Lucene search

K
seebugRootSSV:20045
HistoryAug 17, 2010 - 12:00 a.m.

Microsoft Windows Tracing功能注册表ACL不安全权限漏洞(MS10-059)

2010-08-1700:00:00
Root
www.seebug.org
24

EPSS

0.001

Percentile

19.1%

BUGTRAQ ID: 42269
CVE(CAN) ID: CVE-2010-2554

Microsoft Windows是微软发布的非常流行的操作系统。

一些Windows应用中使用了Tracing功能记录调试信息。该功能不是默认启用的,如果要启用必须编辑 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing键下的注册表值。使用了这个Tracing功能的 Windows进程会持续监控相关子键的变化,一旦注册表值发生了变化就会立即读取该值。其中的一个注册表值为FileDirectory,包含有 Windows目录名。在Local System账号运行的服务连接到管道时拥有扮演权限的本地用户可以通过扮演为Local System账号(或Administrator等特权账号)提升权限。注册表项对Users组开放了Set Value权限,因此任何通过认证的用户都可以设置任意值。

Microsoft Windows Vista SP2
Microsoft Windows Vista SP1
Microsoft Windows Server 2008 SP2
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2008
Microsoft Windows 7
厂商补丁:

Microsoft

Microsoft已经为此发布了一个安全公告(MS10-059)以及相应补丁:
MS10-059:Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799)
链接:http://www.microsoft.com/technet/security/bulletin/MS10-059.mspx?pf=true


                                                Source: http://www.securityfocus.com/bid/42269/info

Microsoft Windows is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of affected computers. 

Code:
http://www.exploit-db.com/sploits/Chimichurri-CVE-2010-2554.zip