΢ÈíWindows Certificate DialogȨÏÞÌáÉýÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-11-21

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-1388£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º7.8


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


Microsoft Windows Server 2019

Microsoft Windows Server 2016

Microsoft Windows Server 2012

Microsoft Windows Server 2008 R2

Microsoft Windows Server 2008

Microsoft Windows RT 8.1

Microsoft Windows 8.1

Microsoft Windows 7

Microsoft Windows 10



Îó²î¸ÅÊö


Ñо¿Ö°Ô±Åû¶ÁË΢ÈíÉÏÖܶþÐû²¼µÄ²¹¶¡ Windows ¸ßΣÎó²î£¨CVE-2019-1388£©µÄÏêÇ飬£¬£¬£¬£¬£¬£¬Ëü¿Éµ¼Ö¹¥»÷ÕßȨÏÞÌáÉý£¬£¬£¬£¬£¬£¬£¬×îÖÕ×°ÖóÌÐò£¬£¬£¬£¬£¬£¬£¬²¢Éó²é¡¢¸ü¸Ä»òɾ³ýÊý¾Ý¡£¡£¡£¡£¡£¡£


¸ÃÎó²î±£´æÓÚSecure Desktop ÖÐ Windows Çå¾²¹¦Ð§ UAC£¨Óû§ÕË»§¿ØÖÆ£©ÖС£¡£¡£¡£¡£¡£¸Ã¹¦Ð§ÓÃÓÚ×èÖ¹¶Ô²Ù×÷ϵͳµÄԽȨ¸ü¸Ä¡£¡£¡£¡£¡£¡£Î¢ÈíÔڶԸù¦Ð§µÄ¸ÅÀÀÖÐÌáµ½£¬£¬£¬£¬£¬£¬£¬¡°ÍêÈ«ÆôÓøù¦Ð§ºó£¬£¬£¬£¬£¬£¬£¬½»»¥ÐÔÖÎÀíÔ±ÔÚÕý³£ÇéÐÎÏÂÒÔ×îµÍÓû§È¨ÏÞÔËÐУ¬£¬£¬£¬£¬£¬£¬µ«ËûÃÇ¿Éͨ¹ý Consent UI ±í´ïÃ÷È·Ô޳ɵķ½·¨×ÔÐÐÌáÉýȨÏÞÀ´Ö´ÐÐÖÎÀíʹÃü¡£¡£¡£¡£¡£¡£ÕâÖÖÖÎÀíʹÃü°üÀ¨×°ÖÃÈí¼þºÍÇý¶¯Æ÷¡¢¸ü¸ÄϵͳÉèÖá¢Éó²é»ò¸ü¸ÄÆäËüÓû§µÄÕË»§²¢ÔËÐÐÖÎÀí¹¤¾ß¡£¡£¡£¡£¡£¡£¡±


ͨ¹ýºÍUACµÄÓû§½Ó¿Ú½»»¥£¬£¬£¬£¬£¬£¬£¬ÎÞȨÏ޵Ĺ¥»÷ÕßÄܹ»Ê¹ÓøÃȱÏÝÔÚͨË××ÀÃæÉÏÆô¶¯¸ßȨÏÞµÄweb ä¯ÀÀÆ÷£¬£¬£¬£¬£¬£¬£¬´Ó¶øÄܹ»×°ÖôúÂë²¢Ö´ÐÐÆäËü¶ñÒâ»î¶¯¡£¡£¡£¡£¡£¡£


¸ÃÎó²î±¬·¢µÄÔµ¹ÊÔ­ÓÉÔÚÓÚ£¬£¬£¬£¬£¬£¬£¬ÓÃÓÚÏêÊöÖ¤ÊéÐÅÏ¢ºÍ΢ÈíÌض¨¹¤¾ß±êʶ·û (OID) µÄ UAC Windows Certificate Dialog δ׼ȷµØÖ´ÐÐÓû§È¨ÏÞ¡£¡£¡£¡£¡£¡£ÒªÊ¹ÓøÃÎó²î£¬£¬£¬£¬£¬£¬£¬µÍȨÏÞ¹¥»÷ÕßÊ×ÏÈ´ÓÊܹ¥»÷Õß¿ØÖƵÄÍøÕ¾ÉÏÏÂÔØÓÉ΢ÈíÊðÃûµÄ¿ÉÖ´ÐÐÎļþ£¬£¬£¬£¬£¬£¬£¬Ö®ºóʵÑéÒÔÖÎÀíÔ±Éí·ÝÔËÐиÿÉÖ´ÐÐÎļþ£¬£¬£¬£¬£¬£¬£¬Ò²¾ÍÊÇ˵ UAC ½«µ¯³ö²¢ÒªÇó¹¥»÷ÕßÊäÈëÖÎÀíÔ±ÃÜÂë¡£¡£¡£¡£¡£¡£


ÍòÀû¹ú¼Ê¹ÙÍø(ÖйúÓÎ)ÓÐÏÞ¹«Ë¾



µã»÷ UAC ´°¿ÚÉϵġ°ÏÔʾÏêÇ顱°´Å¥ºó£¬£¬£¬£¬£¬£¬£¬¹¥»÷Õß¾ÍÄܹ»Éó²é Windows Certificate Dialog ÖÐµÄ OID£¬£¬£¬£¬£¬£¬£¬¶øÕâЩÐÅϢչʾÔÚÏêÇé±êÇ©¡°SpcSpAgencyInfo¡±ÉÏ£¬£¬£¬£¬£¬£¬£¬¶øÕâÒ²ÊÇÎÊÌâ±£´æµÄµØ·½¡£¡£¡£¡£¡£¡£


ÍòÀû¹ú¼Ê¹ÙÍø(ÖйúÓÎ)ÓÐÏÞ¹«Ë¾



¸ÃOID µÄÓïÒåÎÄÏ׺ÜÉÙ£¬£¬£¬£¬£¬£¬£¬²»¹ýËƺõ¸ÃÖ¤Êé¶Ô»°ÆÊÎöµÄÊÇÕâ¸ö OID µÄÖµ£¬£¬£¬£¬£¬£¬£¬²¢ÇÒÈôÊÇÖµÊÇÓÐÓõÄÇÒÃûÌÃ׼ȷ£¬£¬£¬£¬£¬£¬£¬Ôò»áͨ¹ý¸ÃÊý¾Ý½«¡®Í¨Àý¡¯Ñ¡ÏÉϵġ®Issued by¡¯×ֶηºÆðΪ³¬Á´½Ó¡£¡£¡£¡£¡£¡£¿ÉÊÇÔÚ¸ÃÖ¤Êé¶Ô»°µÄ UAC °æ±¾£¬£¬£¬£¬£¬£¬£¬Î¢ÈíÒÅÍü½ûÓøó¬Á´½Ó¡£¡£¡£¡£¡£¡£


Ò²¾ÍÊÇ˵£¬£¬£¬£¬£¬£¬£¬¹¥»÷ÕßÄܹ»µã»÷¸Ã³¬Á´½ÓÆô¶¯½«ÒÔ NT AUTHORITY\SYSTEM £¨¾ßÓÐÖÎÀíԱȨÏÞµÄä¯ÀÀÆ÷£©·½·¨ÔËÐУ¬£¬£¬£¬£¬£¬£¬´Ó¶øµ¼ÖÂÒ×ÊÜ´úÂëÖ´ÐС¢¶ñÒâ³ÌÐò×°ÖõÈЧ¹ûÓ°Ïì¡£¡£¡£¡£¡£¡£


Îó²îÑéÖ¤


POC:https://www.zerodayinitiative.com/blog/2019/11/19/thanksgiving-treat-easy-as-pie-windows-7-secure-desktop-escalation-of-privilege¡£¡£¡£¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒѾ­Ðû²¼ÁËÉý¼¶²¹¶¡£¡£¡£¡£¡£¡£º

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388¡£¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó


https://www.zerodayinitiative.com/blog/2019/11/19/thanksgiving-treat-easy-as-pie-windows-7-secure-desktop-escalation-of-privilege