(CVE-2018-8453)Windows 本地提权漏洞.md¶
描述¶
Microsoft Windows中存在提权漏洞,该漏洞源于Win32k组件没有正确的处理内存对象。本地攻击者可通过登录系统并运行特制的应用程序,利用该漏洞在内核模式下以提升的权限执行代码。
影响版本¶
| Product | Version | Update | Edition | Tested |
|---|---|---|---|---|
| Windows 10 | - | |||
| Windows 10 | 1607 | |||
| Windows 10 | 1703 | |||
| Windows 10 | 1709 | ✔️ | ||
| Windows 10 | 1803 | |||
| Windows 10 | 1809 | |||
| Windows 7 | - | SP1 | ||
| Windows 8.1 | ||||
| Windows Rt 8.1 | - | |||
| Windows Server 2008 | - | SP2 | ||
| Windows Server 2008 | R2 | SP1 | ||
| Windows Server 2012 | - | |||
| Windows Server 2012 | R2 | |||
| Windows Server 2016 | - | |||
| Windows Server 2016 | 1709 | |||
| Windows Server 2016 | 1803 | |||
| Windows Server 2019 | - |
修复补丁¶
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453
利用方式¶
编译环境
- VS2019 (V140)X64 Release
测试系统Windows 10 1709 x64
项目来源¶
https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2018-8453