暂无图片
暂无图片
暂无图片
暂无图片
暂无图片
首页 / CVE-2020-0787 Windows 全版本,本地提权漏洞,直接system权限

CVE-2020-0787 Windows 全版本,本地提权漏洞,直接system权限

燕云实验室 2021-06-28
1747


“燕云实验室”是河北千诚电子科技有限公司成立的网络安全攻防技术研究实验室。专注于web安全,网络攻防,安全运维,应急溯源方面的研究,开发成果应用于产品核心技术转化,国家重点科技项目攻关。




一、漏洞概述:

微软官方公布了一个本地提权漏洞CVE-2020-0787,根据微软的漏洞描述声称,攻击者在使用低权限用户登录系统后,可以利用该漏洞构造恶意程序直接提权到administrator或者system权限。system是windows所有操作系统中权限最大的账户。
微软官方声明:

二、影响范围

基本上Windows全版本了

  • Windows 10 for 32-bit Systems

  • Windows 10 for x64-based Systems

  • Windows 10 Version 1607 for 32-bit Systems

  • Windows 10 Version 1607 for x64-based Systems

  • Windows 10 Version 1709 for 32-bit Systems

  • Windows 10 Version 1709 for ARM64-based Systems

  • Windows 10 Version 1709 for x64-based Systems

  • Windows 10 Version 1803 for 32-bit Systems

  • Windows 10 Version 1803 for ARM64-based Systems

  • Windows 10 Version 1803 for x64-based Systems

  • Windows 10 Version 1809 for 32-bit Systems

  • Windows 10 Version 1809 for ARM64-based Systems

  • Windows 10 Version 1809 for x64-based Systems

  • Windows 10 Version 1903 for 32-bit Systems

  • Windows 10 Version 1903 for ARM64-based Systems

  • Windows 10 Version 1903 for x64-based Systems

  • Windows 10 Version 1909 for 32-bit Systems

  • Windows 10 Version 1909 for ARM64-based Systems

  • Windows 10 Version 1909 for x64-based Systems

  • Windows 7 for 32-bit Systems Service Pack 1

  • Windows 7 for x64-based Systems Service Pack 1

  • Windows 8.1 for 32-bit systems

  • Windows 8.1 for x64-based systems

  • Windows RT 8.1

  • Windows Server 2008 for 32-bit Systems Service Pack 2

  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

  • Windows Server 2008 for Itanium-Based Systems Service Pack 2

  • Windows Server 2008 for x64-based Systems Service Pack 2

  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

  • Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1

  • Windows Server 2008 R2 for x64-based Systems Service Pack 1

  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

  • Windows Server 2012

  • Windows Server 2012 (Server Core installation)

  • Windows Server 2012 R2

  • Windows Server 2012 R2 (Server Core installation)

  • Windows Server 2016

  • Windows Server 2016 (Server Core installation)

  • Windows Server 2019

  • Windows Server 2019 (Server Core installation)

  • Windows Server, version 1803 (Server Core Installation)

  • Windows Server, version 1903 (Server Core installation)

  • Windows Server, version 1909 (Server Core installation

三、漏洞利用

全世界最猛的同性社交网站 Github 中已经有dalao做出了漏洞利用的 Exp
连接如下:
https://github.com/cbwang505/CVE-2020-0787-EXP-ALL-WINDOWS-VERSION

下载如下exe文件:

我的Windows测试机:

左侧cmd为普通用的whoami执行结果,右测cmd为执行exe后的自动弹框

最终提权成功,输入whoami看到已经成功获取system权限。

四、修复建议:

跟着微软升级好了~


声明


署名:CC BY-NC-SA 3.0 CN

文中所涉及的技术,思路和工具仅供以安全为目的的学习交流使用,请勿做非法用途否则后果自负。






数据库
文章转载自燕云实验室,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。

评论