¡¾Îó²îͨ¸æ¡¿CVE-2020-17008 Windows Kernel 0dayÎó²î

Ðû²¼Ê±¼ä 2020-12-24

0x00 Îó²î¸ÅÊö

CVE  ID

CVE-2020-17008

ʱ  ¼ä

2020-12-24

Àà   ÐÍ


µÈ  ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ

·ñ

Ó°Ïì¹æÄ£


 

0x01 Îó²îÏêÇé

image.png

½ñÄê6Ô£¬£¬£¬£¬£¬£¬£¬MicrosoftÐû²¼Ç徲ͨ¸æ£¬£¬£¬£¬£¬£¬£¬Windows kernelÖб£´æÒ»¸öȨÏÞÌáÉýÎó²î£¨CVE-2020-0986£©¡£¡£¡£¸ÃÎó²îÊÇÓÉÓÚWindows kernelÎÞ·¨×¼È·´¦Öóͷ£ÄÚ´æÖеŤ¾ß£¬£¬£¬£¬£¬£¬£¬ÆäCVSSÆÀ·ÖΪ7.8¡£¡£¡£ÀÖ³ÉʹÓôËÎó²îµÄ¹¥»÷Õß¿ÉÒÔÔÚkernelģʽÏÂÔËÐÐí§Òâ´úÂ룬£¬£¬£¬£¬£¬£¬×îÖÕµ¼Ö¹¥»÷ÕßÔÚϵͳÉÏ×°ÖöñÒâ³ÌÐò¡¢¸ü¸Ä»òɾ³ýÊý¾Ý¡¢½¨ÉèÕÊ»§µÈ¡£¡£¡£µ«ÒªÊ¹ÓôËÎó²î£¬£¬£¬£¬£¬£¬£¬¹¥»÷Õß±ØÐèÏȵǼ²¢¿ØÖÆϵͳ¡£¡£¡£MicrosoftÔÚ6ÔÂÐû²¼µÄÇå¾²¸üÐÂÖÐͨ¹ý¸ü¸ÄWindows kernel´¦Öóͷ£ÄÚ´æÖй¤¾ßµÄ·½·¨À´ÐÞ¸´´ËÎó²î¡£¡£¡£

µ«ÓÉÓÚMicrosoftÐû²¼µÄ²¹¶¡³ÌÐòÎÞ·¨ÐÞ¸´CVE-2020-0986£¬£¬£¬£¬£¬£¬£¬¹¥»÷ÕßÈÔÈ»¿ÉÒÔͨ¹ý·¢ËÍÆ«ÒÆÁ¿À´´¥·¢´ËÎó²î£¬£¬£¬£¬£¬£¬£¬ÒÔÌá¸ßÆä¶ÔkernelµÄȨÏÞ£¬£¬£¬£¬£¬£¬£¬´ËÎó²î±»·ÖÅɵÄCVE IDΪCVE-2020-17008¡£¡£¡£

CVE-2020-0986ÊÇÓÉÓÚí§ÒâÖ¸ÕëÒýÓ㬣¬£¬£¬£¬£¬£¬ÔÊÐí¹¥»÷Õß¿ØÖÆÖ¸Ïòmemcpyº¯ÊýµÄ¡°src¡±ºÍ¡°dest¡±Ö¸Õë¡£¡£¡£MicrosoftµÄ²¹¶¡³ÌÐòÊDz»×¼È·µÄ£¬£¬£¬£¬£¬£¬£¬ÓÉÓÚËü¸ü¸ÄÁËÖ¸ÏòÆ«ÒÆÁ¿µÄÖ¸Õ룬£¬£¬£¬£¬£¬£¬Òò´Ë¹¥»÷ÕßÈÔ¿ÉÒÔ¿ØÖƸú¯ÊýµÄ²ÎÊý¡£¡£¡£ÓÉÓÚÅû¶ÏÞÆÚ³¬ÆÚ£¬£¬£¬£¬£¬£¬£¬ÏÖÔÚ¸ÃÎó²îµÄPoCÒѾ­Ðû²¼¡£¡£¡£

Ó°Ïì¹æÄ££º

Windows Server 2012

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 for x64-based Systems

Windows 10 Version 1709 for x64-based Systems

Windows 10 Version 1709 for 32-bit Systems

Windows Server, version 1909 (Server Core installation)

Windows 10 Version 1909 for ARM64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for 32-bit Systems

Windows 10 for 32-bit Systems

Windows Server, version 1903 (Server Core installation)

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1709 for ARM64-based Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows Server, version 1803 (Server Core Installation)

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

 

0x02 ´¦Öóͷ£½¨Òé

MicrosoftÍýÏëÔÚ2020Äê11ÔÂÐû²¼¸ÃÎó²îµÄ²¹¶¡£¡£¡£¬£¬£¬£¬£¬£¬£¬µ«ÓÉÓÚÔÚ²âÊԽ׶η¢Ã÷ÎÊÌ⣬£¬£¬£¬£¬£¬£¬Òò´ËÍƳٵ½2021Äê1ÔÂ12ÈÕÐÇÆÚ¶þÐû²¼£¬£¬£¬£¬£¬£¬£¬½¨ÒéÆÚ´ý¹Ù·½Ðû²¼²¹¶¡²¢×öºÃÏà¹Ø·À»¤²½·¥¡£¡£¡£

0x03 ²Î¿¼Á´½Ó

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0986

https://www.bleepingcomputer.com/news/security/windows-zero-day-with-bad-patch-gets-new-public-exploit-code/

https://bugs.chromium.org/p/project-zero/issues/detail?id=2096

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17008

 

0x04 ʱ¼äÏß

2020-12-23  StoneÅû¶Îó²î

2020-12-24  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

image.png