Microsoft Windows Error Reporting不充分特权处理不恰当漏洞(CVE-2026-20817)
发布日期:2026-01-13
更新日期:2026-05-09
受影响系统:Microsoft Windows Error Reporting Windows Server 2022 (Server Co
Microsoft Windows Error Reporting Windows Server 2022
描述:
CVE(CAN) ID:
CVE-2026-20817
Microsoft Windows Error Reporting(WER)是美国微软(Microsoft)公司的一个组件。使用户能够将应用程序故障、内核故障、无响应的应用程序和其他应用程序特定问题通知 Microsoft。
Microsoft Windows Error Reporting(WER)存在不充分特权处理不恰当漏洞,该漏洞源于程序未对权限不足的访问请求进行正确权限管控,已认证的本地攻击者可利用该漏洞实现本地权限提升,以下产品和版本受到影响:Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 25H2 for ARM64-based Systems,Windows 11 Version 25H2 for x64-based Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025。
<**>
建议:
厂商补丁:
Microsoft
---------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://technet.microsoft.com/security/bulletin/浏览次数:33
严重程度:0(网友投票)
