cnvd - cnvd-2018-00515

cnvd-2018-00515

Vulnerability from cnvd

Title: Microsoft Windows Server Message Block权限提升漏洞

Description:

Microsoft Windows 7 SP1等都是美国微软（Microsoft）公司发布的操作系统。Server Message Block（SMB）Server是其中的一个为计算机提供身份验证用以访问服务器上打印机和文件系统的组件。

Microsoft Windows中的SMB Server存在权限提升漏洞。攻击者可通过登录系统并运行特制的应用程序利用该漏洞绕过安全检查，控制受影响的系统。

Severity: 高

Patch Name: Microsoft Windows Server Message Block权限提升漏洞的补丁

Patch Description:

Microsoft Windows中的SMB Server存在权限提升漏洞。攻击者可通过登录系统并运行特制的应用程序利用该漏洞绕过安全检查，控制受影响的系统。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0749

Reference: https://www.securityfocus.com/bid/102355

Impacted products

Name
['Microsoft Windows Server 2008 R2 SP1', 'Microsoft Windows Server 2008 SP2', 'Microsoft Windows 7 SP1', 'Microsoft Windows Windows Server 2012', 'Microsoft Windows 8.1', 'Microsoft Windows Server 2012 R2', 'Microsoft Windows RT 8.1', 'Microsoft Windows 10 Gold', 'Microsoft Windows 10 1511', 'Microsoft Windows 10 1607', 'Microsoft Windows Server 2016', 'Microsoft Windows 10 1703', 'Microsoft Windows 10 1709', 'Microsoft Windows Server 1709']

Name

['Microsoft Windows Server 2008 R2 SP1', 'Microsoft Windows Server 2008 SP2', 'Microsoft Windows 7 SP1', 'Microsoft Windows Windows Server 2012', 'Microsoft Windows 8.1', 'Microsoft Windows Server 2012 R2', 'Microsoft Windows RT 8.1', 'Microsoft Windows 10 Gold', 'Microsoft Windows 10 1511', 'Microsoft Windows 10 1607', 'Microsoft Windows Server 2016', 'Microsoft Windows 10 1703', 'Microsoft Windows 10 1709', 'Microsoft Windows Server 1709']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102355"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0749"
    }
  },
  "description": "Microsoft Windows 7 SP1\u7b49\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Server Message Block\uff08SMB\uff09Server\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u4e3a\u8ba1\u7b97\u673a\u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u7528\u4ee5\u8bbf\u95ee\u670d\u52a1\u5668\u4e0a\u6253\u5370\u673a\u548c\u6587\u4ef6\u7cfb\u7edf\u7684\u7ec4\u4ef6\u3002\r\n\r\nMicrosoft Windows\u4e2d\u7684SMB Server\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u767b\u5f55\u7cfb\u7edf\u5e76\u8fd0\u884c\u7279\u5236\u7684\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u68c0\u67e5\uff0c\u63a7\u5236\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u3002",
  "discovererName": "James Forshaw of Google Project Zero",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0749",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-00515",
  "openTime": "2018-01-09",
  "patchDescription": "Microsoft Windows 7 SP1\u7b49\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Server Message Block\uff08SMB\uff09Server\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u4e3a\u8ba1\u7b97\u673a\u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u7528\u4ee5\u8bbf\u95ee\u670d\u52a1\u5668\u4e0a\u6253\u5370\u673a\u548c\u6587\u4ef6\u7cfb\u7edf\u7684\u7ec4\u4ef6\u3002\r\n\r\nMicrosoft Windows\u4e2d\u7684SMB Server\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u767b\u5f55\u7cfb\u7edf\u5e76\u8fd0\u884c\u7279\u5236\u7684\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u68c0\u67e5\uff0c\u63a7\u5236\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Windows Server Message Block\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows Server 2008 R2 SP1",
      "Microsoft Windows Server 2008 SP2",
      "Microsoft Windows 7 SP1",
      "Microsoft Windows Windows Server 2012",
      "Microsoft Windows 8.1",
      "Microsoft Windows Server 2012 R2",
      "Microsoft Windows RT 8.1",
      "Microsoft Windows 10 Gold",
      "Microsoft Windows 10  1511",
      "Microsoft Windows 10 1607",
      "Microsoft Windows Server 2016",
      "Microsoft Windows 10 1703",
      "Microsoft Windows 10 1709",
      "Microsoft Windows Server 1709"
    ]
  },
  "referenceLink": "https://www.securityfocus.com/bid/102355",
  "serverity": "\u9ad8",
  "submitTime": "2018-01-05",
  "title": "Microsoft Windows Server Message Block\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2018-0749 (GCVE-0-2018-0749)

Vulnerability from cvelistv5

Published

2018-01-04 14:00

Modified

2024-09-16 16:48

Severity ?

CWE

Elevation of Privilege

Summary

The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way SMB Server handles specially crafted files, aka "Windows Elevation of Privilege Vulnerability".

References

▼	URL	Tags
	http://www.securitytracker.com/id/1040096	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/102355	vdb-entry, x_refsource_BID
	https://www.exploit-db.com/exploits/43517/	exploit, x_refsource_EXPLOIT-DB
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0749	x_refsource_CONFIRM
	https://95cnsec.com/windows-smb-cve-2018-0749-exploit.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Microsoft Corporation	SMB Server	Version: Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:35:49.381Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040096",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040096"
          },
          {
            "name": "102355",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102355"
          },
          {
            "name": "43517",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/43517/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0749"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://95cnsec.com/windows-smb-cve-2018-0749-exploit.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SMB Server",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709"
            }
          ]
        }
      ],
      "datePublic": "2018-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way SMB Server handles specially crafted files, aka \"Windows Elevation of Privilege Vulnerability\"."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-13T10:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1040096",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040096"
        },
        {
          "name": "102355",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102355"
        },
        {
          "name": "43517",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/43517/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0749"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://95cnsec.com/windows-smb-cve-2018-0749-exploit.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "DATE_PUBLIC": "2018-01-03T00:00:00",
          "ID": "CVE-2018-0749",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SMB Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way SMB Server handles specially crafted files, aka \"Windows Elevation of Privilege Vulnerability\"."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040096",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040096"
            },
            {
              "name": "102355",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102355"
            },
            {
              "name": "43517",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/43517/"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0749",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0749"
            },
            {
              "name": "https://95cnsec.com/windows-smb-cve-2018-0749-exploit.html",
              "refsource": "MISC",
              "url": "https://95cnsec.com/windows-smb-cve-2018-0749-exploit.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-0749",
    "datePublished": "2018-01-04T14:00:00Z",
    "dateReserved": "2017-12-01T00:00:00",
    "dateUpdated": "2024-09-16T16:48:08.144Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted