Windows秘鑰交換服務遠程代碼執行漏洞
責編:gltian |2022-09-29 10:47:4101 漏洞概況
近日,微步在線獲取到Windows秘鑰交換服務遠程代碼執行漏洞(CVE-2022-34721)情報,相關服務代碼未能正確校驗接收到的數據,使得攻擊者能夠在未認證的情況下,構造一個畸形的數據包發往服務端,對目標主機進行DDoS攻擊甚至獲取主機權限。Windows秘鑰交換服務用于IPSec協議中的身份校驗和秘鑰交換,在VPN中使用較為廣泛。
此次受影響版本如下:
| 受影響版本 | 是否受影響 |
| Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
是 |
02 漏洞評估
公開程度:PoC 已公開
利用條件:無權限要求
交互要求:0-click 無需認證
漏洞危害:遠程代碼執行
03 處置建議
1. 微軟官方已發布相關補丁:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34721
2. 參考鏈接:
https://blog.78researchlab.com/9ed22cda-216f-434a-b063-ed78aafa4a7a
來源:微步在線研究響應中心