【漏洞通告】Windows Kerberos 安全功能绕过漏洞

2024年1月11日12:36:22评论42 views字数 2310阅读7分42秒阅读模式

【漏洞通告】Windows Kerberos 安全功能绕过漏洞

01 漏洞概况

Kerberos是一种计算机网络授权协议，用来在非安全网络中，对个人通信以安全的手段进行身份认证。其中存在安全功能绕过漏洞，攻击者可以利用该漏洞在绕过目标系统上的安全功能，做出规定之外的行为。

02 漏洞处置

综合处置优先级：高

漏洞信息

漏洞名称

Windows Kerberos 安全功能绕过漏洞

漏洞编号

CVE编号

CVE-2024-20674

漏洞评估

披露时间

2024-01-09

漏洞类型

绕过认证

危害评级

高危

公开程度

PoC未公开

威胁类型

远程

利用情报

在野利用

是

影响产品

产品名称

Windows Kerberos

受影响版本

23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems、Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2022

影响范围

广

有无修复补丁

有

03 漏洞排查

用户尽快排查系统是否下载安全补丁

04 修复方案

官方修复方案：

微软官方已更新受影响软件的安全补丁，用户可根据不同系统版本下载安装对应的安全补丁，安全更新链接如下：https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674

05 时间线

2024.01.09 厂商发布安全补丁

2024.01.11 安迈信科安全运营团队发布通告

原文始发于微信公众号（安迈信科应急响应中心）：【漏洞通告】Windows Kerberos 安全功能绕过漏洞

左青龙
微信扫一扫

右白虎
微信扫一扫

本文由 admin 发表于 2024年1月11日12:36:22
转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出)：
【漏洞通告】Windows Kerberos 安全功能绕过漏洞https://cn-sec.com/archives/2383602.html

目录

8888