标准官网:http://www.first.org/cvss/

image.png