Microsoft Windows LSASS服务本地用户权限提升漏洞

admin
admin
admin
0
文章
0
评论
2022-07-23 06:38:12 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

Microsoft Windows LSASS服务本地用户权限提升漏洞

  • CNNVD编号:CNNVD-200801-103
  • 危害等级: 高危
  • CVE编号: CVE-2007-5352
  • 漏洞类型: 权限许可和访问控制
  • 发布时间: 2008-01-08
  • 威胁类型: 本地
  • 更新时间: 2008-01-08
  • 厂        商: microsoft
  • 漏洞来源: Thomas Garnier

漏洞简介

Microsoft Windows是美国微软(Microsoft)公司发布的一系列操作系统。 Microsoft Windows 2000 SP4中、XP SP2中和Server 2003 SP1、SP2在本地安全授权子系统服务(LSASS)中存在未明漏洞,允许本地用户能够通过一个特制的本地过程调用(LPC)请求获得管理员权限。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: Microsoft Windows 2000 Server SP2 Microsoft Security Update for Windows 2000 (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyId=7956632e-17d9 -4876-8340-84fe3e43e5cc&displaylang=en Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Security Update for Windows Server 2003 (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyID=12397b47-b18f -4d4d-b8d7-adec8ff310d5&displaylang=en Microsoft Windows XP Media Center Edition SP2 Microsoft Security Update for Windows XP (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyId=6a4cf182-8e36 -490e-aefe-edb7b3a0df9c&displaylang=en Microsoft Windows 2000 Advanced Server SP1 Microsoft Security Update for Windows 2000 (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyId=7956632e-17d9 -4876-8340-84fe3e43e5cc&displaylang=en Microsoft Windows 2000 Advanced Server SP2 Microsoft Security Update for Windows 2000 (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyId=7956632e-17d9 -4876-8340-84fe3e43e5cc&displaylang=en Microsoft Windows Server 2003 Itanium SP1 Microsoft Security Update for Windows Server 2003 for IB Systems (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyID=0382a195-aa3d -409b-8a79-9fe61588d8a9&displaylang=en Microsoft Windows Server 2003 Itanium 0 Microsoft Security Update for Windows Server 2003 for IB Systems (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyID=0382a195-aa3d -409b-8a79-9fe61588d8a9&displaylang=en Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Microsoft Security Update for Windows Server 2003 for IB Systems (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyID=0382a195-aa3d -409b-8a79-9fe61588d8a9&displaylang=en Microsoft Windows Server 2003 Datacenter x64 Edition SP2 Microsoft Security Update for Windows Server 2003 x64 Edition (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyID=f19fd790-a4e6 -4a8a-8077-d1bbfe37ecca&displaylang=en Microsoft Windows XP Tablet PC Edition SP1 Microsoft Security Update for Windows XP (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyId=6a4cf182-8e36 -490e-aefe-edb7b3a0df9c&displaylang=en Microsoft Windows XP Tablet PC Edition SP2 Microsoft Security Update for Windows XP (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyId=6a4cf182-8e36 -490e-aefe-edb7b3a0df9c&displaylang=en Microsoft Windows XP Media Center Edition SP1 Microsoft Security Update for Windows XP (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyId=6a4cf182-8e36 -490e-aefe-edb7b3a0df9c&displaylang=en Microsoft Windows Server 2003 Web Edition SP2 Microsoft Security Update for Windows Server 2003 (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyID=12397b47-b18f -4d4d-b8d7-adec8ff310d5&displaylang=en Microsoft Windows XP Professional x64 Edition SP2 Microsoft Security Update for Windows XP x64 Edition (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyID=51fc657b-2b4a -4725-a744-d279e027c4a5&displaylang=en Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Security Update for Windows Server 2003 (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyID=12397b47-b18f -4d4d-b8d7-adec8ff310d5&displaylang=en Microsoft Windows Server 2003 Standard Edition Microsoft Security Update for Windows Server 2003 (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyID=12397b47-b18f -4d4d-b8d7-adec8ff310d5&displaylang=en Microsoft Windows Server 2003 x64 SP2 Microsoft Security Update for Windows Server 2003 x64 Edition (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyID=f19fd790-a4e6 -4a8a-8077-d1bbfe37ecca&displaylang=en Microsoft Windows 2000 Server SP1 Microsoft Security Update for Windows 2000 (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyId=7956632e-17d9 -4876-8340-84fe3e43e5cc&displaylang=en Microsoft Windows XP Professional Microsoft Security Update for Windows XP (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyId=6a4cf182-8e36 -490e-aefe-edb7b3a0df9c&displaylang=en Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Security Update for Windows Server 2003 x64 Edition (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyID=f19fd790-a4e6 -4a8a-8077-d1bbfe37ecca&displaylang=en Microsoft Windows XP Tablet PC Edition Microsoft Security Update for Windows XP (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyId=6a4cf182-8e36 -490e-aefe-edb7b3a0df9c&displaylang=en Microsoft Windows 2000 Advanced Server Microsoft Security Update for Windows 2000 (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyId=7956632e-17d9 -4876-8340-84fe3e43e5cc&displaylang=en Microsoft Windows XP 0 Microsoft Security Update for Windows XP (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyId=6a4cf182-8e36 -490e-aefe-edb7b3a0df9c&displaylang=en Microsoft Windows 2000 Server Microsoft Security Update for Windows 2000 (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyId=7956632e-17d9 -4876-8340-84fe3e43e5cc&displaylang=en Microsoft Windows Server 2003 Datacenter Edition Itanium 0 Microsoft Security Update for Windows Server 2003 for IB Systems (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyID=0382a195-aa3d -409b-8a79-9fe61588d8a9&displaylang=en Microsoft Windows Server 2003 Datacenter x64 Edition Microsoft Security Update for Windows Server 2003 x64 Edition (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyID=f19fd790-a4e6 -4a8a-8077-d1bbfe37ecca&displaylang=en Microsoft Windows Server 2003 Enterprise Edition SP1 Microsoft Security Update for Windows Server 2003 (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyID=12397b47-b18f -4d4d-b8d7-adec8ff310d5&displaylang=en Microsoft Windows 2000 Datacenter Server Microsoft Security Update for Windows 2000 (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyId=7956632e-17d9 -4876-8340-84fe3e43e5cc&displaylang=en Microsoft Windows Server 2003 Datacenter Edition Microsoft Security Update for Windows Server 2003 (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyID=12397b47-b18f -4d4d-b8d7-adec8ff310d5&displaylang=en Microsoft Windows 2000 Advanced Server SP4 Microsoft Security Update for Windows 2000 (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyId=7956632e-17d9 -4876-8340-84fe3e43e5cc&displaylang=en 3DM Software Disk Management Software SP2 Microsoft Security Update for Windows Server 2003 (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyID=12397b47-b18f -4d4d-b8d7-adec8ff310d5&displaylang=en Microsoft Windows 2000 Datacenter Server SP1 Microsoft Security Update for Windows 2000 (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyId=7956632e-17d9 -4876-8340-84fe3e43e5cc&displaylang=en Microsoft Windows 2000 Professional SP3 Microsoft Security Update for Windows 2000 (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyId=7956632e-17d9 -4876-8340-84fe3e43e5cc&displaylang=en Microsoft Windows Server 2003 Enterprise Edition Microsoft Security Update for Windows Server 2003 (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyID=12397b47-b18f -4d4d-b8d7-adec8ff310d5&displaylang=en Microsoft Windows 2000 Professional SP2 Microsoft Security Update for Windows 2000 (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyId=7956632e-17d9 -4876-8340-84fe3e43e5cc&displaylang=en Microsoft Windows Server 2003 Standard Edition SP2 Microsoft Security Update for Windows Server 2003 (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyID=12397b47-b18f -4d4d-b8d7-adec8ff310d5&displaylang=en Microsoft Windows XP Home SP2 Microsoft Security Update for Windows XP (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyId=6a4cf182-8e36 -490e-aefe-edb7b3a0df9c&displaylang=en Microsoft Windows 2000 Datacenter Server SP4 Microsoft Security Update for Windows 2000 (KB943485) http://www.microsoft.com/downloads/details.aspx?FamilyId=7956632e-17d9 -4876-8340-84fe3e43e5cc&d

参考网址

来源: US-CERT 名称: TA08-008A 链接:http://www.us-cert.gov/cas/techalerts/TA08-008A.HTML 来源: US-CERT 名称: VU#410025 链接:http://www.kb.cert.org/vuls/id/410025 来源: MS 名称: MS08-002 链接:http://www.microsoft.com/technet/security/Bulletin/MS08-002.mspx 来源: SECUNIA 名称: 28341 链接:http://secunia.com/advisories/28341 来源: XF 名称: win-lsass-lpc-privilege-escalation(39233) 链接:http://xforce.iss.net/xforce/xfdb/39233 来源: BID 名称: 27099 链接:http://www.securityfocus.com/bid/27099 来源: HP 名称: SSRT080003 链接:http://www.securityfocus.com/archive/1/archive/1/486317/100/0/threaded 来源: VUPEN 名称: ADV-2008-0070 链接:http://www.frsirt.com/english/advisories/2008/0070 来源: SECTRACK 名称: 1019165 链接:http://securitytracker.com/id?1019165 来源: oval:org.mitre.oval:def:5408 名称: oval:org.mitre.oval:def:5408 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5408 来源:NSFOCUS 名称:11363 链接:http://www.nsfocus.net/vulndb/11363

受影响实体

  • Microsoft Windows_xp:Sp2  
  • Microsoft Windows_2003_server:Sp2  
  • Microsoft Windows_2003_server:Sp1  
  • Microsoft Windows_2000:Sp4  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0