01 漏洞概况
近日,微步在线获取到Windows秘钥交换服务远程代码执行漏洞(CVE-2022-34721)情报,相关服务代码未能正确校验接收到的数据,使得攻击者能够在未认证的情况下,构造一个畸形的数据包发往服务端,对目标主机进行DDoS攻击甚至获取主机权限。Windows秘钥交换服务用于IPSec协议中的身份校验和秘钥交换,在VPN中使用较为广泛。
此次受影响版本如下:
受影响版本 | 是否受影响 |
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
是 |
02 漏洞评估
公开程度:PoC 已公开
利用条件:无权限要求
交互要求:0-click 无需认证
漏洞危害:远程代码执行
03 处置建议
1. 微软官方已发布相关补丁:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34721
2. 参考链接:
https://blog.78researchlab.com/9ed22cda-216f-434a-b063-ed78aafa4a7a
来源:微步在线研究响应中心