0x01 Microsoft Windows
Microsoft Windows是美国微软公司以图形用户界面为基础研发的操作系统,主要运用于计算机、智能手机等设备。共有普通版本、服务器版本(Windows Server)、手机版本(Windows Phone)、嵌入式版本(Windows CE、Windows for IoT)等子系列,是全球应用最广泛的操作系统之一。
0x02 漏洞描述
近日,微步在线通报漏洞,获取到Windows秘钥交换服务远程代码执行漏洞(CVE-2022-34721)情报,相关服务代码未能正确校验接收到的数据,使得攻击者能够在未认证的情况下,构造一个畸形的数据包发往服务端,对目标主机进行DDoS攻击甚至获取主机权限。Windows秘钥交换服务用于IPSec协议中的身份校验和秘钥交换,在VPN中使用较为广泛。
受影响版本:
-
Windows Server 2012 R2 (Server Core installation)
-
Windows Server 2012 R2
-
Windows Server 2012 (Server Core installation)
-
Windows Server 2012
-
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
-
Windows Server 2008 R2 for x64-based Systems Service Pack 1
-
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
-
Windows Server 2008 for x64-based Systems Service Pack 2
-
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
-
Windows Server 2008 for 32-bit Systems Service Pack 2
-
Windows RT 8.1
-
Windows 8.1 for x64-based systems
-
Windows 8.1 for 32-bit systems
-
Windows 7 for x64-based Systems Service Pack 1
-
Windows 7 for 32-bit Systems Service Pack 1
-
Windows Server 2016 (Server Core installation)
-
Windows Server 2016
-
Windows 10 Version 1607 for x64-based Systems
-
Windows 10 Version 1607 for 32-bit Systems
-
Windows 10 for x64-based Systems
-
Windows 10 for 32-bit Systems
-
Windows 10 Version 21H2 for x64-based Systems
-
Windows 10 Version 21H2 for ARM64-based Systems
-
Windows 10 Version 21H2 for 32-bit Systems
-
Windows 11 for ARM64-based Systems
-
Windows 11 for x64-based Systems
-
Windows 10 Version 20H2 for ARM64-based Systems
-
Windows 10 Version 20H2 for 32-bit Systems
-
Windows 10 Version 20H2 for x64-based Systems
-
Windows Server 2022 Azure Edition Core Hotpatch
-
Windows Server 2022 (Server Core installation)
-
Windows Server 2022
-
Windows 10 Version 21H1 for 32-bit Systems
-
Windows 10 Version 21H1 for ARM64-based Systems
-
Windows 10 Version 21H1 for x64-based Systems
-
Windows Server 2019 (Server Core installation)
-
Windows Server 2019
-
Windows 10 Version 1809 for ARM64-based Systems
-
Windows 10 Version 1809 for x64-based Systems
-
Windows 10 Version 1809 for 32-bit Systems
0x03 漏洞信息
漏洞编号:CVE-2022-34721
漏洞POC:已公开
漏洞EXP:暂无
漏洞危害:远程代码执行
0x04 解决方案
正式防护方案:
微软官方已发布相关补丁:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34721
参考链接:
https://blog.78researchlab.com/9ed22cda-216f-434a-b063-ed78aafa4a7a
原文始发于微信公众号(寻云安全团队):【漏洞报送】Windows秘钥交换服务远程代码执行漏洞(CVE-2022-34721)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论