Microsoft Windows内核用户态回调本地权限提升漏洞(MS08-025)

漏洞信息详情

Microsoft Windows内核用户态回调本地权限提升漏洞(MS08-025)

• CNNVD编号：CNNVD-200804-105
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2008-1084
  
• 漏洞类型：
  
  
  代码注入
  
• 发布时间：
  
  2008-04-08
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2009-03-04
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  Thomas Garnier

Microsoft Windows是微软发布的非常流行的操作系统 。

Windows内核处理用户传入的数据时存在漏洞，本地攻击者可能利用此漏洞提升自己的权限 。

Windows内核没有正确验证从用户态传递到内核的输入，允许攻击者以提升的权限运行代码。成功利用此漏洞的攻击者可执行任意代码，并可完全控制受影响的系统。攻击者可随后安装程序；查看、更改或删除数据；或者创建拥有完全用户权限的新帐户 。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Microsoft Windows Server 2003 Datacenter Edition SP1

Microsoft Security Update for Windows Server 2003 (KB941693)

http://www.microsoft.com/downloads/details.aspx?familyid=d3b855a6-4648 -4771-826d-11a151828eac&displaylang=en

Microsoft Windows XP Media Center Edition SP2

Microsoft Security Update for Windows XP (KB941693)

http://www.microsoft.com/downloads/details.aspx?familyid=0e937f65-abd0 -46dd-8883-5bfd70ea1178&displaylang=en

Microsoft Windows Vista Home Premium 64-bit edition 0

Microsoft Security Update for Windows Vista for x64-based Systems (KB941693)

http://www.microsoft.com/downloads/details.aspx?familyid=d56bb4fe-304e -45e0-95f2-fde2f47b2a04&displaylang=en

Microsoft Windows Server 2003 Itanium SP1

Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB941693)

http://www.microsoft.com/downloads/details.aspx?familyid=126426a7-be38 -4327-89db-02d99d76589d&displaylang=en

Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Beta 1

Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB941693)

http://www.microsoft.com/downloads/details.aspx?familyid=126426a7-be38 -4327-89db-02d99d76589d&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition Itanium SP1

Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB941693)

http://www.microsoft.com/downloads/details.aspx?familyid=126426a7-be38 -4327-89db-02d99d76589d&displaylang=en

Microsoft Windows Vista x64 Edition 0

Microsoft Security Update for Windows Vista for x64-based Systems (KB941693)

http://www.microsoft.com/downloads/details.aspx?familyid=d56bb4fe-304e -45e0-95f2-fde2f47b2a04&displaylang=en

Microsoft Windows Server 2003 Datacenter x64 Edition SP2

Microsoft Security Update for Windows Server 2003 x64 Edition (KB941693)

http://www.microsoft.com/downloads/details.aspx?familyid=320fd100-35e1 -4345-9399-796393235cbc&displaylang=en

Microsoft Windows Server 2003 Datacenter Edition SP1 Beta 1

Microsoft Security Update for Windows Server 2003 (KB941693)

http://www.microsoft.com/downloads/details.aspx?familyid=d3b855a6-4648 -4771-826d-11a151828eac&displaylang=en

Microsoft Windows Vista Business 64-bit edition 0

Microsoft Security Update for Windows Vista for x64-based Systems (KB941693)

http://www.microsoft.com/downloads/details.aspx?familyid=d56bb4fe-304e -45e0-95f2-fde2f47b2a04&displaylang=en

Microsoft Windows Vista Home Basic SP1

Microsoft Security Update for Windows Vista (KB941693)

http://www.microsoft.com/downloads/details.aspx?familyid=9640cd8b-d749 -4ddd-8af9-b298cebed969&displaylang=en

Microsoft Windows XP Tablet PC Edition SP2

Microsoft Security Update for Windows XP (KB941693)

http://www.microsoft.com/downloads/details.aspx?familyid=0e937f65-abd0 -46dd-8883-5bfd70ea1178&displaylang=en

Microsoft Windows Vista Home Premium 64-bit edition SP1

Microsoft Security Update for Windows Vista for x64-based Systems (KB941693)

http://www.microsoft.com/downloads/details.aspx?familyid=d56bb4fe-304e -45e0-95f2-fde2f47b2a04&displaylang=en

Microsoft Windows Server 2003 Web Edition SP2

Microsoft Security Update for Windows Server 2003 (KB941693)

http://www.microsoft.com/downloads/details.aspx?familyid=d3b855a6-4648 -4771-826d-11a151828eac&displaylang=en

Microsoft Windows Vista Home Premium

Microsoft Security Update for Windows Vista (KB941693)

http://www.microsoft.com/downloads/details.aspx?familyid=9640cd8b-d749 -4ddd-8af9-b298cebed969&displaylang=en

Microsoft Windows Server 2003 Standard Edition SP1

Microsoft Security Update for Windows Server 2003 (KB941693)

http://www.microsoft.com/downloads/details.aspx?familyid=d3b855a6-4648 -4771-826d-11a151828eac&displaylang=en

Microsoft Windows Server 2003 x64 SP1

Microsoft Security Update for Windows Server 2003 x64 Edition (KB941693)

http://www.microsoft.com/downloads/details.aspx?familyid=320fd100-35e1 -4345-9399-796393235cbc&displaylang=en

Microsoft Windows XP Professional x64 Edition SP2

Microsoft Security Update for Windows XP x64 E

来源: BID

名称: 28554

链接:http://www.securityfocus.com/bid/28554

来源: SECTRACK

名称: 1019803

链接:http://www.securitytracker.com/id?1019803

来源: MILW0RM

名称: 5518

链接:http://www.milw0rm.com/exploits/5518

来源: MS

名称: MS08-025

链接:http://www.microsoft.com/technet/security/bulletin/ms08-025.mspx

来源: VUPEN

名称: ADV-2008-1149

链接:http://www.frsirt.com/english/advisories/2008/1149/references

来源: SECUNIA

名称: 29720

链接:http://secunia.com/advisories/29720

来源: OVAL

名称: oval:org.mitre.oval:def:5437

链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5437

来源: MISC

链接:http://milw0rm.com/sploits/2008-ms08-25-exploit.zip

来源: HP

名称: HPSBST02329

链接:http://marc.info/?l=bugtraq&m=120845064910729&w=2