¡¾Îó²îͨ¸æ¡¿Active Directory Domain ServicesȨÏÞÌáÉýÎó²î£¨CVE-2022-26923£©

Ðû²¼Ê±¼ä 2022-05-17

 

0x00 Îó²î¸ÅÊö

CVE   ID

CVE-2022-26923

·¢Ã÷ʱ¼ä

2022-05-11

Àà    ÐÍ

ȨÏÞÌáÉý

µÈ    ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£


¹¥»÷ÖØƯºó

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

ÒѹûÕæ

ÔÚҰʹÓÃ

·ñ

 

0x01 Îó²îÏêÇé

2022 Äê 5 Ô 10 ÈÕ£¬£¬£¬£¬ £¬£¬Î¢ÈíÐû²¼ÁË5ÔÂÇå¾²¸üУ¬£¬£¬£¬ £¬£¬ÐÞ¸´ÁË°üÀ¨Active Directory Domain Services ȨÏÞÌáÉýÎó²î£¨CVE-2022-26963 £©ÔÚÄÚµÄ75¸öÇå¾²Îó²î¡£¡£¡£¡£¡£¡£

´ËÎó²îµÄCVSSv3ÆÀ·ÖΪ8.8£¬£¬£¬£¬ £¬£¬¾­ÓÉÉí·ÝÑéÖ¤µÄµÍȨÏÞÓû§¿ÉÒÔʹÓôËÎó²îÔÚ×°ÖÃÁË Active Directory Ö¤ÊéЧÀÍ (AD CS) ЧÀÍÆ÷½ÇÉ«µÄĬÈÏ Active Directory ÇéÐÎÖн«È¨ÏÞÌáÉýΪÓòÖÎÀíԱȨÏÞ¡£¡£¡£¡£¡£¡£µ«Ö»Óе± Active Directory Ö¤ÊéЧÀÍÔÚÓòÉÏÔËÐÐʱ£¬£¬£¬£¬ £¬£¬ÏµÍ³²ÅÈÝÒ×Êܵ½Õë¶Ô´ËÎó²îµÄ¹¥»÷¡£¡£¡£¡£¡£¡£

5ÔÂ11ÈÕ£¬£¬£¬£¬ £¬£¬´ËÎó²îµÄÎó²îϸ½ÚºÍPOCÒѹûÕæ¡£¡£¡£¡£¡£¡£

image.png

ʹÓÃÖ¤Êé¾ÙÐÐÉí·ÝÑéÖ¤£¨ÈªÔ´£º»¥ÁªÍø£©

image.png

ת´¢ËùÓÐÓû§¹þÏ££¨ÈªÔ´£º»¥ÁªÍø£©

 

Ó°Ïì¹æÄ£

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

 

0x02 Çå¾²½¨Òé

ÏÖÔÚ΢ÈíÒѾ­Ðû²¼ÁË´ËÎó²îµÄ²¹¶¡£¡£¡£¡£¡£¡£¬£¬£¬£¬ £¬£¬¼øÓÚActive DirectoryЧÀÍʹÓÃÆձ飬£¬£¬£¬ £¬£¬ÇÒÎó²îÓ°Ïì½ÏΪÑÏÖØ£¬£¬£¬£¬ £¬£¬½¨ÒéÊÜÓ°ÏìÓû§¾¡¿ì×°ÖøüС£¡£¡£¡£¡£¡£

ÏÂÔØÁ´½Ó£º

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923

 

0x03 ²Î¿¼Á´½Ó

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923

https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4

 

0x04 °æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

ÐÞ¸ÄÄÚÈÝ

V1.0

2022-05-17

Ê×´ÎÐû²¼

 

0x05 ¸½Â¼

¼øºÚµ£±£Íø¼ò½é

¼øºÚµ£±£Íø¹«Ë¾½¨ÉèÓÚ1996Ä꣬£¬£¬£¬ £¬£¬²¢ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉî½»ËùÖÐС°åÕýʽ¹ÒÅÆÉÏÊУ¬£¬£¬£¬ £¬£¬ÊǺ£ÄÚ¼«¾ßʵÁ¦µÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÍøÂçÇå¾²²úÆ·¡¢¿ÉÐÅÇå¾²ÖÎÀíƽ̨¡¢Ç徲ЧÀÍÓë½â¾ö¼Æ»®µÄ×ÛºÏÌṩÉÌ¡£¡£¡£¡£¡£¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°£¬£¬£¬£¬ £¬£¬ÔÚÌìϸ÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÓзÖÖ§»ú¹¹£¬£¬£¬£¬ £¬£¬ÓµÓÐÁýÕÖÌìϵÄÇþµÀϵͳºÍÊÖÒÕÖ§³ÖÖÐÐÄ£¬£¬£¬£¬ £¬£¬²¢ÔÚ±±¾©¡¢ÉϺ£¡¢³É¶¼¡¢¹ãÖÝ¡¢³¤É³¡¢º¼ÖݵȶàµØÉèÓÐÑз¢ÖÐÐÄ¡£¡£¡£¡£¡£¡£

¶àÄêÀ´£¬£¬£¬£¬ £¬£¬¼øºÚµ£±£ÍøÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷Á¢ÒìµÄÇå¾²²úÆ·ºÍ×î¼Ñʵ¼ùЧÀÍ£¬£¬£¬£¬ £¬£¬×ÊÖú¿Í»§ÖÜÈ«ÌáÉýÆäIT»ù´¡ÉèÊ©µÄÇå¾²ÐÔºÍÉú²úЧÄÜ£¬£¬£¬£¬ £¬£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Çå¾²¹¤ÒµÁì¾üÆ·Åƶø²»Ð¸Æ𾢡£¡£¡£¡£¡£¡£


¹ØÓÚ¼øºÚµ£±£Íø

¼øºÚµ£±£ÍøÇå¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÖ÷ÒªÕë¶ÔÖ÷ÒªÇå¾²Îó²îµÄÔ¤¾¯¡¢¸ú×ٺͷÖÏíÈ«Çò×îеÄÍþвÇ鱨ºÍÇå¾²±¨¸æ¡£¡£¡£¡£¡£¡£

¹Ø×¢ÒÔϹ«Öںţ¬£¬£¬£¬ £¬£¬»ñÈ¡È«Çò×îÐÂÇå¾²×ÊѶ£º

image.png