¡¾·ì϶¹«¸æ¡¿Win32kÌØȨÌáÉý·ì϶£¨CVE-2023-29336£©

°ä²¼¹¦·ò 2023-06-09

Ò»¡¢·ì϶¸ÅÊö

CVE   ID

CVE-2023-29336

·¢ÏÖ¹¦·ò

2023-05-10

Àà    ÐÍ

ȨÏÞÌáÉý

µÈ    ¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

±¾µØ

ËùÐèȨÏÞ

µÍ

¹¥»÷¸´ÔÓ¶È

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

Òѹ«¿ª

ÔÚÒ°ÀûÓÃ

ÒÑ·¢ÏÖ

 

6ÔÂ9ÈÕ£¬GA»Æ½ð¼×VSRC¼à²âµ½Win32k ÌØȨÌáÉý·ì϶£¨CVE-2023-29336£¬CVSSÆÀ·Ö7.8£©µÄ·ì϶ϸ½Ú¼°POC£¨ºÏÓÃÓÚWindows Server 2016£©ÔÚ»¥ÁªÍøÉϹ«¿ª¡£Î¢ÈíÒÑÔÚ5ÔÂ9ÈÕ°ä²¼µÄ°²È«¸üÐÂÖн¨¸´Á˸÷ì϶£¬Ä¿Ç°ÒѾ­¼ì²âµ½·ì϶ÀûÓá£

Win32k×Óϵͳ£¨Win32k.sysÄÚºËÇý¶¯·¨Ê½£©ÖÎÀí²Ù×÷ϵͳµÄ´°¿ÚÖÎÀíÆ÷¡¢ÆÁÄ»Êä³ö¡¢ÊäÈëºÍͼÐΣ¬²¢×÷Ϊ¸÷ÀàÊäÈëÓ²¼þÖ®¼äµÄ½Ó¿Ú¡£

Win32kÄÚºËÇý¶¯·¨Ê½ÖдæÔÚȨÏÞÌáÉý·ì϶£¬ÓÉÓÚWin32kÖÐֻרһÓÚËø¶¨´°¿Ú¶ÔÏó£¬ÎÞÒâÖкöÂÔÁËËø¶¨Ç¶Ì×ÔÚ´°¿Ú¶ÔÏóÖеIJ˵¥¶ÔÏó£¬Äܹ»Í¨¹ý¸ü¸ÄϵͳÄÚ´æÖеÄÌض¨µØÖ·À´½ÚÔì²Ëµ¥¶ÔÏó£¬ÒÔ»ñµÃÓëÆô¶¯ËüµÄ·¨Ê½Ò»Ñù¼¶´ËÍâ½Ó¼ûȨÏÞ£¬²¢Í¨¹ýÆäËü²Ù×÷ʵÏÖ½«È¨ÏÞÌáÉýΪSYSTEM¡£

 

¶þ¡¢Ó°ÏìÁìÓò

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

 

Èý¡¢°²È«´ëÊ©

3.1 Éý¼¶°æ±¾

¸Ã·ì϶ÒÑÔÚ΢Èí5Ô°䲼µÄ°²È«¸üÐÂÖн¨¸´£¬ÊÜÓ°ÏìÓû§¿ÉʵʱװÖò¹¶¡¡£

ÏÂÔØÁ´½Ó£º

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29336

3.2 һʱ´ëÊ©

ÔÝÎÞ¡£

3.3 ͨÓý¨Òé

l  ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬Ï÷¼õϵͳ·ì϶£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£

l  ¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔ죬Åú¸Ä·À»ðǽսÊõ£¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬Ï÷¼õ¹¥»÷Ãæ¡£

l  ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£

l  ¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏ޶ȡ£

l  ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£

3.4 ²Î¿¼Á´½Ó

https://www.numencyber.com/cve-2023-29336-win32k-analysis/

https://www.bleepingcomputer.com/news/security/poc-released-for-windows-win32k-bug-exploited-in-attacks/

 

ËÄ¡¢°æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

±¸×¢

V1.0

2023-06-09

³õ´Î°ä²¼

  

Îå¡¢¸½Â¼

5.1 GA»Æ½ð¼×¼ò½é

GA»Æ½ð¼×³ÉÁ¢ÓÚ1996Ä꣬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ´´½¨µÄ¡¢Õ¼ÓÐÆëÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢°²È«¸ß¿Æ¼¼ÆóÒµ¡£ÊǹúÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢°²È«²úÆ·¡¢°²È«·þÎñ½â¾ö¹æ»®µÄÁ캽ÆóÒµÖ®Ò»¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°GA»Æ½ð¼×´óÏ㬹«Ë¾Ô±¹¤6000ÓàÈË£¬Ñз¢ÍŶÓ1200ÓàÈË, ¼¼Êõ·þÎñÍŶÓ1300ÓàÈË¡£ÔÚÈ«¹ú¸÷Ê¡¡¢ÊÓ×¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬Õ¼Óи²¸ÇÈ«¹úµÄÏúÊÛϵͳ¡¢Çþ·ϵͳºÍ¼¼ÊõÖ§³Öϵͳ¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐÓ×°å¹ÒÅÆÉÏÊС££¨¹ÉƱ´úÂ룺002439£©

¶àÄêÀ´£¬GA»Æ½ð¼×ÖÂÁ¦ÓÚÌṩӵÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷´´Ðµİ²È«²úÆ·ºÍ×î¼Ñʵ¼Ê·þÎñ£¬Ô®ÊÖ¿Í»§È«ÃæÌáÉýÆäIT»ù´¡ÉèÊ©µÄ°²È«ÐԺͳö²úЧÁ¦£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢°²È«²úÒµÁì¾üÆ·Åƶø²»Ð¸ÖÂÁ¦¡£

5.2 ¹ØÓÚGA»Æ½ð¼×

GA»Æ½ð¼×°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄÒÑ°ä²¼1000¶à¸ö·ì϶¹«¸æ΢·çÏÕÔ¤¾¯£¬ÎÒÃǽ«³ÖÐø¸ú×ÙÈ«Çò×îеÄÍøÂ簲ȫÊÂÎñºÍ·ì϶£¬ÎªÆóÒµµÄÐÅÏ¢°²È«±£¼Ý»¤º½¡£

¹Ø×¢ÎÒÃÇ£º

image.png