2021年12月12日,8087金沙娱场城 CERT监测发现 Microsoft Windows Active Directory 域服务权限提升漏洞(CVE-2021-42278、CVE-2021-42287)相关利用PoC在互联网公开。攻击者可利用该漏洞将域内的普通用户权限提升到域管理员权限,由此造成风险和危害极大。
鉴于目前微软官方已提供修复补丁,8087金沙娱场城CERT建议用户应尽快更新补丁并采取相关措施。
【CVE-2021-42278】
Microsoft Windows Active Directory 域服务权限提升漏洞【CVE-2021-42287】
Microsoft Windows Active Directory 域服务权限提升漏洞
【CVE-2021-42278】
【CVE-2021-42287 】
CVSS 3.0 : 8.8分
CVE-2021-42278 受影响系统
- Windows Server 2012 R2
- Windows Server 2012 (Server Core installation)
- Windows Server 2012
- Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation)
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2016 (Server Core installation)
- Windows Server 2016
- Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2019 (Server Core installation)
Windows Server 2022
- Windows Server 2019
- Windows Server 2012 R2 (Server Core installation)
CVE-2021-42287 受影响系统
- Windows Server 2012 R2 (Server Core installation)
- Windows Server 2012 R2
- Windows Server 2012 (Server Core installation)
- Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
- Windows Server 2012
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation)
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2016 (Server Core installation)
- Windows Server 2016
- Windows Server, version 20H2 (Server Core Installation)
- Windows Server, version 2004 (Server Core installation)
- Windows Server 2022 (Server Core installation)
- Windows Server 2022
- Windows Server 2019 (Server Core installation)
- Windows Server 2019
1. 目前官方已提供修复补丁,建议使用Windows Update完成补丁更新工作;2. 对于无法使用Windows Update自动更新的设备,可手动下载相关补丁进行更新,下载地址如下:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42278
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42278