关于Windows错误报告服务权限提升漏洞(CVE-2023-36874)的预警提示

发布者:jsut发布时间:2023-08-28浏览次数:459

一、漏洞详情

Windows错误报告服务是一项用于收集和分析系统和应用程序错误的服务。当发生应用程序崩溃、操作系统故障或其他错误时,Windows错误报告服务会自动收集有关错误的信息。

近日,监测到Windows 错误报告服务权限提升漏洞(CVE-2023-36874)。由于Windows 错误报告服务对数据的验证不恰当,经过身份认证的本地攻击者可以构造恶意程序触发该漏洞,成功利用此漏洞可以提升权限至SYSTEM

建议受影响用户做好资产自查以及预防工作,以免遭受黑客攻击。

二、影响范围

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

三、修复建议

目前微软官方已发布了修复上述漏洞的安全补丁,建议受影响用户尽快安装补丁进行防护,参考链接:https://msrc.microsoft.com/update-guide/releaseNote/2023-Jul