【安全漏洞公告】Windows HTTP.sys 權限提升漏洞(CVE-2023-23410)
一、漏洞簡介
|
CVE ID
|
CVE-2023-23410
|
公開日期
|
2023-03-21
|
|
危害級別
|
高危
|
攻擊復雜程度
|
低
|
|
POC/EXP
|
已公開
|
攻擊途徑
|
遠程網絡
|
HTTP.sys是Microsoft Windows處理HTTP請求的內�����核驅動(dong)程序。Windows HTTP.sys中存在整數溢出漏(lou)洞(dong),由(you)于對Ser�������viceName的原始(shi)輸入長度(du)校驗錯(cuo)誤,可以通過構造(zao)惡意內容來觸發該漏(lou)洞(dong),導致(zhi)權(quan)限提(ti)升或拒絕服務。
二、影響范圍
�������
Windows Server 2012 R2 (Serv����er Core installation)
Windows Server 2012 R2
Windows������� Server 2012 (Server Core installation)
Windows Server 2012
Windows Serve�������r 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 ��������for x64-based Systems Servic�����e Pack 1
Windows Server 2008 for x64-base��������d Systems Service Pack 2 (Server Core in������stallation)
Windows Server 2008 for x64-based Syst��������ems Service Pack 2
Windows Server 2008 for 32-bit �����Systems Service Pack 2 (Server Core insta�������llation)
Windows Server 2008 for 32�������-bit Systems Service Pack 2
Windows Server�������� 2016 �������(Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems�������
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Ver�������sion 22H�������2 for ARM64-based Systems
Windows 10 Versi�����on 22H2 for x64-based Systems
Windo������ws 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for AR������M64-b��������ased Systems
Windows 10 Ve���������rsion 21H2 for x64-based Systems
Windows 10 Version 2�����1H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
��������
Windows 11 version 21H2 for x6�����4-based Systems
Windows 10 Versi�����on 20H2 for ARM64-base���������d Systems
Windows 10 Version 20H2 for 32-bit Systems
��������
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server������ Core installation)
Windows Server 2022
Windows Server 2019 (Server Core insta����llation)
Windows Server 2019
������
Windows 10 Version 180�������9 for ARM64-based Systems
Windows 10 Version 1809 for x64-based��������� Systems
Windows 10 Version 1809 for 32-bit Systems
三、解決措施
目前微軟(ruan)已經發布了該漏洞的補(bu)丁,受影響用戶可及時安裝。
//msrc.microsoft.com/update-guide/v�����ulnerability/CVE-�������2023-23410
四、參考鏈接
//msr��c.microsoft.com/update-guide/vulnerability/CVE-2023-23410
//www.nume����ncyber.com/cve-2023-23410-analysis/
