Windows Server Backup (WSB) 是 Windows 上的备份和 Windows 恢复工具。
美创安全实验室监测到一则Windows Backup Service权限提升漏洞的信息,漏洞编号:CVE-2023-21752,漏洞等级:严重。该漏洞存在于Windows Server Backup (WSB)中,经过身份认证的攻击者可利用此漏洞提升至 SYSTEM 权限。
鉴于此漏洞影响较大,且 PoC 及 EXP 已在互联网公开,建议客户尽快做好自查,及时更新至最新版本。
受影响版本:
-
Windows 7 for 32-bit Systems Service Pack 1 -
Windows 10 for 32-bit Systems -
Windows 10 Version 1607 for x64-based Systems -
Windows 10 for x64-based Systems -
Windows 7 for x64-based Systems Service Pack 1 -
Windows 10 Version 1809 for x64-based Systems -
Windows 10 Version 1607 for 32-bit Systems -
Windows 10 Version 1809 for ARM64-based Systems -
Windows 10 Version 1809 for 32-bit Systems -
Windows 10 Version 20H2 for ARM64-based Systems -
Windows 10 Version 20H2 for 32-bit Systems -
Windows 10 Version 20H2 for x64-based Systems -
Windows 11 Version 22H2 for x64-based Systems -
Windows 10 Version 21H2 for x64-based Systems -
Windows 10 Version 22H2 for x64-based Systems -
Windows 10 Version 21H2 for 32-bit Systems -
Windows 11 version 21H2 for ARM64-based Systems -
Windows 11 version 21H2 for x64-based Systems -
Windows 10 Version 21H2 for ARM64-based Systems -
Windows 10 Version 22H2 for 32-bit Systems -
Windows 11 Version 22H2 for ARM64-based Systems -
Windows 10 Version 22H2 for ARM64-based Systems
及时进行Microsoft Windows版本更新并且保持Windows自动更新开启。
Windows server / Windows 检测并开启Windows自动更新流程如下:
原文始发于微信公众号(第59号):【漏洞通告】 Windows Backup Service 权限提升漏洞(CVE-2023-21752)
特别标注:
本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
- 我的微信
- 微信扫一扫
-
- 我的微信公众号
- 微信扫一扫
-
评论