Windows Shutdown Without Logon Check Vulnerability

漏洞信息

漏洞名称: Windows Shutdown Without Logon Check Vulnerability

漏洞类型: 配置问题

漏洞等级: 中危

漏洞描述: 该漏洞涉及Windows操作系统中的一项配置问题,具体为“无需登录即可关机”策略的启用。Windows操作系统是全球使用最广泛的桌面操作系统之一,广泛应用于个人电脑、企业服务器等多种场景。此漏洞的根源在于系统注册表中的ShutdownWithoutLogon值被设置为1,从而允许未授权用户在登录界面直接关闭系统,无需进行身份验证。这种配置问题可能导致服务中断,尤其是在企业环境中,未经授权的关机行为可能影响关键业务的连续性。攻击者可以利用此漏洞进行拒绝服务攻击,导致系统不可用。由于此漏洞不需要任何身份验证即可利用,因此其潜在影响较大,尤其是在公共或共享计算机环境中。修复建议包括将ShutdownWithoutLogon注册表值设置为0,或通过本地安全策略进行配置调整,以防止未经授权的系统关机。

产品厂商: Microsoft

产品名称: Windows

来源: https://github.com/projectdiscovery/nuclei-templates/blob/b740ee6791c0a6d36cac233d23a096ba91d2f060/code%2Fwindows%2Faudit%2Fkisa%2Fshutdown-without-logon.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

id: shutdown-without-logon

info:
  name: Shutdown Without Logon Check
  author: nukunga[SungHyunJeon]
  severity: medium
  description: |
    Ensure the "Shutdown Without Logon" policy is disabled by confirming that the ShutdownWithoutLogon registry value is set to 0. If enabled, the system permits shutdown from the logon screen, increasing the risk of unauthorized shutdowns.
  impact: |
    When enabled, this setting permits unauthorized users to shut down the system without logging in, which can lead to service interruptions.
  remediation: |
    Disable this policy by setting the ShutdownWithoutLogon registry value to 0 at:
    - HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System
    - Alternatively, configure the setting through the Local Security Policy.
  reference:
    - https://isms.kisa.or.kr/main/csap/notice/?boardId=bbs_0000000000000004&mode=view&cntId=85
  tags: code,windows-audit,kisa,registry

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      $regPath = "HKLM:\Software\Microsoft\Windows\CurrentVersion\policies\system"
      $shutdownValue = (Get-ItemProperty -Path $regPath -Name ShutdownWithoutLogon -ErrorAction SilentlyContinue).ShutdownWithoutLogon
      if ($shutdownValue -eq 0) {
          "SHUTDOWN_WITHOUT_LOGON_DISABLED"
      } else {
          "SHUTDOWN_WITHOUT_LOGON_ENABLED"
      }

    matchers:
      - type: word
        words:
          - "SHUTDOWN_WITHOUT_LOGON_ENABLED"

Github Poc
#projectdiscovery/nuclei-templates:github issues #配置问题
Windows Shutdown Without Logon Check Vulnerability
http://example.com/2025/07/10/github_244114779/
作者
lianccc
发布于
2025年7月10日
许可协议