cnvd-2018-25703
Vulnerability from cnvd
Title
Microsoft Windows Subsystem for Linux权限访问控制漏洞
Description
Microsoft Windows 10和Windows Server Version 1803都是美国微软(Microsoft)公司发布操作系统。Microsoft Windows 10是一套个人电脑使用的操作系统。Windows Server Version 1803是一套服务器操作系统。Windows Subsystem for Linux是其中的一个Linux子系统。 Microsoft Windows Subsystem for Linux中存在权限访问控制漏洞。攻击者可通过运行特制的应用程序利用该漏洞以提升的权限执行代码。
Severity
Patch Name
Microsoft Windows Subsystem for Linux权限访问控制漏洞的补丁
Patch Description
Microsoft Windows 10和Windows Server Version 1803都是美国微软(Microsoft)公司发布操作系统。Microsoft Windows 10是一套个人电脑使用的操作系统。Windows Server Version 1803是一套服务器操作系统。Windows Subsystem for Linux是其中的一个Linux子系统。 Microsoft Windows Subsystem for Linux中存在权限访问控制漏洞。攻击者可通过运行特制的应用程序利用该漏洞以提升的权限执行代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8441

Reference
https://www.securityfocus.com/bid/105271 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8441
Impacted products
Name
['Microsoft Windows 10 1803', 'Microsoft Windows Server 1803']
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "105271"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8441"
    }
  },
  "description": "Microsoft Windows 10\u548cWindows Server Version 1803\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u64cd\u4f5c\u7cfb\u7edf\u3002Microsoft Windows 10\u662f\u4e00\u5957\u4e2a\u4eba\u7535\u8111\u4f7f\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Windows Server Version 1803\u662f\u4e00\u5957\u670d\u52a1\u5668\u64cd\u4f5c\u7cfb\u7edf\u3002Windows Subsystem for Linux\u662f\u5176\u4e2d\u7684\u4e00\u4e2aLinux\u5b50\u7cfb\u7edf\u3002\n\nMicrosoft Windows Subsystem for Linux\u4e2d\u5b58\u5728\u6743\u9650\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8fd0\u884c\u7279\u5236\u7684\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4ee3\u7801\u3002",
  "discovererName": "Anthony LAOU HINE TSUEI of Tencent Keen Security Lab",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8441",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-25703",
  "openTime": "2018-12-14",
  "patchDescription": "Microsoft Windows 10\u548cWindows Server Version 1803\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u64cd\u4f5c\u7cfb\u7edf\u3002Microsoft Windows 10\u662f\u4e00\u5957\u4e2a\u4eba\u7535\u8111\u4f7f\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Windows Server Version 1803\u662f\u4e00\u5957\u670d\u52a1\u5668\u64cd\u4f5c\u7cfb\u7edf\u3002Windows Subsystem for Linux\u662f\u5176\u4e2d\u7684\u4e00\u4e2aLinux\u5b50\u7cfb\u7edf\u3002\r\n\r\nMicrosoft Windows Subsystem for Linux\u4e2d\u5b58\u5728\u6743\u9650\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8fd0\u884c\u7279\u5236\u7684\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Windows Subsystem for Linux\u6743\u9650\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows 10 1803",
      "Microsoft Windows Server 1803"
    ]
  },
  "referenceLink": "https://www.securityfocus.com/bid/105271\r\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8441",
  "serverity": "\u4e2d",
  "submitTime": "2018-09-12",
  "title": "Microsoft Windows Subsystem for Linux\u6743\u9650\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.