首页 -> 安全研究
安全研究
安全漏洞
Windows WM_TIMER消息处理权限提升漏洞(MS02-071)
发布日期:2002-12-11
更新日期:2002-12-16
受影响系统:
Microsoft Windows XP Professional SP1描述:
Microsoft Windows XP Professional
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows 2000SP3
Microsoft Windows 2000SP2
Microsoft Windows 2000SP1
Microsoft Windows 2000
BUGTRAQ ID: 5927
CVE(CAN) ID: CVE-2002-1230
Windows消息提供对用户事件的交互处理(如击键或鼠标移动)和与其他交互进程通信。WM_TIMER消息一般在某一计时器超时时发送,可以用来使进程执行计时回调函数。
WM_TIMER消息存在安全问题,本地或者利用终端服务访问攻击者可以利用这个漏洞使用WM_TIMER消息利用其他高权限进程执行回调函数,造成权限提升。
WM_TIMER的安全漏洞可以导致在交互桌面上的某一进程使用WM_TIME消息,触发另一进程在它选择的地址上执行回调函数,而且即使第二个进程没有设置任何计时器。如果第二个进程的权限高于第一个,使得回调函数可能以高权限执行。
默认情况下,运行在交互桌面的几个进程一般都以LocalSystem权限运行,结果使攻击者以交互方式登录系统的情况下,可以运行程序征集使用WM_TIMER请求的进程,利用漏洞以高权限执行任意攻击者指定的操作。
另外,这个漏洞补丁也对几个运行在交互桌面上的以高权限运行的进程进行修正,虽然这些进程不存在WM_TIMER漏洞,微软还是把这些进程包含在补丁中使服务更强壮。
<*来源:Serus (serus@users.mns.ru)
链接:http://security.tombom.co.uk/shatter.html
http://www.microsoft.com/technet/security/bulletin/MS02-071.asp
*>
建议:
厂商补丁:
Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS02-071)以及相应补丁:
MS02-071:Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310)
链接:http://www.microsoft.com/technet/security/bulletin/MS02-071.asp
补丁下载:
Microsoft Windows 2000 Professional SP3:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Server SP3:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Advanced Server SP3:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Terminal Services SP3:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Datacenter Server SP3:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Terminal Services SP2:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Advanced Server SP2:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Datacenter Server SP2:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Professional SP2:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Server SP2:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Server SP1:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Professional SP1:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Advanced Server SP1:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Datacenter Server SP1:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Terminal Services SP1:
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows XP Home SP1:
Microsoft Patch Q328310_WXP_SP2_x86_ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=98F02C55-E598-4EB1-AABE-DB3BA0807685&displaylang=en
Microsoft Windows XP Professional SP1:
Microsoft Patch Q328310_WXP_SP2_x86_ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=98F02C55-E598-4EB1-AABE-DB3BA0807685&displaylang=en
Microsoft Windows 2000 Server :
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Advanced Server :
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Professional :
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Terminal Services :
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
Microsoft Windows 2000 Server Japanese Edition :
Microsoft Patch Q328310_W2K_SP4_nec98_JA.exe
http://microsoft.com/downloads/details.aspx?FamilyId=68601571-CF9C-4BD0-B285-26C0A3DF6FCA&displaylang=ja
Microsoft Windows XP Professional :
Microsoft Windows XP Home :
Microsoft Windows 2000 Datacenter Server :
Microsoft Patch Q328310_W2K_SP4_X86_EN.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C663A0EA-F6CB-4EE1-8AFA-0C068F84A1D5&displaylang=en
浏览次数:5050
严重程度:0(网友投票)
绿盟科技给您安全的保障