一、漏洞详情

Windows内核是Windows系统的核心，负责管理系统的进程、内存、设备驱动程序、文件和网络系统等，它是连接应用程序和硬件的桥梁。

近日，监测到Windows内核权限提升漏洞（CVE-2023-35359）的PoC在互联网上公开。该漏洞利用了Windows在模拟过程中存在与替换系统驱动器盘符相关的问题，能够在目标机器上创建文件夹和跟踪性能的本地低权限用户可利用该漏洞欺骗特权进程从不受信任的位置加载配置文件和其他资源，从而导致特权提升。

建议受影响用户做好资产自查以及预防工作，以免遭受黑客攻击。

二、影响范围

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

三、修复建议

Microsoft官方下载相应补丁进行更新。

下载链接：https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35359