Windows NEGOEX
远程代码执行漏洞
(CVE-2022-37958)
2022 年 9 月,Microsoft 修补了 SPNEGO NEGOEX 中的一个信息泄露漏洞 (CVE-2022-37958)。12 月 13 日, IBM Security X-Force Red 的安全研究员 Valentina Palmiotti 发现该漏洞可能允许攻击者远程执行代码后,Microsoft 将该漏洞重新评定为严重级别,CVSS 评分提升到 8.1:
https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/
漏洞描述
CVE-2022-37958 漏洞存在于 Windows SPNEGO 扩展协商 (NEGOEX) 安全机制中,该机制允许客户端和服务器协商选择要使用的安全机制。攻击者可在未经过认证的情况下,通过任何涉及身份验证的 Windows 应用协议(例如 SMB、RDP 等)来使用 NEGOEX 协议,从而进行漏洞利用,可能造成远程代码执行等危害。
Microsoft 已重新将此漏洞评级为严重,所有类别都被评为最高严重性,但利用复杂度被评定为较高、漏洞可利用程度被评定为“Exploitation Less Likely(不太可能被利用)”,这意味着漏洞利用可能较为复杂或需要多次尝试。尽管如此,考虑到目前已有攻击服务器重启的漏洞验证视频传出,受漏洞影响的用户仍需尽快更新升级安全补丁。
影响范围
-
Windows Server 2012 R2 (Server Core installation)
-
Windows Server 2012 R2 (Server Core installation)
-
Windows Server 2012 R2
-
Windows Server 2012 R2
-
Windows Server 2012 (Server Core installation)
-
Windows Server 2012 (Server Core installation)
-
Windows Server 2012
-
Windows Server 2012
-
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
-
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
-
Windows Server 2008 R2 for x64-based Systems Service Pack 1
-
Windows Server 2008 R2 for x64-based Systems Service Pack 1
-
Windows RT 8.1
-
Windows 8.1 for x64-based systems
-
Windows 8.1 for x64-based systems
-
Windows 8.1 for 32-bit systems
-
Windows 8.1 for 32-bit systems
-
Windows 7 for x64-based Systems Service Pack 1
-
Windows 7 for x64-based Systems Service Pack 1
-
Windows 10 Version 21H2 for 32-bit Systems
-
Windows 11 for ARM64-based Systems
-
Windows 11 for x64-based Systems
-
Windows 7 for 32-bit Systems Service Pack 1
-
Windows 7 for 32-bit Systems Service Pack 1
-
Windows Server 2016 (Server Core installation)
-
Windows Server 2016
-
Windows 10 Version 1607 for x64-based Systems
-
Windows 10 Version 1607 for 32-bit Systems
-
Windows 10 for x64-based Systems
-
Windows 10 for 32-bit Systems
-
Windows 10 Version 21H2 for x64-based Systems
-
Windows 10 Version 21H2 for ARM64-based Systems
-
Windows 10 Version 20H2 for ARM64-based Systems
-
Windows 10 Version 20H2 for 32-bit Systems
-
Windows 10 Version 20H2 for x64-based Systems
-
Windows Server 2022 Datacenter: Azure Edition
-
Windows Server 2022 (Server Core installation)
-
Windows Server 2022
-
Windows 10 Version 21H1 for 32-bit Systems
-
Windows 10 Version 21H1 for ARM64-based Systems
-
Windows 10 Version 21H1 for x64-based Systems
-
Windows Server 2019 (Server Core installation)
-
Windows Server 2019
-
Windows 10 Version 1809 for ARM64-based Systems
-
Windows 10 Version 1809 for x64-based Systems
-
Windows 10 Version 1809 for 32-bit Systems
解决方案
微软在9月份时已发布此漏洞的安全补丁,Windows 系统用户可通过默认开启的安全更新检查进行漏洞修复更新,也可以访问以下链接手动安装相关的漏洞补丁:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37958
产品支持
-
牧云:已发布漏洞检测升级包支持对上述漏洞进行检测,可前往升级平台发布下载更新;
参考资料
-
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37958
-
https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/
原文始发于微信公众号(长亭技术沙盒):漏洞风险提示 | Windows NEGOEX 远程代码执行漏洞(CVE-2022-37958)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论