支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: 5f0970d6f39261abb42deb3ddf6dad63b1a3cde1

来源
https://github.com/tandasat/CVE-2024-21305
关联漏洞
标题:Microsoft Hypervisor-Protected Code Integrity 安全漏洞 (CVE-2024-21305)
Description:Microsoft Hypervisor-Protected Code Integrity是美国微软(Microsoft)公司的一个Windows的安全功能,使恶意程序难以使用低级别驱动程序劫持计算机。 Microsoft Hypervisor-Protected Code Integrity存在安全漏洞。攻击者利用该漏洞可以绕过某些功能。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x
Description
Report and exploit of CVE-2024-21305.
介绍
# CVE-2024-21305

This repo contains the report and PoC of [CVE-2024-21305](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21305), the non-secure Hypervisor-Protected Code Integrity (HVCI) configuration vulnerability. This vulnerability allowed arbitrary kernel-mode code execution, effectively bypassing HVCI, within the root partition. For the root cause, read the [blog post](https://tandasat.github.io/blog/2024/01/15/CVE-2024-21305.html) coauthored with Andrea Allievi ([@aall86](https://twitter.com/aall86)), a Windows Core OS engineer who analyzed and fixed the issue.

The [report](./Report/README.md) in this repo is what I sent to MSRC, which contains the PoC and an initial analysis of the issue.

[![Demo](https://img.youtube.com/vi/JrGI_4HgY4c/0.jpg)](https://www.youtube.com/watch?v=JrGI_4HgY4c)


## Timeline

- July 2, Satoshi consulted Andrea for the validity of the bug.
- July 16, Satoshi sent an initial report to Andrea.
- July 20, Satoshi submitted a formal report to MSRC.
- Aug 31, Satoshi agreed with the disclosure day to be January 9th, 2024.
- Oct 17, MSRC notified Satoshi that the report was in the scope of bug bounty and eligible for 1000 USD.
- January 9, 2024, MSFT disclosed and released the fix for the issue.

Thanks MSRC for transparent communication and the engineering team, specifically Andrea, for fixing this issue.
文件快照

 [4.0K]  /data/pocs/5f0970d6f39261abb42deb3ddf6dad63b1a3cde1
├── [1.0K]  LICENSE
├── [1.3K]  README.md
└── [4.0K]  Report
    ├── [7.7K]  README.md
    ├── [4.0K]  wx
    │   ├── [4.0K]  beep
    │   │   ├── [ 246]  beep.cpp
    │   │   ├── [6.4K]  beep.vcxproj
    │   │   └── [ 956]  beep.vcxproj.filters
    │   ├── [4.0K]  wx
    │   │   ├── [1.4K]  driver.cpp
    │   │   ├── [ 436]  source.asm
    │   │   ├── [6.2K]  wx.vcxproj
    │   │   └── [ 603]  wx.vcxproj.filters
    │   └── [3.2K]  wx.sln
    ├── [ 20K]  xps15_dump_ept.txt
    └── [9.7K]  xps15_memmap.txt

4 directories, 13 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。