提交需求
*
*

*
*
*
立即提交
点击”立即提交”,表明我理解并同意 《美创科技隐私条款》

logo

    产品与服务
    解决方案
    技术支持
    合作发展
    关于美创

    申请试用
      【漏洞通告】Windows 错误报告服务权限提升漏洞(CVE-2023-36874)
      发布时间:2023-08-29 阅读次数: 1088 次
      漏洞描述
      Windows错误报告服务是一项用于收集和分析系统和应用程序错误的服务。当发生应用程序崩溃、操作系统故障或其他错误时,Windows错误报告服务会自动收集有关错误的信息。
      美创安全实验室监测到Microsoft发布了Windows的风险通告,漏洞编号:CVE-2023-36874,漏洞等级:高危。由于Windows 错误报告服务对数据的验证不恰当,经过身份认证的本地攻击者可以构造恶意程序触发该漏洞,成功利用此漏洞可以提升权限至SYSTEM目前,该漏洞的技术细节POCEXP均已公开,且已出现在野利用
      影响范围
      影响版本:
      • Windows Server 2019
      • Windows 10 Version 1809 for ARM64-based Systems
      • Windows 10 Version 1809 for x64-based Systems
      • Windows 10 Version 1809 for 32-bit Systems
      • Windows Server 2012 R2 (Server Core installation)
      • Windows Server 2012 R2
      • Windows Server 2012 (Server Core installation)
      • Windows Server 2012
      • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
      • Windows Server 2008 R2 for x64-based Systems Service Pack 1
      • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
      • Windows 11 version 21H2 for ARM64-based Systems
      • Windows 11 version 21H2 for x64-based Systems
      • Windows Server 2022 (Server Core installation)
      • Windows Server 2022
      • Windows Server 2019 (Server Core installation)
      • Windows Server 2008 for x64-based Systems Service Pack 2
      • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
      • Windows Server 2008 for 32-bit Systems Service Pack 2
      • Windows Server 2016 (Server Core installation)
      • Windows Server 2016
      • Windows 10 Version 1607 for x64-based Systems
      • Windows 10 Version 1607 for 32-bit Systems
      • Windows 10 for x64-based Systems
      • Windows 10 for 32-bit Systems
      • Windows 10 Version 22H2 for 32-bit Systems
      • Windows 10 Version 22H2 for ARM64-based Systems
      • Windows 10 Version 22H2 for x64-based Systems
      • Windows 11 Version 22H2 for x64-based Systems
      • Windows 11 Version 22H2 for ARM64-based Systems
      • Windows 10 Version 21H2 for x64-based Systems
      • Windows 10 Version 21H2 for ARM64-based Systems
      • Windows 10 Version 21H2 for 32-bit Systems

      处置建议
      1.Windows自动更新

      Windows系统默认启用 Microsoft update,当检测到可用更新时,将会自动下载更新并在下一次启动时安装。

      2.手动安装补丁
      对于不能自动更新的系统版本,可参考以下链接下载适用于该系统的补丁并安装:

      https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36874

      免费试用
      服务热线

      马上咨询

      400-811-3777

      回到顶部