根据微软11月的安全更新信息,Microsoft Windows Active Directory域服务存在权限提升漏洞(CVE-2021-42278、CVE-2021-42287)。
Microsoft Windows Active Directory域服务权限提升漏洞(CVE-2021-42278、CVE-2021-42287)相关利用PoC在互联网公开。攻击者可利用该漏洞将域内的普通用户权限提升到域管理员权限,由此造成风险和危害极大。
2#漏洞详情
CVE-2021-42278
- Microsoft Windows Active Directory 域服务权限提升漏洞
- CVSS 3.0 : 8.8分
- Microsoft Windows Active Directory 域服务权限提升漏洞
- CVSS 3.0 : 8.8分
鉴于上述漏洞影响范围大,潜在危害性高,请各单位务必重视,及时通报预警,组织本单位开展隐患排查,受影响用户要尽快处置。同时,要落实安全防护措施,提升安全防护能力,完善事件应急处置预案,加强安全监测和值班值守。发现网络攻击情况要第一时间启动应急处置预案并及时报告。
3#漏洞状态
漏洞细节:已经公开
漏洞Poc:已经公开
漏洞Exp:已经公开
4#影响版本
CVE-2021-42278:
- Windows Server 2012 R2
- Windows Server 2012 (Server Core installation)
- Windows Server 2012
- Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation)
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2016 (Server Core installation)
- Windows Server 2016
- Windows Server, version 20H2 (Server Core Installation)
- Windows Server, version 2004 (Server Core installation)
- Windows Server 2022 (Server Core installation)
- Windows Server 2019 (Server Core installation)
- Windows Server 2022? Windows Server 2019
- Windows Server 2012 R2 (Server Core installation)
CVE-2021-42287:
- Windows Server 2012 R2 (Server Core installation)
- Windows Server 2012 R2
- Windows Server 2012 (Server Core installation)
- Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
- Windows Server 2012
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation)
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2016 (Server Core installation)
- Windows Server 2016? Windows Server, version 20H2 (Server Core Installation)
- Windows Server, version 2004 (Server Core installation)
- Windows Server 2022 (Server Core installation)
- Windows Server 2022
- Windows Server 2019 (Server Core installation)
- Windows Server 2019
目前官方已提供修复补丁,建议使用Windows Update完成补丁更新工作;对于无法使用Windows Update自动更新的设备,可手动下载相关补丁进行更新
补丁获取链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42278
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287
发表评论