来源

关联漏洞

描述

Windows File Explorer Spoofing Vulnerability (CVE-2025-24071)

介绍

# Security Vulnerability Report: CVE-2025-24071 - Windows File Explorer Spoofing Vulnerability

## Overview
NSFOCUS CERT has detected that Microsoft recently released a security update to address a critical spoofing vulnerability in Windows File Explorer, identified as **CVE-2025-24071**. This vulnerability has a CVSS score of 7.5, indicating its severity. The issue arises from the implicit trust and automatic file parsing behavior of `.library-ms` files in Windows Explorer. An unauthenticated attacker can exploit this vulnerability by constructing RAR/ZIP files containing a malicious SMB path. Upon decompression, this triggers an SMB authentication request, potentially exposing the user's NTLM hash. PoC (Proof of Concept) exploits for this vulnerability are now publicly available, making it a current threat. Affected users are strongly advised to apply the patch immediately to mitigate the risk.

**Reference**: [Microsoft Security Update](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24071)

---

## Scope of Impact

### Affected Versions:
* Windows 10 Version 1809 for x64-based Systems
* Windows 10 Version 1809 for 32-bit Systems
* Windows Server 2025 (Server Core installation)
* Windows Server 2025
* Windows Server 2012 R2 (Server Core installation)
* Windows Server 2012 R2
* Windows Server 2016 (Server Core installation)
* Windows Server 2016
* Windows 10 Version 1607 for x64-based Systems
* Windows 10 Version 1607 for 32-bit Systems
* Windows 10 for x64-based Systems
* Windows 10 for 32-bit Systems
* Windows 11 Version 24H2 for x64-based Systems
* Windows 11 Version 24H2 for ARM64-based Systems
* Windows Server 2022, 23H2 Edition (Server Core installation)
* Windows 11 Version 23H2 for x64-based Systems
* Windows 11 Version 23H2 for ARM64-based Systems
* Windows 10 Version 22H2 for 32-bit Systems
* Windows 10 Version 22H2 for ARM64-based Systems
* Windows 10 Version 22H2 for x64-based Systems
* Windows 11 Version 22H2 for x64-based Systems
* Windows 11 Version 22H2 for ARM64-based Systems
* Windows 10 Version 21H2 for x64-based Systems
* Windows 10 Version 21H2 for ARM64-based Systems
* Windows 10 Version 21H2 for 32-bit Systems
* Windows Server 2022 (Server Core installation)
* Windows Server 2022
* Windows Server 2019 (Server Core installation)
* Windows Server 2019

---

## Detection

To determine whether your system is at risk, follow these steps:

1. **Check System Version:**
   - Press **Win+R**, type `winver`, and press **Enter**. This will display the version and build number of your Windows operating system.
   
2. **Verify Patch Installation:**
   - Open **Command Prompt** and run `systeminfo` to check the details of installed patches.

---

## Mitigation

Microsoft has released a security patch to address this vulnerability for all supported versions. It is crucial to apply the patch as soon as possible to protect against potential exploitation.

### Patch Installation:
- **Download the patch**: [Microsoft Security Update](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24071)
- **Windows Update**: Go to **Settings** → **Update & Security** → **Windows Update**. Check for updates and ensure the patch has been installed.
- **View Update History**: If the patch installation fails, you can view the update history or manually download the update from the [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Home.aspx).

If the patch fails to install through Windows Update, you can manually download and install the standalone package by visiting the Microsoft Update Catalog.

---

For further information and updates, refer to the official [Microsoft Security Response Center](https://msrc.microsoft.com).

文件快照

 [4.0K]  /data/pocs/673387581d313c39821aaa33e115c892e83d2a5f
├── [7.1K]  exploit.py
├── [1.0K]  LICENSE
├── [3.6K]  README.md
└── [   8]  requirements.txt

0 directories, 4 files

备注