Microsoft Windows窗口消息子系统设计错误漏洞发布时间:2002-12-17 更新时间:2002-12-17 严重程度:高 威胁程度:本地管理员权限 错误类型:设计错误 利用方式:服务器模式 BUGTRAQ ID:5408 受影响系统 Microsoft Windows 2000 Advanced Server SP2详细描述 Win32系统的窗口消息传递子系统实现上存在一个影响广泛的设计错误,如果进程中的某个窗口属于另一个有高权限的进程,本地攻击者可能利用此漏洞提升自己在Windows系统中的权限。比如某些反病毒软件,它们通常以LocalSystem权限运行。 测试代码 http://downloads.securityfocus.com/vulnerabilities/exploits/shatter.zip 解决方案 Microsoft Windows 2000 Advanced Server SP2: Microsoft Patch Q328310_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en Microsoft Windows 2000 Datacenter Server SP2: Microsoft Patch Q328310_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en Microsoft Windows 2000 Professional SP2: Microsoft Patch Q328310_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en Microsoft Windows 2000 Server SP2: Microsoft Patch Q328310_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en Microsoft Windows 2000 Terminal Services SP2: Microsoft Patch Q328310_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en Microsoft Windows 2000 Terminal Services SP1: Microsoft Patch Q328310_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en Microsoft Windows 2000 Server SP1: Microsoft Patch Q328310_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en Microsoft Windows 2000 Professional SP1: Microsoft Patch Q328310_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en Microsoft Windows 2000 Advanced Server SP1: Microsoft Patch Q328310_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en Microsoft Windows 2000 Datacenter Server SP1: Microsoft Patch Q328310_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en Microsoft Windows 2000 Server : Microsoft Patch Q328310_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en Microsoft Windows 2000 Advanced Server : Microsoft Patch Q328310_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en Microsoft Windows 2000 Server Japanese Edition : Microsoft Patch Q328310_W2K_SP4_nec98_JA.exe http://microsoft.com/downloads/details.aspx?FamilyId=68601571-CF9C-4BD0-B285-26C0A3DF6FCA&displaylang=ja Microsoft Windows XP : Microsoft Windows XP Professional : Microsoft Windows XP Home : Microsoft Windows 2000 Datacenter Server : Microsoft Patch Q328310_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en Microsoft Windows 2000 Professional : Microsoft Patch Q328310_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en Microsoft Windows 2000 Terminal Services : Microsoft Patch Q328310_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en Microsoft Windows XP 64-bit Edition : Microsoft Windows NT Server 4.0 SP6a: Microsoft Patch Q328310i.EXE http://microsoft.com/downloads/details.aspx?FamilyId=E5606A46-364E-4585-9EDB-63654007E685&displaylang=en Microsoft Patch JPNQ328310i.EXE http://microsoft.com/downloads/details.aspx?FamilyId=C8D3E4F6-DD37-4AB5-8CAF-316F69D01C4C&displaylang=ja Microsoft Patch CHPQ328310i.EXE http://microsoft.com/downloads/details.aspx?FamilyId=3D6451E5-96C8-45D5-965A-8617B39A89CD&displaylang=zh-tw Microsoft Windows NT Terminal Server 4.0 SP6a: Microsoft Patch Q328310i.EXE http://microsoft.com/downloads/details.aspx?FamilyId=5A203864-F6DF-41EB-A8DB-13EFFCD84081&displaylang=en Microsoft Windows NT Workstation 4.0 SP6a: Microsoft Patch Q328310i.EXE http://microsoft.com/downloads/details.aspx?FamilyId=E5606A46-364E-4585-9EDB-63654007E685&displaylang=en Microsoft Patch JPNQ328310i.EXE http://microsoft.com/downloads/details.aspx?FamilyId=C8D3E4F6-DD37-4AB5-8CAF-316F69D01C4C&displaylang=ja Microsoft Patch CHPQ328310i.EXE http://microsoft.com/downloads/details.aspx?FamilyId=3D6451E5-96C8-45D5-965A-8617B39A89CD&displaylang=zh-tw Microsoft Windows NT Enterprise Server 4.0 SP6a: Microsoft Patch Q328310i.EXE http://microsoft.com/downloads/details.aspx?FamilyId=E5606A46-364E-4585-9EDB-63654007E685&displaylang=en Microsoft Patch JPNQ328310i.EXE http://microsoft.com/downloads/details.aspx?FamilyId=C8D3E4F6-DD37-4AB5-8CAF-316F69D01C4C&displaylang=ja Microsoft Patch CHPQ328310i.EXE http://microsoft.com/downloads/details.aspx?FamilyId=3D6451E5-96C8-45D5-965A-8617B39A89CD&displaylang=zh-tw Microsoft Windows NT Enterprise Server 4.0 SP6: Microsoft Windows NT Server 4.0 SP6: Microsoft Windows NT Terminal Server 4.0 SP6: Microsoft Patch Q328310i.EXE http://microsoft.com/downloads/details.aspx?FamilyId=5A203864-F6DF-41EB-A8DB-13EFFCD84081&displaylang=en 相关信息 Exploiting design flaws in the Win32 API for privilegeescalation. (Chris Paget tombom.co.uk>) http://security.tombom.co.uk/shatter.html Microsoft Security Bulletin MS02-071 http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ |
