本月微软补丁日共六个漏洞被提前公开,其中两个Windows特权提升漏洞CVE-2019-0797和CVE-2019-0808被国外的安全研究员发现了野外利用,微软紧急修复了这两个Win32k提权0day漏洞。
CVE-2019-0797是一个win32k驱动程序中存在竞争条件引发的漏洞,它的产生是由于未记录的系统调用NtDCompositionDiscardFrame和NtDCompositionDestroyConnection之间缺乏正确同步。黑客需登录系统,并通过运行特制的应用程序利用该漏洞进行攻击,成功利用漏洞可以让黑客在内核模式下运行任意代码,黑客可以完全控制受影响的系统。
这是除了CVE-2018-8589和CVE-2018-8611之外,同一APT组织SandCat所使用的第三种利用竞争条件的0day漏洞攻击。该漏洞影响从Windows 8到Windows 10 1703 64位的所有操作系统。
CVE-2019-0808则是上周被公布在野利用的一枚0day漏洞,该漏洞的利用方式与前者类似,成功利用它可以让黑客在内核模式下运行任意代码。
攻击者将它和Chrome浏览器0day漏洞CVE-2019-5786组合在一起发动漏洞利用攻击。在CVE-2019-5786帮助攻击者逃离Chrome安全沙箱后,再利用CVE-2019-0808是提升的管理员权限执行其恶意代码。
除此之外,本月还一次性公布了3个Windows DHCP客户端远程执行代码漏洞(CVE-2019-0697,CVE-2019-0698,CVE-2019-0726),影响Windows 10 1803- Windows 10 1809的所有系统,无需用户交互即可被利用,成功利用后可在客户端计算机上运行任意代码。漏洞威胁程度较高,建议优先修复。
漏洞编号:CVE-2019-0808
漏洞曝光时间:2019-03-13
漏洞风险程度:重要
漏洞曝光程度:已公开
受影响软件以及版本:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
漏洞编号:CVE-2019-0797
漏洞曝光时间:2019-03-13
漏洞风险程度:重要
漏洞曝光程度:已公开
受影响软件以及版本:
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for 64-based Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1709 (Server Core Installation)
Windows Server, version 1803 (Server Core Installation)
目前,腾讯电脑管家已第一时间推送以上漏洞补丁,为避免被黑客攻击,建议大家进及时行漏洞修复,保护个人隐私安全。
微软安全公告链接:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0797;
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0808;
参考链接:
https://securelist.com/cve-2019-0797-zero-day-vulnerability/89885/