关联漏洞
标题:Microsoft Hyper-V 安全漏洞 (CVE-2023-36427)Description:Microsoft Hyper-V是美国微软(Microsoft)公司的一个应用程序。一种系统管理程序虚拟化技术,能够实现桌面虚拟化。 Microsoft Hyper-V存在安全漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Win
Description
Report and exploit of CVE-2023-36427
介绍
# CVE-2023-36427
This repo contains the report and exploit of [CVE-2023-36427](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36427), memory corruption at arbitrary physical addresses from the root partition on Windows. The details and exploit of the vulnerability are in the [report](report.md) sent to Microsoft.
[](https://www.youtube.com/watch?v=NAhhJkA73mY)
## Timeline
- July 2 - Sent a report to a friend of mine at Microsoft.
- July 11 - Received a reply from a member of the team responsible for the issue.
- August 8 - Received a proposal to make the disclosure date November 14.
- August 9 - Agreed with the proposal.
- November 14 - The fix was released.
- November 15 - Disclosed the issue. Notified that the issue was eligible for a 2000 USD bounty award.
Thanks MSRC for transparent communication, the engineering team for fixing this on time, and Andrea ([@aall86](https://twitter.com/aall86)) for helping me share the issue and connecting with the right folks within Microsoft.
文件快照
[4.0K] /data/pocs/9f2ad1be6a35336779ceeb29beac50cbbe7a1f70
├── [1.0K] LICENSE
├── [4.0K] PoC
│ ├── [4.0K] msr
│ │ ├── [1.7K] Driver.cpp
│ │ ├── [6.0K] msr.vcxproj
│ │ └── [ 494] msr.vcxproj.filters
│ └── [1.7K] msr.sln
├── [1.0K] README.md
└── [ 11K] report.md
2 directories, 7 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。