【漏洞预警】微软通用纪录档系统(CLFS)驱动程式存在安全漏洞(CVE-2024-49138),请尽速确认并进行修补 - 弘光科技大学
跳到主要内容区块

SEARCH

弘光科技大学
:::
图资处系统组

【漏洞预警】微软通用纪录档系统(CLFS)驱动程式存在安全漏洞(CVE-2024-49138),请尽速确认并进行修补

公告日期:2024年12月19日张贴人:资通安全暨个资保护宣导网

教育机构ANA通报平台

发布编号 TACERT-ANA-2024121909122121 发布时间 2024-12-19 09:39:21
事故类型 ANA-漏洞预警 发现时间 2024-12-19 09:53:21
影响等级
[主旨说明:]【漏洞预警】微软通用纪录档系统(CLFS)驱动程式存在安全漏洞(CVE-2024-49138),请尽速确认并进行修补
[内容说明:]

转发 国家资安资讯分享与分析中心 NISAC-200-202412-00000021 研究人员发现微软通用纪录档系统(Common Log File System, CLFS)驱动程式存在权限提升(Elevation of Privilege)漏洞(CVE-2024-49138),允许已取得系统一般权限之本机端攻击者进一步取得系统(System)权限。该漏洞已遭骇客利用,请尽速确认并进行修补。 情资分享等级: WHITE(情资内容为可公开揭露之资讯) 烦请贵单位协助公告或转发
[影响平台:]

Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2022Windows Server 2022 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows Server 2025 (Server Core installation)Windows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 21H2 for 32-bit SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows 10 Version 21H2 for x64-based SystemsWindows 10 Version 22H2 for 32-bit SystemsWindows 10 Version 22H2 for ARM64-based SystemsWindows 10 Version 22H2 for x64-based SystemsWindows 11 Version 22H2 for ARM64-based SystemsWindows 11 Version 22H2 for x64-based SystemsWindows 11 Version 23H2 for ARM64-based SystemsWindows 11 Version 23H2 for x64-based SystemsWindows 11 Version 24H2 for ARM64-based SystemsWindows 11 Version 24H2 for x64-based SystemsWindows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2
[建议措施:]

官方已针对漏洞释出修复更新,请参考官方说明,网址如下: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49138
[参考资料:]
1. https://nvd.nist.gov/vuln/detail/CVE-2024-49138
2. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49138
3. https://www.ithome.com.tw/news/166452

    附加档案