¡¾Îó²îͨ¸æ¡¿Active Directory Domain ServicesȨÏÞÌáÉýÎó²î£¨CVE-2022-26923£©

Ðû²¼Ê±¼ä 2022-05-17

 

0x00 Îó²î¸ÅÊö

CVE   ID

CVE-2022-26923

·¢Ã÷ʱ¼ä

2022-05-11

Àà    ÐÍ

ȨÏÞÌáÉý

µÈ    ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£


¹¥»÷ÖØƯºó

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

ÒѹûÕæ

ÔÚҰʹÓÃ

·ñ

 

0x01 Îó²îÏêÇé

2022 Äê 5 Ô 10 ÈÕ£¬Î¢ÈíÐû²¼ÁË5ÔÂÇå¾²¸üУ¬ÐÞ¸´ÁË°üÀ¨Active Directory Domain Services ȨÏÞÌáÉýÎó²î£¨CVE-2022-26963 £©ÔÚÄÚµÄ75¸öÇå¾²Îó²î ¡£

´ËÎó²îµÄCVSSv3ÆÀ·ÖΪ8.8£¬¾­ÓÉÉí·ÝÑéÖ¤µÄµÍȨÏÞÓû§¿ÉÒÔʹÓôËÎó²îÔÚ×°ÖÃÁË Active Directory Ö¤Êé·þÎñ (AD CS) ·þÎñÆ÷½ÇÉ«µÄĬÈÏ Active Directory ÇéÐÎÖн«È¨ÏÞÌáÉýΪÓòÖÎÀíԱȨÏÞ ¡£µ«Ö»Óе± Active Directory Ö¤Êé·þÎñÔÚÓòÉÏÔËÐÐʱ£¬ÏµÍ³²ÅÈÝÒ×Êܵ½Õë¶Ô´ËÎó²îµÄ¹¥»÷ ¡£

5ÔÂ11ÈÕ£¬´ËÎó²îµÄÎó²îϸ½ÚºÍPOCÒѹûÕæ ¡£

image.png

ʹÓÃÖ¤Êé¾ÙÐÐÉí·ÝÑéÖ¤£¨ÈªÔ´£º»¥ÁªÍø£©

image.png

ת´¢ËùÓÐÓû§¹þÏ££¨ÈªÔ´£º»¥ÁªÍø£©

 

Ó°Ïì¹æÄ£

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

 

0x02 Çå¾²½¨Òé

ÏÖÔÚ΢ÈíÒѾ­Ðû²¼ÁË´ËÎó²îµÄ²¹¶¡£¬¼øÓÚActive Directory·þÎñʹÓÃÆձ飬ÇÒÎó²îÓ°Ïì½ÏΪÑÏÖØ£¬½¨ÒéÊÜÓ°ÏìÓû§¾¡¿ì×°ÖøüР¡£

ÏÂÔØÁ´½Ó£º

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923

 

0x03 ²Î¿¼Á´½Ó

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923

https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4

 

0x04 °æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

ÐÞ¸ÄÄÚÈÝ

V1.0

2022-05-17

Ê×´ÎÐû²¼

 

0x05 ¸½Â¼

×ðÁú¿­Ê±¼ò½é

×ðÁú¿­Ê±¹«Ë¾½¨ÉèÓÚ1996Ä꣬²¢ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉî½»ËùÖÐС°åÕýʽ¹ÒÅÆÉÏÊУ¬ÊǺ£ÄÚ¼«¾ßʵÁ¦µÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÍøÂçÇå¾²²úÆ·¡¢¿ÉÐÅÇå¾²ÖÎÀíƽ̨¡¢Çå¾²·þÎñÓë½â¾ö¼Æ»®µÄ×ÛºÏÌṩÉÌ ¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°£¬ÔÚÌìϸ÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÓзÖÖ§»ú¹¹£¬ÓµÓÐÁýÕÖÌìϵÄÇþµÀϵͳºÍÊÖÒÕÖ§³ÖÖÐÐÄ£¬²¢ÔÚ±±¾©¡¢ÉϺ£¡¢³É¶¼¡¢¹ãÖÝ¡¢³¤É³¡¢º¼ÖݵȶàµØÉèÓÐÑз¢ÖÐÐÄ ¡£

¶àÄêÀ´£¬×ðÁú¿­Ê±ÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷Á¢ÒìµÄÇå¾²²úÆ·ºÍ×î¼Ñʵ¼ù·þÎñ£¬×ÊÖú¿Í»§ÖÜÈ«ÌáÉýÆäIT»ù´¡ÉèÊ©µÄÇå¾²ÐÔºÍÉú²úЧÄÜ£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Çå¾²¹¤ÒµÁì¾üÆ·Åƶø²»Ð¸Æð¾¢ ¡£


¹ØÓÚ×ðÁú¿­Ê±

×ðÁú¿­Ê±Çå¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÖ÷ÒªÕë¶ÔÖ÷ÒªÇå¾²Îó²îµÄÔ¤¾¯¡¢¸ú×ٺͷÖÏíÈ«Çò×îеÄÍþвÇ鱨ºÍÇå¾²±¨¸æ ¡£

¹Ø×¢ÒÔϹ«Öںţ¬»ñÈ¡È«Çò×îÐÂÇå¾²×ÊѶ£º

image.png