Windows本地提权CVE-2021-1732

漏洞概述

该漏洞由函数win32kfull!xxxCreateWi ndowEx 对应用层回调返回数据校验不严导致,本地用户执行漏洞利用程序获取系统权限。

影响版本

Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems

漏洞复现

Exp地址:
Github下载
cve-2021-1732.exe “whoami”
A959A646-7D52-41A0-8F86-6E8889DB7AE8
成功以system权限执行whoami命令

修复建议

更新补丁
微软官网链接:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1732

Q.E.D.


一名北漂的网安工程师,希望这次能好好工作,不被毕业吧…