• 我的位置:
  • 首頁
  • -
  • 漏洞預(yù)警
  • -
  • 應(yīng)用
  • -
    • Powershell 遠(yuǎn)程代碼執(zhí)行漏洞 CVE-2022-41076
    • CNNVD編號(hào):未知
    • 危害等級(jí): 高危 
    • CVE編號(hào):CVE-2022-41076
    • 漏洞類型: 遠(yuǎn)程代碼執(zhí)行
    • 威脅類型:遠(yuǎn)程
    • 廠       商:未知
    • 漏洞來源:深信服
    • 發(fā)布時(shí)間:2023-03-21
    • 更新時(shí)間:2023-03-21

    漏洞簡介

    該漏洞是由于Powershell提供的Powershell Remoting運(yùn)行環(huán)境對用戶輸入驗(yàn)證不足, 攻擊者可利用該漏洞在獲得權(quán)限的情況下,構(gòu)造特殊的惡意數(shù)據(jù)來逃逸限制環(huán)境并執(zhí)行任意的 Powershell 命令,最終獲取服務(wù)器最高權(quán)限。

    漏洞公示

    暫無

    參考網(wǎng)站

    暫無

    受影響實(shí)體

    Windows 10 Version 21H1 for ARM64-basedSystems
    Windows 10 Version 21H1 for x64-based Systems
    Windows Server 2019 (Server Core installation)
    Windows Server 2019
    Windows 10 Version 1809 for ARM64-basedSystems
    Windows 10 Version 1809 for x64-based Systems
    Windows 10 Version 1809 for 32-bit Systems
    Windows 10 Version 20H2 for ARM64-basedSystems
    Windows 10 Version 20H2 for 32-bit Systems
    Windows 10 Version 20H2 for x64-based Systems
    Windows Server 2022 Datacenter: Azure Edition
    Windows Server 2022 (Server Core installation)
    Windows Server 2022
    Windows 10 Version 21H1 for 32-bit Systems
    Windows Server 2012 R2 (Server Core installation)

    Windows Server 2012 R2
    Windows Server 2012 (Server Core installation)
    Windows Server 2012
    Windows Server 2008 R2 for x64-based Systems
    Service Pack 1 (Server Core installation)
    Windows Server 2008 R2 for x64-based Systems
    Service Pack 1
    Windows Server 2008 for x64-based Systems
    Service Pack 2 (Server Core installation)
    Windows 10 Version 22H2 for x64-based Systems
    Windows 11 Version 22H2 for x64-based Systems
    Windows 11 Version 22H2 for ARM64-basedSystems
    Windows 10 Version 21H2 for x64-based Systems
    Windows 10 Version 21H2 for ARM64-basedSystems
    Windows 10 Version 21H2 for 32-bit Systems
    Windows 11 for ARM64-based Systems
    Windows 11 for x64-based Systems
    Windows Server 2008 for x64-based SystemsService Pack 2
    Windows Server 2008 for 32-bit Systems Service
    Pack 2(Server Core installation)
    Windows Server 2008 for 32-bit Systems Service

    Pack 2
    Windows RT 8.1
    Windows 8.1 for x64-based systems
    Windows 8.1 for 32-bit systems
    Windows 7 for x64-based Systems Service Pack 1
    Windows 7 for 32-bit Systems Service Pack 1
    Windows Server 2016 (Server Core installation)
    Windows Server 2016
    Windows 10 Version 1607 for x64-based Systems
    Windows 10 Version 1607 for 32-bit Systems
    Windows 10 for x64-based Systems
    Windows 10 for 32-bit Systems
    Windows 10 Version 22H2 for 32-bit Systems
    Windows 10 Version 22H2 for ARM64-basedSystems
    PowerShell 7.2
    PowerShell 7.3

    補(bǔ)丁

    官方修復(fù)建議
    當(dāng)前官方已發(fā)布最新版本,建議受影響的用戶及時(shí)更新升級(jí)到最新版本。鏈接如下:
    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41076