01 漏洞概况
Windows 任务计划程序是系统中的一个组件,可以预先计划在特定时间或指定时间后启动程序或脚本,还可以设置为响应事件的触发形式。其中存在权限提升漏洞,攻击者可以利用该漏洞在目标系统获取更高的权限。 02 漏洞处置
综合处置优先级:高
漏洞信息
漏洞名称
Windows 任务计划程序特权提升漏洞
漏洞编号
CVE编号
CVE-2024-49039
漏洞评估
披露时间
2024-11-12
漏洞类型
权限提升
危害评级
高危
公开程度
PoC未公开
威胁类型
远程
利用情报
在野利用
是
影响产品
产品名称
Windows系统
受影响版本
Windows Server 2016 (Server Core installation),Windows Server 2016,Windows 10 Version 1607 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 for 32-bit Systems,Windows 11 Version 24H2 for x64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for ARM64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 23H2 for x64-based Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows Server 2022 (Server Core installation),Windows Server 2022 (Server Core installation),Windows Server 2022,Windows Server 2022,Windows Server 2019 (Server Core installation),Windows Server 2019,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows Server 2025 (Server Core installation),Windows Server 2025,Windows Server 2025
影响范围
广
有无修复补丁
有
01 漏洞概况
02 漏洞处置
综合处置优先级:高
漏洞信息 | 漏洞名称 | Windows 任务计划程序特权提升漏洞 |
漏洞编号 | CVE编号 | CVE-2024-49039 |
漏洞评估 | 披露时间 | 2024-11-12 |
漏洞类型 | 权限提升 | |
危害评级 | 高危 | |
公开程度 | PoC未公开 | |
威胁类型 | 远程 | |
利用情报 | 在野利用 | 是 |
影响产品 | 产品名称 | Windows系统 |
受影响版本 | Windows Server 2016 (Server Core installation),Windows Server 2016,Windows 10 Version 1607 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 for 32-bit Systems,Windows 11 Version 24H2 for x64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for ARM64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 23H2 for x64-based Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows Server 2022 (Server Core installation),Windows Server 2022 (Server Core installation),Windows Server 2022,Windows Server 2022,Windows Server 2019 (Server Core installation),Windows Server 2019,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows Server 2025 (Server Core installation),Windows Server 2025,Windows Server 2025 | |
影响范围 | 广 | |
有无修复补丁 | 有 |
03 漏洞排查
用户尽快排查windows系统版本是否存在影响版本,若存在应用使用,极大可能会受到影响。 04 修复方案
1、官方修复方案: 微软官方已更新受影响软件的安全补丁,用户可根据不同系统版本下载安装对应的安全补丁,安全更新链接如下:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49039
05 时间线
2024.11.12 厂商发布安全补丁 2024.11.21 安迈信科安全运营团队发布通告
03 漏洞排查
04 修复方案
微软官方已更新受影响软件的安全补丁,用户可根据不同系统版本下载安装对应的安全补丁,安全更新链接如下:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49039
05 时间线
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...