΢ÈíWindows Certificate DialogȨÏÞÌáÉýÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-11-21

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-1388£¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬ £¬£¬CVSS·ÖÖµ£º7.8


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


Microsoft Windows Server 2019

Microsoft Windows Server 2016

Microsoft Windows Server 2012

Microsoft Windows Server 2008 R2

Microsoft Windows Server 2008

Microsoft Windows RT 8.1

Microsoft Windows 8.1

Microsoft Windows 7

Microsoft Windows 10



Îó²î¸ÅÊö


Ñо¿Ö°Ô±Åû¶ÁË΢ÈíÉÏÖܶþÐû²¼µÄ²¹¶¡ Windows ¸ßΣÎó²î£¨CVE-2019-1388£©µÄÏêÇ飬£¬£¬ £¬£¬Ëü¿Éµ¼Ö¹¥»÷ÕßȨÏÞÌáÉý£¬£¬£¬ £¬£¬×îÖÕ×°ÖóÌÐò£¬£¬£¬ £¬£¬²¢Éó²é¡¢¸ü¸Ä»òɾ³ýÊý¾Ý¡£¡£¡£


¸ÃÎó²î±£´æÓÚSecure Desktop ÖÐ Windows Çå¾²¹¦Ð§ UAC£¨Óû§ÕË»§¿ØÖÆ£©ÖС£¡£¡£¸Ã¹¦Ð§ÓÃÓÚ×èÖ¹¶Ô²Ù×÷ϵͳµÄԽȨ¸ü¸Ä¡£¡£¡£Î¢ÈíÔڶԸù¦Ð§µÄ¸ÅÀÀÖÐÌáµ½£¬£¬£¬ £¬£¬¡°ÍêÈ«ÆôÓøù¦Ð§ºó£¬£¬£¬ £¬£¬½»»¥ÐÔÖÎÀíÔ±ÔÚÕý³£ÇéÐÎÏÂÒÔ×îµÍÓû§È¨ÏÞÔËÐУ¬£¬£¬ £¬£¬µ«ËûÃÇ¿Éͨ¹ý Consent UI ±í´ïÃ÷È·Ô޳ɵķ½·¨×ÔÐÐÌáÉýȨÏÞÀ´Ö´ÐÐÖÎÀíʹÃü¡£¡£¡£ÕâÖÖÖÎÀíʹÃü°üÀ¨×°ÖÃÈí¼þºÍÇý¶¯Æ÷¡¢¸ü¸ÄϵͳÉèÖá¢Éó²é»ò¸ü¸ÄÆäËüÓû§µÄÕË»§²¢ÔËÐÐÖÎÀí¹¤¾ß¡£¡£¡£¡±


ͨ¹ýºÍUACµÄÓû§½Ó¿Ú½»»¥£¬£¬£¬ £¬£¬ÎÞȨÏ޵Ĺ¥»÷ÕßÄܹ»Ê¹ÓøÃȱÏÝÔÚͨË××ÀÃæÉÏÆô¶¯¸ßȨÏÞµÄweb ä¯ÀÀÆ÷£¬£¬£¬ £¬£¬´Ó¶øÄܹ»×°ÖôúÂë²¢Ö´ÐÐÆäËü¶ñÒâ»î¶¯¡£¡£¡£


¸ÃÎó²î±¬·¢µÄÔµ¹ÊÔ­ÓÉÔÚÓÚ£¬£¬£¬ £¬£¬ÓÃÓÚÏêÊöÖ¤ÊéÐÅÏ¢ºÍ΢ÈíÌض¨¹¤¾ß±êʶ·û (OID) µÄ UAC Windows Certificate Dialog δ׼ȷµØÖ´ÐÐÓû§È¨ÏÞ¡£¡£¡£ÒªÊ¹ÓøÃÎó²î£¬£¬£¬ £¬£¬µÍȨÏÞ¹¥»÷ÕßÊ×ÏÈ´ÓÊܹ¥»÷Õß¿ØÖƵÄÍøÕ¾ÉÏÏÂÔØÓÉ΢ÈíÊðÃûµÄ¿ÉÖ´ÐÐÎļþ£¬£¬£¬ £¬£¬Ö®ºóʵÑéÒÔÖÎÀíÔ±Éí·ÝÔËÐиÿÉÖ´ÐÐÎļþ£¬£¬£¬ £¬£¬Ò²¾ÍÊÇ˵ UAC ½«µ¯³ö²¢ÒªÇó¹¥»÷ÕßÊäÈëÖÎÀíÔ±ÃÜÂë¡£¡£¡£


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨



µã»÷ UAC ´°¿ÚÉϵġ°ÏÔʾÏêÇ顱°´Å¥ºó£¬£¬£¬ £¬£¬¹¥»÷Õß¾ÍÄܹ»Éó²é Windows Certificate Dialog ÖÐµÄ OID£¬£¬£¬ £¬£¬¶øÕâЩÐÅϢչʾÔÚÏêÇé±êÇ©¡°SpcSpAgencyInfo¡±ÉÏ£¬£¬£¬ £¬£¬¶øÕâÒ²ÊÇÎÊÌâ±£´æµÄµØ·½¡£¡£¡£


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨



¸ÃOID µÄÓïÒåÎÄÏ׺ÜÉÙ£¬£¬£¬ £¬£¬²»¹ýËƺõ¸ÃÖ¤Êé¶Ô»°ÆÊÎöµÄÊÇÕâ¸ö OID µÄÖµ£¬£¬£¬ £¬£¬²¢ÇÒÈôÊÇÖµÊÇÓÐÓõÄÇÒÃûÌÃ׼ȷ£¬£¬£¬ £¬£¬Ôò»áͨ¹ý¸ÃÊý¾Ý½«¡®Í¨Àý¡¯Ñ¡ÏÉϵġ®Issued by¡¯×ֶηºÆðΪ³¬Á´½Ó¡£¡£¡£¿ÉÊÇÔÚ¸ÃÖ¤Êé¶Ô»°µÄ UAC °æ±¾£¬£¬£¬ £¬£¬Î¢ÈíÒÅÍü½ûÓøó¬Á´½Ó¡£¡£¡£


Ò²¾ÍÊÇ˵£¬£¬£¬ £¬£¬¹¥»÷ÕßÄܹ»µã»÷¸Ã³¬Á´½ÓÆô¶¯½«ÒÔ NT AUTHORITY\SYSTEM £¨¾ßÓÐÖÎÀíԱȨÏÞµÄä¯ÀÀÆ÷£©·½·¨ÔËÐУ¬£¬£¬ £¬£¬´Ó¶øµ¼ÖÂÒ×ÊÜ´úÂëÖ´ÐС¢¶ñÒâ³ÌÐò×°ÖõÈЧ¹ûÓ°Ïì¡£¡£¡£


Îó²îÑéÖ¤


POC:https://www.zerodayinitiative.com/blog/2019/11/19/thanksgiving-treat-easy-as-pie-windows-7-secure-desktop-escalation-of-privilege¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒѾ­Ðû²¼ÁËÉý¼¶²¹¶¡£¡£¡£º

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388¡£¡£¡£


²Î¿¼Á´½Ó


https://www.zerodayinitiative.com/blog/2019/11/19/thanksgiving-treat-easy-as-pie-windows-7-secure-desktop-escalation-of-privilege