¡¾Îó²îͨ¸æ¡¿Active Directory Domain ServicesȨÏÞÌáÉýÎó²î£¨CVE-2022-26923£©

Ðû²¼Ê±¼ä 2022-05-17

 

0x00 Îó²î¸ÅÊö

CVE   ID

CVE-2022-26923

·¢Ã÷ʱ¼ä

2022-05-11

Àà    ÐÍ

ȨÏÞÌáÉý

µÈ    ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£


¹¥»÷ÖØƯºó

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

ÒѹûÕæ

ÔÚҰʹÓÃ

·ñ

 

0x01 Îó²îÏêÇé

2022 Äê 5 Ô 10 ÈÕ£¬£¬£¬£¬£¬Î¢ÈíÐû²¼ÁË5ÔÂÇå¾²¸üУ¬£¬£¬£¬£¬ÐÞ¸´ÁË°üÀ¨Active Directory Domain Services ȨÏÞÌáÉýÎó²î£¨CVE-2022-26963 £©ÔÚÄÚµÄ75¸öÇå¾²Îó²î¡£¡£¡£ ¡£¡£

´ËÎó²îµÄCVSSv3ÆÀ·ÖΪ8.8£¬£¬£¬£¬£¬¾­ÓÉÉí·ÝÑéÖ¤µÄµÍȨÏÞÓû§¿ÉÒÔʹÓôËÎó²îÔÚ×°ÖÃÁË Active Directory Ö¤ÊéЧÀÍ (AD CS) ЧÀÍÆ÷½ÇÉ«µÄĬÈÏ Active Directory ÇéÐÎÖн«È¨ÏÞÌáÉýΪÓòÖÎÀíԱȨÏÞ¡£¡£¡£ ¡£¡£µ«Ö»Óе± Active Directory Ö¤ÊéЧÀÍÔÚÓòÉÏÔËÐÐʱ£¬£¬£¬£¬£¬ÏµÍ³²ÅÈÝÒ×Êܵ½Õë¶Ô´ËÎó²îµÄ¹¥»÷¡£¡£¡£ ¡£¡£

5ÔÂ11ÈÕ£¬£¬£¬£¬£¬´ËÎó²îµÄÎó²îϸ½ÚºÍPOCÒѹûÕæ¡£¡£¡£ ¡£¡£

image.png

ʹÓÃÖ¤Êé¾ÙÐÐÉí·ÝÑéÖ¤£¨ÈªÔ´£º»¥ÁªÍø£©

image.png

ת´¢ËùÓÐÓû§¹þÏ££¨ÈªÔ´£º»¥ÁªÍø£©

 

Ó°Ïì¹æÄ£

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

 

0x02 Çå¾²½¨Òé

ÏÖÔÚ΢ÈíÒѾ­Ðû²¼ÁË´ËÎó²îµÄ²¹¶¡£¬£¬£¬£¬£¬¼øÓÚActive DirectoryЧÀÍʹÓÃÆձ飬£¬£¬£¬£¬ÇÒÎó²îÓ°Ïì½ÏΪÑÏÖØ£¬£¬£¬£¬£¬½¨ÒéÊÜÓ°ÏìÓû§¾¡¿ì×°ÖøüС£¡£¡£ ¡£¡£

ÏÂÔØÁ´½Ó£º

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923

 

0x03 ²Î¿¼Á´½Ó

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923

https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4

 

0x04 °æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

ÐÞ¸ÄÄÚÈÝ

V1.0

2022-05-17

Ê×´ÎÐû²¼

 

0x05 ¸½Â¼

c7c7ÓéÀÖƽ̨¼ò½é

c7c7ÓéÀÖƽ̨¹«Ë¾½¨ÉèÓÚ1996Ä꣬£¬£¬£¬£¬²¢ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉî½»ËùÖÐС°åÕýʽ¹ÒÅÆÉÏÊУ¬£¬£¬£¬£¬ÊǺ£ÄÚ¼«¾ßʵÁ¦µÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÍøÂçÇå¾²²úÆ·¡¢¿ÉÐÅÇå¾²ÖÎÀíƽ̨¡¢Ç徲ЧÀÍÓë½â¾ö¼Æ»®µÄ×ÛºÏÌṩÉÌ¡£¡£¡£ ¡£¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°£¬£¬£¬£¬£¬ÔÚÌìϸ÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÓзÖÖ§»ú¹¹£¬£¬£¬£¬£¬ÓµÓÐÁýÕÖÌìϵÄÇþµÀϵͳºÍÊÖÒÕÖ§³ÖÖÐÐÄ£¬£¬£¬£¬£¬²¢ÔÚ±±¾©¡¢ÉϺ£¡¢³É¶¼¡¢¹ãÖÝ¡¢³¤É³¡¢º¼ÖݵȶàµØÉèÓÐÑз¢ÖÐÐÄ¡£¡£¡£ ¡£¡£

¶àÄêÀ´£¬£¬£¬£¬£¬c7c7ÓéÀÖƽ̨ÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷Á¢ÒìµÄÇå¾²²úÆ·ºÍ×î¼Ñʵ¼ùЧÀÍ£¬£¬£¬£¬£¬×ÊÖú¿Í»§ÖÜÈ«ÌáÉýÆäIT»ù´¡ÉèÊ©µÄÇå¾²ÐÔºÍÉú²úЧÄÜ£¬£¬£¬£¬£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Çå¾²¹¤ÒµÁì¾üÆ·Åƶø²»Ð¸Æ𾢡£¡£¡£ ¡£¡£


¹ØÓÚc7c7ÓéÀÖƽ̨

c7c7ÓéÀÖƽ̨Çå¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÖ÷ÒªÕë¶ÔÖ÷ÒªÇå¾²Îó²îµÄÔ¤¾¯¡¢¸ú×ٺͷÖÏíÈ«Çò×îеÄÍþвÇ鱨ºÍÇå¾²±¨¸æ¡£¡£¡£ ¡£¡£

¹Ø×¢ÒÔϹ«Öںţ¬£¬£¬£¬£¬»ñÈ¡È«Çò×îÐÂÇå¾²×ÊѶ£º

image.png