PowerShell远程代码执行漏洞风险提示(CVE-2022-44877)

admin 2023年1月11日01:12:53评论113 views字数 3034阅读10分6秒阅读模式
PowerShell远程代码执行漏洞风险提示(CVE-2022-44877)


漏洞公告

近日,安恒信息CERT监测到针对PowerShell远程代码执行漏洞(CVE-2022-41076)的技术细节(称为TabShell)在互联网上公开。经过身份认证的远程攻击者可利用此漏洞绕过沙箱限制在目标机器上执行任意代码。此漏洞影响范围广泛,目前漏洞细节及POC已公开,官方已发布安全版本,建议受影响的用户尽快采取安全措施。


参考链接:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41076



影响范围


受影响版本:

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

PowerShell 7.3

PowerShell 7.2



漏洞描述


PowerShell是一种功能强大的脚本语言和shell程序框架,PowerShell可在Windows、Linux和macOS上运行。

PowerShell远程代码执行漏洞(CVE-2022-41076):经过身份验证的远程攻击者可以在remote powershell会话中使用TabExpansion cmdlet,结合目录穿越载入任意dll,导致攻击者可以执行原本不能执行的cmdlet,从而在目标机器上执行任意代码。

细节是否公开 POC状态 EXP状态 在野利用
公开 已公开 未发现






缓解措施


高危:目前漏洞细节和利用代码已公开,官方已发布新版本修复了此漏洞,建议受影响用户及时升级更新到安全版本。

官方建议:

1、目前官方已发布补丁修复上述漏洞,建议受影响的用户尽快应用补丁。

获取链接:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41076


安恒信息CERT

2023年1月

原文始发于微信公众号(安恒信息CERT):PowerShell远程代码执行漏洞风险提示(CVE-2022-44877)

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2023年1月11日01:12:53
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   PowerShell远程代码执行漏洞风险提示(CVE-2022-44877)http://cn-sec.com/archives/1511599.html

发表评论

匿名网友 填写信息