΢ÈíWindows Certificate DialogȨÏÞÌáÉýÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-11-21

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-1388£¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬ £¬£¬CVSS·ÖÖµ£º7.8


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


Microsoft Windows Server 2019

Microsoft Windows Server 2016

Microsoft Windows Server 2012

Microsoft Windows Server 2008 R2

Microsoft Windows Server 2008

Microsoft Windows RT 8.1

Microsoft Windows 8.1

Microsoft Windows 7

Microsoft Windows 10



Îó²î¸ÅÊö


Ñо¿Ö°Ô±Åû¶ÁË΢ÈíÉÏÖܶþÐû²¼µÄ²¹¶¡ Windows ¸ßΣÎó²î£¨CVE-2019-1388£©µÄÏêÇ飬 £¬£¬Ëü¿Éµ¼Ö¹¥»÷ÕßȨÏÞÌáÉý£¬ £¬£¬×îÖÕ×°ÖóÌÐò£¬ £¬£¬²¢Éó²é¡¢¸ü¸Ä»òɾ³ýÊý¾Ý¡£¡£¡£¡£¡£¡£


¸ÃÎó²î±£´æÓÚSecure Desktop ÖÐ Windows Çå¾²¹¦Ð§ UAC£¨Óû§ÕË»§¿ØÖÆ£©ÖС£¡£¡£¡£¡£¡£¸Ã¹¦Ð§ÓÃÓÚ×èÖ¹¶Ô²Ù×÷ϵͳµÄԽȨ¸ü¸Ä¡£¡£¡£¡£¡£¡£Î¢ÈíÔڶԸù¦Ð§µÄ¸ÅÀÀÖÐÌáµ½£¬ £¬£¬¡°ÍêÈ«ÆôÓøù¦Ð§ºó£¬ £¬£¬½»»¥ÐÔÖÎÀíÔ±ÔÚÕý³£ÇéÐÎÏÂÒÔ×îµÍÓû§È¨ÏÞÔËÐУ¬ £¬£¬µ«ËûÃÇ¿Éͨ¹ý Consent UI ±í´ïÃ÷È·Ô޳ɵķ½·¨×ÔÐÐÌáÉýȨÏÞÀ´Ö´ÐÐÖÎÀíʹÃü¡£¡£¡£¡£¡£¡£ÕâÖÖÖÎÀíʹÃü°üÀ¨×°ÖÃÈí¼þºÍÇý¶¯Æ÷¡¢¸ü¸ÄϵͳÉèÖá¢Éó²é»ò¸ü¸ÄÆäËüÓû§µÄÕË»§²¢ÔËÐÐÖÎÀí¹¤¾ß¡£¡£¡£¡£¡£¡£¡±


ͨ¹ýºÍUACµÄÓû§½Ó¿Ú½»»¥£¬ £¬£¬ÎÞȨÏ޵Ĺ¥»÷ÕßÄܹ»Ê¹ÓøÃȱÏÝÔÚͨË××ÀÃæÉÏÆô¶¯¸ßȨÏÞµÄweb ä¯ÀÀÆ÷£¬ £¬£¬´Ó¶øÄܹ»×°ÖôúÂë²¢Ö´ÐÐÆäËü¶ñÒâ»î¶¯¡£¡£¡£¡£¡£¡£


¸ÃÎó²î±¬·¢µÄÔµ¹ÊÔ­ÓÉÔÚÓÚ£¬ £¬£¬ÓÃÓÚÏêÊöÖ¤ÊéÐÅÏ¢ºÍ΢ÈíÌض¨¹¤¾ß±êʶ·û (OID) µÄ UAC Windows Certificate Dialog δ׼ȷµØÖ´ÐÐÓû§È¨ÏÞ¡£¡£¡£¡£¡£¡£ÒªÊ¹ÓøÃÎó²î£¬ £¬£¬µÍȨÏÞ¹¥»÷ÕßÊ×ÏÈ´ÓÊܹ¥»÷Õß¿ØÖƵÄÍøÕ¾ÉÏÏÂÔØÓÉ΢ÈíÊðÃûµÄ¿ÉÖ´ÐÐÎļþ£¬ £¬£¬Ö®ºóʵÑéÒÔÖÎÀíÔ±Éí·ÝÔËÐиÿÉÖ´ÐÐÎļþ£¬ £¬£¬Ò²¾ÍÊÇ˵ UAC ½«µ¯³ö²¢ÒªÇó¹¥»÷ÕßÊäÈëÖÎÀíÔ±ÃÜÂë¡£¡£¡£¡£¡£¡£


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨



µã»÷ UAC ´°¿ÚÉϵġ°ÏÔʾÏêÇ顱°´Å¥ºó£¬ £¬£¬¹¥»÷Õß¾ÍÄܹ»Éó²é Windows Certificate Dialog ÖÐµÄ OID£¬ £¬£¬¶øÕâЩÐÅϢչʾÔÚÏêÇé±êÇ©¡°SpcSpAgencyInfo¡±ÉÏ£¬ £¬£¬¶øÕâÒ²ÊÇÎÊÌâ±£´æµÄµØ·½¡£¡£¡£¡£¡£¡£


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨



¸ÃOID µÄÓïÒåÎÄÏ׺ÜÉÙ£¬ £¬£¬²»¹ýËƺõ¸ÃÖ¤Êé¶Ô»°ÆÊÎöµÄÊÇÕâ¸ö OID µÄÖµ£¬ £¬£¬²¢ÇÒÈôÊÇÖµÊÇÓÐÓõÄÇÒÃûÌÃ׼ȷ£¬ £¬£¬Ôò»áͨ¹ý¸ÃÊý¾Ý½«¡®Í¨Àý¡¯Ñ¡ÏÉϵġ®Issued by¡¯×ֶηºÆðΪ³¬Á´½Ó¡£¡£¡£¡£¡£¡£¿ÉÊÇÔÚ¸ÃÖ¤Êé¶Ô»°µÄ UAC °æ±¾£¬ £¬£¬Î¢ÈíÒÅÍü½ûÓøó¬Á´½Ó¡£¡£¡£¡£¡£¡£


Ò²¾ÍÊÇ˵£¬ £¬£¬¹¥»÷ÕßÄܹ»µã»÷¸Ã³¬Á´½ÓÆô¶¯½«ÒÔ NT AUTHORITY\SYSTEM £¨¾ßÓÐÖÎÀíԱȨÏÞµÄä¯ÀÀÆ÷£©·½·¨ÔËÐУ¬ £¬£¬´Ó¶øµ¼ÖÂÒ×ÊÜ´úÂëÖ´ÐС¢¶ñÒâ³ÌÐò×°ÖõÈЧ¹ûÓ°Ïì¡£¡£¡£¡£¡£¡£


Îó²îÑéÖ¤


POC:https://www.zerodayinitiative.com/blog/2019/11/19/thanksgiving-treat-easy-as-pie-windows-7-secure-desktop-escalation-of-privilege¡£¡£¡£¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒѾ­Ðû²¼ÁËÉý¼¶²¹¶¡£¡£¡£¡£¡£¡£º

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388¡£¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó


https://www.zerodayinitiative.com/blog/2019/11/19/thanksgiving-treat-easy-as-pie-windows-7-secure-desktop-escalation-of-privilege