通告|Windows秘钥交换服务远程代码执行漏洞
2022-9-28 20:58:39 Author: 微步在线研究响应中心(查看原文) 阅读量:14 收藏

01 漏洞概况 

近日,微步在线获取到Windows秘钥交换服务远程代码执行漏洞(CVE-2022-34721)情报,相关服务代码未能正确校验接收到的数据,使得攻击者能够在未认证的情况下,构造一个畸形的数据包发往服务端,对目标主机进行DDoS攻击甚至获取主机权限。Windows秘钥交换服务用于IPSec协议中的身份校验和秘钥交换,在VPN中使用较为广泛。
此次受影响版本如下:
受影响版本
是否受影响

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 Azure Edition Core Hotpatch

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

02 漏洞评估 

公开程度:PoC 已公开
利用条件:无权限要求

交互要求:0-click 无需认证

漏洞危害:远程代码执行

03 处置建议 

1. 微软官方已发布相关补丁:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34721
2. 参考链接:
https://blog.78researchlab.com/9ed22cda-216f-434a-b063-ed78aafa4a7a

04 时间线 

2022.09.13 微软发布该漏洞补丁
2022.09.28 微步获取该漏洞PoC相关情报
2022.09.28 微步情报局发布漏洞通告

点击下方名片,关注我们

第一时间为您推送最新威胁情报


文章来源: http://mp.weixin.qq.com/s?__biz=Mzg5MTc3ODY4Mw==&mid=2247496440&idx=1&sn=bbb32123aa2d3313e1eee45c4e0d80d3&chksm=cfca91ecf8bd18fad9fd2aaa70d24d62dda826f6ffb10ed77a0e304996cd76e41034913b5ce1#rd
如有侵权请联系:admin#unsafe.sh