（CVE-2020-0787）Windows_本地提权漏洞

# （CVE-2020-0787）Windows 本地提权漏洞

## 一、漏洞概述：

2020年3月10日，微软官方公布了一个本地提权漏洞CVE-2020-0787，根据微软的漏洞描述声称，攻击者在使用低权限用户登录系统后，可以利用该漏洞构造恶意程序直接提权到administrator或者system权限。system是windows所有操作系统中权限最大的账户。

## 二、影响范围

基本上Windows全版本了

– Windows 10 for 32-bit Systems
– Windows 10 for x64-based Systems
– Windows 10 Version 1607 for 32-bit Systems
– Windows 10 Version 1607 for x64-based Systems
– Windows 10 Version 1709 for 32-bit Systems
– Windows 10 Version 1709 for ARM64-based Systems
– Windows 10 Version 1709 for x64-based Systems
– Windows 10 Version 1803 for 32-bit Systems
– Windows 10 Version 1803 for ARM64-based Systems
– Windows 10 Version 1803 for x64-based Systems
– Windows 10 Version 1809 for 32-bit Systems
– Windows 10 Version 1809 for ARM64-based Systems
– Windows 10 Version 1809 for x64-based Systems
– Windows 10 Version 1903 for 32-bit Systems
– Windows 10 Version 1903 for ARM64-based Systems
– Windows 10 Version 1903 for x64-based Systems
– Windows 10 Version 1909 for 32-bit Systems
– Windows 10 Version 1909 for ARM64-based Systems
– Windows 10 Version 1909 for x64-based Systems
– Windows 7 for 32-bit Systems Service Pack 1
– Windows 7 for x64-based Systems Service Pack 1
– Windows 8.1 for 32-bit systems
– Windows 8.1 for x64-based systems
– Windows RT 8.1
– Windows Server 2008 for 32-bit Systems Service Pack 2
– Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
– Windows Server 2008 for Itanium-Based Systems Service Pack 2
– Windows Server 2008 for x64-based Systems Service Pack 2
– Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
– Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
– Windows Server 2008 R2 for x64-based Systems Service Pack 1
– Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
– Windows Server 2012
– Windows Server 2012 (Server Core installation)
– Windows Server 2012 R2
– Windows Server 2012 R2 (Server Core installation)
– Windows Server 2016
– Windows Server 2016 (Server Core installation)
– Windows Server 2019
– Windows Server 2019 (Server Core installation)
– Windows Server, version 1803 (Server Core Installation)
– Windows Server, version 1903 (Server Core installation)
– Windows Server, version 1909 (Server Core installation

## 漏洞利用

https://github.com/cbwang505/CVE-2020-0787-EXP-ALL-WINDOWS-VERSION

POC成功会弹出SYSTEM权限CMD不适用于WebShell