• 我的位置:
  • 首頁
  • -
  • 漏洞預警
  • -
  • 應用
  • -
    • Windows Installer 本地提權(quán)漏洞
    • CNNVD編號:未知
    • 危害等級: 未知
    • CVE編號:CVE-2022-30147
    • 漏洞類型: 本地權(quán)限提升
    • 威脅類型:未知
    • 廠       商:未知
    • 漏洞來源:深信服
    • 發(fā)布時間:2022-06-24
    • 更新時間:2022-06-24

    漏洞簡介

    2022年06月15日,深信服安全團隊監(jiān)測到一則 msi.dll組件存在本地權(quán)限提升漏洞的信息,漏洞編號:CVE-2022-30147,漏洞威脅等級:高危。

    該漏洞是由于邏輯錯誤,攻擊者可利用該漏洞在獲得權(quán)限的情況下,構(gòu)造惡意數(shù)據(jù)執(zhí)行本地權(quán)限提升攻擊,最終獲取服務器最高權(quán)限。

    漏洞公示

    暫無

    參考網(wǎng)站

    https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30147

    受影響實體

    目前受影響的 Windows 版本:

    Windows 10 for 32-bit Systems

    Windows 10 for x64-based Systems

    Windows 10 Version 1607 for 32-bit Systems

    Windows 10 Version 1607 for x64-based Systems

    Windows 10 Version 1809 for 32-bit Systems

    Windows 10 Version 1809 for ARM64-based Systems

    Windows 10 Version 1809 for x64-based Systems

    Windows 10 Version 20H2 for 32-bit Systems

    Windows 10 Version 20H2 for ARM64-based Systems

    Windows 10 Version 20H2 for x64-based Systems

    Windows 10 Version 21H1 for 32-bit Systems

    Windows 10 Version 21H1 for ARM64-based Systems

    Windows 10 Version 21H1 for x64-based Systems

    Windows 10 Version 21H2 for 32-bit Systems

    Windows 10 Version 21H2 for ARM64-based Systems

    Windows 10 Version 21H2 for x64-based Systems

    Windows 11 for ARM64-based Systems

    Windows 11 for x64-based Systems

    Windows 7 for 32-bit Systems Service Pack 1

    Windows 7 for x64-based Systems Service Pack 1

    Windows 8.1 for 32-bit systems

    Windows 8.1 for x64-based systems

    Windows RT 8.1

    Windows Server 2008 for 32-bit Systems Service Pack 2

    Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

    Windows Server 2008 for x64-based Systems Service Pack 2

    Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

    Windows Server 2008 R2 for x64-based Systems Service Pack 1

    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

    Windows Server 2012

    Windows Server 2012 (Server Core installation)

    Windows Server 2012 R2

    Windows Server 2012 R2 (Server Core installation)

    Windows Server 2016

    Windows Server 2016  (Server Core installation)

    Windows Server 2019

    Windows Server 2019  (Server Core installation)

    Windows Server 2022

    Windows Server 2022 (Server Core installation)

    Windows Server 2022 Azure Edition Core Hotpatch

    Windows Server version 20H2 (Server Core Installation)

    補丁

    當前官方已發(fā)布受影響版本的對應補丁,建議受影響的用戶及時更新官方的安全補丁。鏈接如下:

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30147



    打補丁方法:

    進入上面的鏈接頁面,下載當前系統(tǒng)版本對應的補丁包進行安裝。