CVE-2024-49076— Microsoft Windows Virtualization-Based Security Enclave 授权问题漏洞
影响版本矩阵 13
| 厂商 | 产品 | 版本范围 | 状态 |
|---|---|---|---|
| Microsoft | Windows 10 Version 1809 | 10.0.17763.0< 10.0.17763.6659 | affected |
| Microsoft | Windows 10 Version 21H2 | 10.0.19043.0< 10.0.19044.5247 | affected |
| Microsoft | Windows 10 Version 22H2 | 10.0.19045.0< 10.0.19045.5247 | affected |
| Microsoft | Windows 11 version 22H2 | 10.0.22621.0< 10.0.22621.4602 | affected |
| Microsoft | Windows 11 version 22H3 | 10.0.22631.0< 10.0.22631.4602 | affected |
| Microsoft | Windows 11 Version 23H2 | 10.0.22631.0< 10.0.22631.4602 | affected |
| Microsoft | Windows 11 Version 24H2 | 10.0.26100.0< 10.0.26100.2605 | affected |
| Microsoft | Windows Server 2019 | 10.0.17763.0< 10.0.17763.6659 | affected |
| Microsoft | Windows Server 2019 (Server Core installation) | 10.0.17763.0< 10.0.17763.6659 | affected |
| Microsoft | Windows Server 2022 | 10.0.20348.0< 10.0.20348.2966 | affected |
| Microsoft | Windows Server 2022, 23H2 Edition (Server Core installation) | 10.0.25398.0< 10.0.25398.1308 | affected |
| Microsoft | Windows Server 2025 | 10.0.26100.0< 10.0.26100.2605 | affected |
| Microsoft | Windows Server 2025 (Server Core installation) | 10.0.26100.0< 10.0.26100.2605 | affected |
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2024-49076 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
认证机制不恰当
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Microsoft Windows Virtualization-Based Security Enclave 授权问题漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Microsoft Windows Virtualization-Based Security Enclave(Microsoft Windows VBS Enclave)是美国微软(Microsoft)公司的一种主机应用程序地址空间内基于软件的受信任执行环境。 Microsoft Windows Virtualization-Based Security Enclave存在授权问题漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-b
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
| 厂商 | 产品 | 影响版本 | CPE | 订阅 |
|---|---|---|---|---|
| Microsoft | Windows 10 Version 1809 | 10.0.17763.0 ~ 10.0.17763.6659 | - | |
| Microsoft | Windows 10 Version 21H2 | 10.0.19043.0 ~ 10.0.19044.5247 | - | |
| Microsoft | Windows 10 Version 22H2 | 10.0.19045.0 ~ 10.0.19045.5247 | - | |
| Microsoft | Windows 11 version 22H2 | 10.0.22621.0 ~ 10.0.22621.4602 | - | |
| Microsoft | Windows 11 version 22H3 | 10.0.22631.0 ~ 10.0.22631.4602 | - | |
| Microsoft | Windows 11 Version 23H2 | 10.0.22631.0 ~ 10.0.22631.4602 | - | |
| Microsoft | Windows 11 Version 24H2 | 10.0.26100.0 ~ 10.0.26100.2605 | - | |
| Microsoft | Windows Server 2019 | 10.0.17763.0 ~ 10.0.17763.6659 | - | |
| Microsoft | Windows Server 2019 (Server Core installation) | 10.0.17763.0 ~ 10.0.17763.6659 | - | |
| Microsoft | Windows Server 2022 | 10.0.20348.0 ~ 10.0.20348.2966 | - | |
| Microsoft | Windows Server 2022, 23H2 Edition (Server Core installation) | 10.0.25398.0 ~ 10.0.25398.1308 | - | |
| Microsoft | Windows Server 2025 | 10.0.26100.0 ~ 10.0.26100.2605 | - | |
| Microsoft | Windows Server 2025 (Server Core installation) | 10.0.26100.0 ~ 10.0.26100.2605 | - |
二、漏洞 CVE-2024-49076 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2024-49076 的情报信息
请登录查看更多情报信息。
CVE-2024-49076 厂商安全公告 (1)
同批安全公告 · Microsoft · 2024-12-10 · 共 71 条
| CVE-2024-49112 | 9.8 CRITICAL | Microsoft Lightweight Directory Access Protocol 输入验证错误漏洞 |
| CVE-2024-49125 | 8.8 HIGH | Microsoft Windows Routing and Remote Access Service 安全漏洞 |
| CVE-2024-49080 | 8.8 HIGH | Microsoft Windows IP Routing Management Snapin 安全漏洞 |
| CVE-2024-49117 | 8.8 HIGH | Microsoft Hyper-V 安全漏洞 |
| CVE-2024-49086 | 8.8 HIGH | Microsoft Windows Routing and Remote Access Service 安全漏洞 |
| CVE-2024-49085 | 8.8 HIGH | Microsoft Windows Routing and Remote Access Service 安全漏洞 |
| CVE-2024-49093 | 8.8 HIGH | Microsoft Windows Resilient File System 安全漏洞 |
| CVE-2024-49102 | 8.8 HIGH | Microsoft Windows Routing and Remote Access Service 安全漏洞 |
| CVE-2024-49104 | 8.8 HIGH | Microsoft Windows Routing and Remote Access Service 安全漏洞 |
| CVE-2024-49063 | 8.4 HIGH | Microsoft Muzic 代码问题漏洞 |
| CVE-2024-49105 | 8.4 HIGH | Microsoft Remote Desktop Client 访问控制错误漏洞 |
| CVE-2024-49068 | 8.2 HIGH | Microsoft SharePoint 访问控制错误漏洞 |
| CVE-2024-49108 | 8.1 HIGH | Microsoft Windows Remote Desktop Services 安全漏洞 |
| CVE-2024-49119 | 8.1 HIGH | Microsoft Windows Remote Desktop Services 安全漏洞 |
| CVE-2024-49123 | 8.1 HIGH | Microsoft Windows Remote Desktop Services 安全漏洞 |
| CVE-2024-49124 | 8.1 HIGH | Microsoft Lightweight Directory Access Protocol 竞争条件问题漏洞 |
| CVE-2024-49126 | 8.1 HIGH | Microsoft Windows Local Security Authority Subsystem Service 安全漏洞 |
| CVE-2024-49132 | 8.1 HIGH | Microsoft Windows Remote Desktop Services 安全漏洞 |
| CVE-2024-49128 | 8.1 HIGH | Microsoft Windows Remote Desktop Services 安全漏洞 |
| CVE-2024-49122 | 8.1 HIGH | Microsoft Message Queuing 资源管理错误漏洞 |
显示前 20 条,共 71 条。 查看全部 → →
IV. Related Vulnerabilities
Same product: Windows 10 Version 1809
V. Comments for CVE-2024-49076
暂无评论