通告|Windows秘钥交换服务远程代码执行漏洞

admin 2022年9月29日08:01:52评论57 views字数 2045阅读6分49秒阅读模式
通告|Windows秘钥交换服务远程代码执行漏洞


01 漏洞概况 

近日,微步在线获取到Windows秘钥交换服务远程代码执行漏洞(CVE-2022-34721)情报,相关服务代码未能正确校验接收到的数据,使得攻击者能够在未认证的情况下,构造一个畸形的数据包发往服务端,对目标主机进行DDoS攻击甚至获取主机权限。Windows秘钥交换服务用于IPSec协议中的身份校验和秘钥交换,在VPN中使用较为广泛。

此次受影响版本如下:
受影响版本
是否受影响

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 Azure Edition Core Hotpatch

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems


02 漏洞评估 


公开程度:PoC 已公开

利用条件:无权限要求

交互要求:0-click 无需认证

漏洞危害:远程代码执行

03 处置建议 


1. 微软官方已发布相关补丁:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34721

2. 参考链接:
https://blog.78researchlab.com/9ed22cda-216f-434a-b063-ed78aafa4a7a

04 时间线 


2022.09.13 微软发布该漏洞补丁
2022.09.28 微步获取该漏洞PoC相关情报
2022.09.28 微步情报局发布漏洞通告

通告|Windows秘钥交换服务远程代码执行漏洞

点击下方名片,关注我们

第一时间为您推送最新威胁情报

原文始发于微信公众号(微步在线研究响应中心):通告|Windows秘钥交换服务远程代码执行漏洞

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年9月29日08:01:52
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   通告|Windows秘钥交换服务远程代码执行漏洞http://cn-sec.com/archives/1322904.html

发表评论

匿名网友 填写信息