股票代码:688225
打开微信“扫一扫”,开启安(ān)全数字世界之旅
截图或長(cháng)按保存至相册,使用(yòng)微信扫一扫
首页(yè) > 安(ān)全通告
安(ān)全通告
紧急!利用(yòng)工(gōng)具(jù)已公(gōng)开,Microsoft Windows Active Directory 域服務(wù)权限提升漏洞安(ān)全风险通告
发布时间 :2021年12月13日
分(fēn)享:
漏洞描述
2021年12月12日,亚信安(ān)全 CERT监测发现 Microsoft Windows Active Directory 域服務(wù)权限提升漏洞(CVE-2021-42278、CVE-2021-42287)相关利用(yòng)PoC在互联网公(gōng)开。攻击者可(kě)利用(yòng)该漏洞将域内的普通用(yòng)户权限提升到域管理(lǐ)员权限,由此造成风险和危害极大。
鉴于目前微软官方已提供修复补丁,亚信安(ān)全CERT建议用(yòng)户应尽快更新(xīn)补丁并采取相关措施。
漏洞编号
【CVE-2021-42278】
【CVE-2021-42287】
Microsoft Windows Active Directory 域服務(wù)权限提升漏洞
漏洞评分(fēn)
【CVE-2021-42278】
【CVE-2021-42287 】
CVSS 3.0 : 8.8分(fēn)
漏洞状态
受影响的版本
CVE-2021-42278 受影响系统
- Windows Server 2012 R2
- Windows Server 2012 (Server Core installation)
- Windows Server 2012
- Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation)
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2016 (Server Core installation)
- Windows Server 2016
- Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2019 (Server Core installation)
Windows Server 2022
- Windows Server 2019
- Windows Server 2012 R2 (Server Core installation)
CVE-2021-42287 受影响系统
- Windows Server 2012 R2 (Server Core installation)
- Windows Server 2012 R2
- Windows Server 2012 (Server Core installation)
- Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
- Windows Server 2012
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation)
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2016 (Server Core installation)
- Windows Server 2016
- Windows Server, version 20H2 (Server Core Installation)
- Windows Server, version 2004 (Server Core installation)
- Windows Server 2022 (Server Core installation)
- Windows Server 2022
- Windows Server 2019 (Server Core installation)
- Windows Server 2019
修复建议
2. 对于无法使用(yòng)Windows Update自动更新(xīn)的设备,可(kě)手动下载相关补丁进行更新(xīn),下载地址如下:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42278
参考链接
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42278
分(fēn)享到微信
X