发布日期：2019-06-12
更新日期：2019-06-12

受影响系统：

Microsoft Windows RT 8.1
Microsoft Windows 8.1 for 64-bit Systems
Microsoft Windows 8.1 for 32-bit Systems
Microsoft Windows 8.1
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 10 Version 1903 for x64-based
Microsoft Windows 10 Version 1903 for ARM64-base
Microsoft Windows 10 Version 1903 for 32-bit Sys
Microsoft Windows 10 Version 1809 for x64-based
Microsoft Windows 10 Version 1809 for ARM64-base
Microsoft Windows 10 Version 1809 for 32-bit Sys
Microsoft Windows 10 Version 1803 for x64-based
Microsoft Windows 10 Version 1803 for ARM64-base
Microsoft Windows 10 Version 1803 for 32-bit Sys
Microsoft Windows 10 Version 1709 for x64-based
Microsoft Windows 10 Version 1709 for ARM64-base
Microsoft Windows 10 Version 1709 for 32-bit Sys
Microsoft Windows 10 Version 1703 for x64-based
Microsoft Windows 10 Version 1703 for 32-bit Sys
Microsoft Windows 10 Version 1607 for x64-based
Microsoft Windows 10 Version 1607 for 32-bit Sys
Microsoft Windows 10 for x64-based Systems
Microsoft Windows 10 for 32-bit Systems
Microsoft Windows Server 2019
Microsoft Windows Server 2016
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2008 R2 for x64-based Systems
Microsoft Windows Server 2008 R2 for Itanium-based Syst
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 1903
Microsoft Windows Server 1803

描述：

---

BUGTRAQ  ID: 108655
CVE(CAN) ID: CVE-2019-0986

Windows用户配置文件服务（ProfSvc）不正确地处理符号链接时，存在一个特权提升漏洞。成功利用此漏洞的攻击者可以在提升的上下文中删除文件和文件夹。

要利用此漏洞，攻击者首先必须登录系统。然后，攻击者可以运行可以利用此漏洞并删除其选择的文件或文件夹的特制应用程序。

<*来源：Microsoft
  *>

建议：

---

厂商补丁：

Microsoft
---------
目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：

http://technet.microsoft.com/security/bulletin/

浏览次数：1222
严重程度：0（网友投票）