漏洞信息详情
Windows WM_TIMER消息处理权限提升漏洞(MS02-071)
- CNNVD编号:CNNVD-200211-010
- 危害等级: 中危
- CVE编号: CVE-2002-1230
- 漏洞类型: 设计错误
- 发布时间: 2002-11-04
- 威胁类型: 本地
- 更新时间: 2005-10-12
- 厂 商: microsoft
- 漏洞来源: Serus serus@users....
漏洞简介
Windows消息提供对用户事件的交互处理(如击键或鼠标移动)和与其他交互进程通信。WM_TIMER消息一般在某一计时器超时时发送,可以用来使进程执行计时回调函数。 WM_TIMER消息存在安全问题,本地或者利用终端服务访问攻击者可以利用这个漏洞使用WM_TIMER消息利用其他高权限进程执行回调函数,造成权限提升。 WM_TIMER的安全漏洞可以导致在交互桌面上的某一进程使用WM_TIME消息,触发另一进程在它选择的地址上执行回调函数,而且即使第二个进程没有设置任何计时器。如果第二个进程的权限高于第一个,使得回调函数可能以高权限执行。 默认情况下,运行在交互桌面的几个进程一般都以LocalSystem权限运行,结果使攻击者以交互方式登录系统的情况下,可以运行程序征集使用WM_TIMER请求的进程,利用漏洞以高权限执行任意攻击者指定的操作。 另外,这个漏洞补丁也对几个运行在交互桌面上的以高权限运行的进程进行修正,虽然这些进程不存在WM_TIMER漏洞,微软还是把这些进程包含在补丁中使服务更强壮。
漏洞公告
厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS02-071)以及相应补丁:
MS02-071:Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310)
链接: http://www.microsoft.com/technet/security/bulletin/MS02-071.asp
补丁下载:
Microsoft Windows 2000 Professional SP3:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Server SP3:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Advanced Server SP3:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Terminal Services SP3:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Datacenter Server SP3:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Terminal Services SP2:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Advanced Server SP2:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Datacenter Server SP2:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Professional SP2:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Server SP2:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Server SP1:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Professional SP1:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Advanced Server SP1:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Datacenter Server SP1:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Terminal Services SP1:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows XP Home SP1:
Microsoft Patch Q328310_WXP_SP2_x86_ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=98F02C55-E598-4EB1-AABE-DB3BA0807685&displaylang=en
Microsoft Windows XP Professional SP1:
Microsoft Patch Q328310_WXP_SP2_x86_ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=98F02C55-E598-4EB1-AABE-DB3BA0807685&displaylang=en
Microsoft Windows 2000 Server :
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Advanced Server :
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Professional :
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
&nb
参考网址
来源: MS 名称: MS02-071 链接:http://www.microsoft.com/technet/security/bulletin/ms02-071.asp 来源: www.packetstormsecurity.nl 链接:http://www.packetstormsecurity.nl/filedesc/GetAd.c.HTML 来源: XF 名称: win-netdde-gain-privileges(10343) 链接:http://www.iss.net/security_center/static/10343.php 来源: getad.chat.ru 链接:http://getad.chat.ru/ 来源: BID 名称: 5927 链接:http://www.securityfocus.com/bid/5927 来源: CIAC 名称: N-027 链接:http://www.ciac.org/ciac/bulletins/n-027.sHTML 来源: US Government Resource: oval:org.mitre.oval:def:681 名称: oval:org.mitre.oval:def:681 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:681
受影响实体
- Microsoft Windows_2000:Sp2:Server
- Microsoft Windows_2000:Sp3:Advanced_server
- Microsoft Windows_2000:Sp2:Professional
- Microsoft Windows_2000:Sp2:Datacenter_server
- Microsoft Windows_2000:Sp1:Server
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论