【漏洞通告】Powershell远程代码执行漏洞CVE-2022-41076

admin

138858
文章

114
评论

2023年1月11日01:07:42评论115 views字数 4325阅读14分25秒阅读模式

漏洞名称：

Powershell远程代码执行漏洞

组件名称：

Powershell

影响范围：

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 Datacenter: Azure Edition

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)

Windows Server 2008 for 32-bit Systems Service

Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

PowerShell 7.2

PowerShell 7.3

漏洞类型：

远程命令执行

利用条件：

1、用户认证：需要用户认证

2、前置条件：开启Powershell Remoting

3、触发方式：远程

综合评价：

<综合评定利用难度>：容易，普通用户认证。

<综合评定威胁等级>：高危，能造成远程代码执行。

官方解决方案：

已发布

漏洞分析

组件介绍

PowerShell 是一种现代命令 shell，包含其他流行 shell 的最佳功能。与大多数只接受和返回文本的 shell 不同，PowerShell 接受并返回 .NET 对象, 是一个跨平台的任务自动化解决方案, 同时支持连接到远程计算机以执行特定的系统命令。

漏洞简介

近日，深信服安全团队监测到一则Powershell组件存在远程代码执行漏洞的信息，漏洞编号：CVE-2022-41076，漏洞威胁等级：高危，漏洞命名：Tabshell。

该漏洞是由于Powershell提供的Powershell Remoting运行环境对用户输入验证不足, 攻击者可利用该漏洞在获得权限的情况下，构造特殊的恶意数据来逃逸限制环境并执行任意的Powershell命令，最终获取服务器最高权限。

影响范围

目前受影响的版本：

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 Datacenter: Azure Edition

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

PowerShell 7.2

PowerShell 7.3

解决方案

官方修复建议

当前官方已发布最新版本，建议受影响的用户及时更新升级到最新版本。链接如下：

https://msrc.microsoft.com/updateguide/vulnerability/CVE-2022-41076

参考链接

https://msrc.microsoft.com/updateguide/vulnerability/CVE-2022-41076

时间轴

2022/12/14

微软例行补丁日，微软官网发布漏洞安全公告。

2022/12/14

深信服千里目安全技术中心发布12月微软补丁日漏洞通告。

2023/1/10

深信服千里目安全技术中心复现漏洞并发布漏洞通告。

点击阅读原文，及时关注并登录深信服智安全平台，可轻松查询漏洞相关解决方案。

【漏洞通告】Powershell远程代码执行漏洞CVE-2022-41076

原文始发于微信公众号（深信服千里目安全技术中心）：【漏洞通告】Powershell远程代码执行漏洞CVE-2022-41076

免责声明:文章中涉及的程序(方法)可能带有攻击性，仅供安全研究与教学之用，读者将其信息做其他用途，由读者承担全部法律及连带责任，本站不承担任何法律及连带责任；如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截，联系方式见首页)，望知悉。

左青龙
微信扫一扫

右白虎
微信扫一扫

【漏洞通告】Powershell远程代码执行漏洞CVE-2022-41076

Windows提权漏洞CVE-2025-21204

漏洞预警博华X龙防火墙系统 arp_scan文件读取漏洞

网安人的咯噔文学|CVE-2025-404NotFound？

CVE-2025-21204: Windows Update Stack 中的不当链接跟随导致的权限提升

Windows 提权漏洞速报：CVE-2025-21204

Jupyter Remote Desktop未授权访问漏洞CVE-2025-32428

F5 BIG-IP命令注入漏洞CVE-2025-23239

三星路由器WLAN-AP-WEA453e-未授权RCE等多个漏洞 POC

CVE-2025-24071｜Windows 文件资源管理器欺骗漏洞

CVE-2024-22243 Spring Web UriComponentsBuilder URL 解析不当漏洞分析

发表评论

在线咨询

微信