安全研究
安全漏洞
Microsoft Windows Installer DLL本地权限提升漏洞(CVE-2019-0973)
发布日期:2019-06-12
更新日期:2019-06-18
受影响系统:
Microsoft Windows Server 2019描述:
Microsoft Windows Server 2016
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2008 R2 for x64-based Systems
Microsoft Windows Server 2008 R2 for Itanium-based Syst
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 1903
Microsoft Windows Server 1803
Microsoft Windows 7 Windows 7 for x64-based System
Microsoft Windows 7 Windows 7 for 32-bit Systems
Microsoft Windows 10 Version 1903 for x64-based Sys
Microsoft Windows 10 Version 1903 for ARM64-based S
Microsoft Windows 10 Version 1903 for 32-bit System
Microsoft Windows 10 Version 1809 for x64-based Sys
Microsoft Windows 10 Version 1809 for ARM64-based S
Microsoft Windows 10 Version 1809 for 32-bit System
Microsoft Windows 10 Version 1803 for x64-based Sys
Microsoft Windows 10 Version 1803 for ARM64-based S
Microsoft Windows 10 Version 1803 for 32-bit System
Microsoft Windows 10 Version 1709 for x64-based Sys
Microsoft Windows 10 Version 1709 for ARM64-based S
Microsoft Windows 10 Version 1709 for 32-bit System
Microsoft Windows 10 Version 1703 for x64-based Sys
Microsoft Windows 10 Version 1703 for 32-bit System
Microsoft Windows 10 Version 1607 for x64-based Sys
Microsoft Windows 10 Version 1607 for 32-bit System
Microsoft Windows 10 for x64-based Systems
Microsoft Windows 10 for 32-bit Systems
Microsoft Windows RT 8.1
Microsoft Windows 8.1 for x64-based Systems
Microsoft Windows 8.1 for 32-bit Systems
BUGTRAQ ID: 108651
CVE(CAN) ID: CVE-2019-0973
Windows Installer是在Windows 2000时提出,作为微软操作系统中的安装程序开发标准的操作系统服务。它可以支持安装程序所需要的许多功能,并且可以支持交易式安装,当安装程序发现错误或问题时,可以将安装程序中所做的任何修改全部回溯为未变更的状态。
当Windows Installer无法正确清理输入导致不安全的库加载行为时,Windows Installer中存在一个特权提升漏洞。本地认证的攻击者可以使用提升的系统特权运行任意代码,即“Windows Installer特权提升漏洞”。
本地攻击者可以利用此问题以提升的权限执行任意代码。
<*来源:微软
链接:https://blogs.technet.microsoft.com/srd/2010/08/23/more-information-about-the-dll-preloading-remote-
*>
建议:
厂商补丁:
Microsoft
---------
Microsoft已经为此发布了一个安全公告(CVE-2019-0973)以及相应补丁:
CVE-2019-0973:More information about the DLL Preloading remote attack vector
链接:https://blogs.technet.microsoft.com/srd/2010/08/23/more-information-about-the-dll-preloading-remote-
补丁下载:
浏览次数:1505
严重程度:0(网友投票)
绿盟科技给您安全的保障