安全研究
安全漏洞
Microsoft Windows Common Log File System Driver堆缓冲区溢出漏洞(CVE-2026-20820)
发布日期:2026-01-13
更新日期:2026-05-09
受影响系统:
Microsoft Windows Common Log File System Driver Windows Server 2022 (Server Co描述:
Microsoft Windows Common Log File System Driver Windows 10 Version 1809 for 32
CVE(CAN) ID: CVE-2026-20820
Microsoft Windows Common Log File System Driver是美国微软(Microsoft)公司的通用日志文件系统 (CLFS) API 提供了一个高性能、通用的日志文件子系统,专用客户端应用程序可以使用该子系统并且多个客户端可以共享以优化日志访问。
Microsoft Windows Common Log File System Driver存在堆缓冲区溢出漏洞,该漏洞源于程序未对用户输入进行正确处理,攻击者可利用该漏洞实现本地权限提升,以下产品和版本受到影响:Windows Server 2022 (Server Core installation),Windows 10 Version 1809 for 32-bit Systems,Windows Server 2019,Windows Server 2022,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows Server 2019 (Server Core installation),Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows Server 2025 (Server Core installation),Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 25H2 for x64-based Systems,Windows 11 Version 25H2 for ARM64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 23H2 for x64-based Systems,Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 Version 1607 for x64-based Systems,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2016 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2012,Windows 10 Version 1607 for 32-bit Systems,Windows Server 2012 R2,Windows Server 2016,Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2012 (Server Core installation),Windows Server 2012 R2 (Server Core installation)。
<**>
建议:
厂商补丁:
Microsoft
---------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://technet.microsoft.com/security/bulletin/
浏览次数:48
严重程度:0(网友投票)
绿盟科技给您安全的保障