当前位置:首页 > 报告详情

一个漏洞就能解决所有问题:稳定利用 Windows Server 2025 上的预认证远程代码执行漏洞.pdf

上传人: 竿*** 编号:981786 2025-11-29 46页 1.82MB

1、#BHAS BlackHatEventsOne Bug to Rule Them All:Stably Exploiting a Preauth RCE Vulnerability on Windows Server 2025Speakers:Dr.Zhiniang Peng HUST&Cyber-KunlunZishan LinVer#BHAS BlackHatEventsWhoAmIZhiniang Peng edwardzpengAssociate Professor HUSTPart-time Researcher Cyber-KunlunPhD in Cryptography,Pub

2、lished many research in both Industry&AcademiaMore about me:https:/ University of Science and TechnologyCyber-Kunlun:World-Leading Security Research Lab in China#BHAS BlackHatEventsWhoAmIZishan Lin Security ResearcherFocus on Windows Security for years#BHAS BlackHatEventsWhoAmIVer Ver0759Security Re

3、searcherFocus on Windows/IOT/BlockChain Security for three yearsMSRC MVR#BHAS BlackHatEventsAgendaIntroductionRemote Desktop License RPC Service InternalsCVE-2024-38077Exploitation OverviewPlaying with the LFHSummary#BHAS BlackHatEventsIntroduction#BHAS BlackHatEventsPreauth bugs&exploitations The h

4、istory of Windows Preauth RCE Memory Corruption ExploitationCVE-2014-6321 WinShockCVE-2017-0144 Eternal BlueCVE-2019-0708 BluekeepCVE-2020-0796 SMBGhost Every year there are numerous preauth memory corruption vulnerabilities in Windows,but only a few ofthese are really have exploitation.Part of memo

5、ry corruption vulnerabilities in 2024#BHAS BlackHatEventsMitigation in Windows Mitigation in modern WindowsControl Flow Guard(CFG)GuardStack(GS)/CanaryArbitrary Code Guard(ACG)Control-Flow Enforcement Technology(CET)Address Space Layout Randomization(ASLR)CVE-2024-38077 MadlicenseWindows Remote Desk

6、top License Server Preauth RCE One bug to Rule Them All#BHAS BlackHatEventsRemote Desktop Service Remote Desktop Service is a core service on WindowsPersonal Remote AccessServer ManagementRemote Desktop Rental Services Many historical security vulnerabilitiesFrom CVE-2012-0002 to CVE-2024-43599No re

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: 1. **Windows预认证远程代码执行(RCE)漏洞历史**:文章回顾了Windows历史上多个预认证RCE漏洞,如CVE-2014-6321 WinShock、CVE-2017-0144 Eternal Blue等,指出每年都有大量内存损坏漏洞,但只有少数可被利用。 2. **CVE-2024-38077 Madlicense漏洞**:这是Windows远程桌面许可服务器的一个预认证RCE漏洞,利用该漏洞可实现远程代码执行。 3. **漏洞利用概述**:文章详细介绍了利用CVE-2024-38077的步骤,包括泄露地址、绕过ASLR、劫持Rip和Bypass CFG等。 4. **LFH(低碎片堆)利用**:文章探讨了如何利用LFH的特性进行堆喷和创建漏洞,从而实现攻击。 5. **总结**:文章强调,尽管Windows的安全强化措施阻止了许多漏洞的利用,但Madlicense漏洞再次证明了旧漏洞的威胁。
揭秘Windows漏洞新纪元" 漏洞背后的秘密" 一个漏洞统治一切?"
客服
商务合作
小程序
服务号
折叠