¡¾Îó²îͨ¸æ¡¿Active Directory Domain ServicesȨÏÞÌáÉýÎó²î£¨CVE-2022-26923£©

Ðû²¼Ê±¼ä 2022-05-17

 

0x00 Îó²î¸ÅÊö

CVE   ID

CVE-2022-26923

·¢Ã÷ʱ¼ä

2022-05-11

Àà    ÐÍ

ȨÏÞÌáÉý

µÈ    ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£


¹¥»÷ÖØƯºó

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

ÒѹûÕæ

ÔÚҰʹÓÃ

·ñ

 

0x01 Îó²îÏêÇé

2022 Äê 5 Ô 10 ÈÕ£¬£¬£¬£¬£¬ £¬Î¢ÈíÐû²¼ÁË5ÔÂÇå¾²¸üУ¬£¬£¬£¬£¬ £¬ÐÞ¸´ÁË°üÀ¨Active Directory Domain Services ȨÏÞÌáÉýÎó²î£¨CVE-2022-26963 £©ÔÚÄÚµÄ75¸öÇå¾²Îó²î¡£¡£¡£¡£¡£ ¡£¡£

´ËÎó²îµÄCVSSv3ÆÀ·ÖΪ8.8£¬£¬£¬£¬£¬ £¬¾­ÓÉÉí·ÝÑéÖ¤µÄµÍȨÏÞÓû§¿ÉÒÔʹÓôËÎó²îÔÚ×°ÖÃÁË Active Directory Ö¤ÊéЧÀÍ (AD CS) ЧÀÍÆ÷½ÇÉ«µÄĬÈÏ Active Directory ÇéÐÎÖн«È¨ÏÞÌáÉýΪÓòÖÎÀíԱȨÏÞ¡£¡£¡£¡£¡£ ¡£¡£µ«Ö»Óе± Active Directory Ö¤ÊéЧÀÍÔÚÓòÉÏÔËÐÐʱ£¬£¬£¬£¬£¬ £¬ÏµÍ³²ÅÈÝÒ×Êܵ½Õë¶Ô´ËÎó²îµÄ¹¥»÷¡£¡£¡£¡£¡£ ¡£¡£

5ÔÂ11ÈÕ£¬£¬£¬£¬£¬ £¬´ËÎó²îµÄÎó²îϸ½ÚºÍPOCÒѹûÕæ¡£¡£¡£¡£¡£ ¡£¡£

image.png

ʹÓÃÖ¤Êé¾ÙÐÐÉí·ÝÑéÖ¤£¨ÈªÔ´£º»¥ÁªÍø£©

image.png

ת´¢ËùÓÐÓû§¹þÏ££¨ÈªÔ´£º»¥ÁªÍø£©

 

Ó°Ïì¹æÄ£

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

 

0x02 Çå¾²½¨Òé

ÏÖÔÚ΢ÈíÒѾ­Ðû²¼ÁË´ËÎó²îµÄ²¹¶¡£¬£¬£¬£¬£¬ £¬¼øÓÚActive DirectoryЧÀÍʹÓÃÆձ飬£¬£¬£¬£¬ £¬ÇÒÎó²îÓ°Ïì½ÏΪÑÏÖØ£¬£¬£¬£¬£¬ £¬½¨ÒéÊÜÓ°ÏìÓû§¾¡¿ì×°ÖøüС£¡£¡£¡£¡£ ¡£¡£

ÏÂÔØÁ´½Ó£º

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923

 

0x03 ²Î¿¼Á´½Ó

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923

https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4

 

0x04 °æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

ÐÞ¸ÄÄÚÈÝ

V1.0

2022-05-17

Ê×´ÎÐû²¼

 

0x05 ¸½Â¼

°ÙÀÖ²©¼ò½é

°ÙÀÖ²©¹«Ë¾½¨ÉèÓÚ1996Ä꣬£¬£¬£¬£¬ £¬²¢ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉî½»ËùÖÐС°åÕýʽ¹ÒÅÆÉÏÊУ¬£¬£¬£¬£¬ £¬ÊǺ£ÄÚ¼«¾ßʵÁ¦µÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÍøÂçÇå¾²²úÆ·¡¢¿ÉÐÅÇå¾²ÖÎÀíƽ̨¡¢Ç徲ЧÀÍÓë½â¾ö¼Æ»®µÄ×ÛºÏÌṩÉÌ¡£¡£¡£¡£¡£ ¡£¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°£¬£¬£¬£¬£¬ £¬ÔÚÌìϸ÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÓзÖÖ§»ú¹¹£¬£¬£¬£¬£¬ £¬ÓµÓÐÁýÕÖÌìϵÄÇþµÀϵͳºÍÊÖÒÕÖ§³ÖÖÐÐÄ£¬£¬£¬£¬£¬ £¬²¢ÔÚ±±¾©¡¢ÉϺ£¡¢³É¶¼¡¢¹ãÖÝ¡¢³¤É³¡¢º¼ÖݵȶàµØÉèÓÐÑз¢ÖÐÐÄ¡£¡£¡£¡£¡£ ¡£¡£

¶àÄêÀ´£¬£¬£¬£¬£¬ £¬°ÙÀÖ²©ÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷Á¢ÒìµÄÇå¾²²úÆ·ºÍ×î¼Ñʵ¼ùЧÀÍ£¬£¬£¬£¬£¬ £¬×ÊÖú¿Í»§ÖÜÈ«ÌáÉýÆäIT»ù´¡ÉèÊ©µÄÇå¾²ÐÔºÍÉú²úЧÄÜ£¬£¬£¬£¬£¬ £¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Çå¾²¹¤ÒµÁì¾üÆ·Åƶø²»Ð¸Æ𾢡£¡£¡£¡£¡£ ¡£¡£


¹ØÓÚ°ÙÀÖ²©

°ÙÀÖ²©Çå¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÖ÷ÒªÕë¶ÔÖ÷ÒªÇå¾²Îó²îµÄÔ¤¾¯¡¢¸ú×ٺͷÖÏíÈ«Çò×îеÄÍþвÇ鱨ºÍÇå¾²±¨¸æ¡£¡£¡£¡£¡£ ¡£¡£

¹Ø×¢ÒÔϹ«Öںţ¬£¬£¬£¬£¬ £¬»ñÈ¡È«Çò×îÐÂÇå¾²×ÊѶ£º

image.png