¡¾Îó²îͨ¸æ¡¿Active Directory Domain ServicesȨÏÞÌáÉýÎó²î£¨CVE-2022-26923£©

Ðû²¼Ê±¼ä 2022-05-17

 

0x00 Îó²î¸ÅÊö

CVE   ID

CVE-2022-26923

·¢Ã÷ʱ¼ä

2022-05-11

Àà    ÐÍ

ȨÏÞÌáÉý

µÈ    ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£


¹¥»÷ÖØƯºó

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

ÒѹûÕæ

ÔÚҰʹÓÃ

·ñ

 

0x01 Îó²îÏêÇé

2022 Äê 5 Ô 10 ÈÕ£¬£¬£¬£¬£¬£¬Î¢ÈíÐû²¼ÁË5ÔÂÇå¾²¸üУ¬£¬£¬£¬£¬£¬ÐÞ¸´ÁË°üÀ¨Active Directory Domain Services ȨÏÞÌáÉýÎó²î£¨CVE-2022-26963 £©ÔÚÄÚµÄ75¸öÇå¾²Îó²î¡£¡£¡£¡£

´ËÎó²îµÄCVSSv3ÆÀ·ÖΪ8.8£¬£¬£¬£¬£¬£¬¾­ÓÉÉí·ÝÑéÖ¤µÄµÍȨÏÞÓû§¿ÉÒÔʹÓôËÎó²îÔÚ×°ÖÃÁË Active Directory Ö¤ÊéЧÀÍ (AD CS) ЧÀÍÆ÷½ÇÉ«µÄĬÈÏ Active Directory ÇéÐÎÖн«È¨ÏÞÌáÉýΪÓòÖÎÀíԱȨÏÞ¡£¡£¡£¡£µ«Ö»Óе± Active Directory Ö¤ÊéЧÀÍÔÚÓòÉÏÔËÐÐʱ£¬£¬£¬£¬£¬£¬ÏµÍ³²ÅÈÝÒ×Êܵ½Õë¶Ô´ËÎó²îµÄ¹¥»÷¡£¡£¡£¡£

5ÔÂ11ÈÕ£¬£¬£¬£¬£¬£¬´ËÎó²îµÄÎó²îϸ½ÚºÍPOCÒѹûÕæ¡£¡£¡£¡£

image.png

ʹÓÃÖ¤Êé¾ÙÐÐÉí·ÝÑéÖ¤£¨ÈªÔ´£º»¥ÁªÍø£©

image.png

ת´¢ËùÓÐÓû§¹þÏ££¨ÈªÔ´£º»¥ÁªÍø£©

 

Ó°Ïì¹æÄ£

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

 

0x02 Çå¾²½¨Òé

ÏÖÔÚ΢ÈíÒѾ­Ðû²¼ÁË´ËÎó²îµÄ²¹¶¡£¬£¬£¬£¬£¬£¬¼øÓÚActive DirectoryЧÀÍʹÓÃÆձ飬£¬£¬£¬£¬£¬ÇÒÎó²îÓ°Ïì½ÏΪÑÏÖØ£¬£¬£¬£¬£¬£¬½¨ÒéÊÜÓ°ÏìÓû§¾¡¿ì×°ÖøüС£¡£¡£¡£

ÏÂÔØÁ´½Ó£º

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923

 

0x03 ²Î¿¼Á´½Ó

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923

https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4

 

0x04 °æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

ÐÞ¸ÄÄÚÈÝ

V1.0

2022-05-17

Ê×´ÎÐû²¼

 

0x05 ¸½Â¼

ÍòÀû¹ú¼Ê¹ÙÍø¼ò½é

ÍòÀû¹ú¼Ê¹ÙÍø¹«Ë¾½¨ÉèÓÚ1996Ä꣬£¬£¬£¬£¬£¬²¢ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉî½»ËùÖÐС°åÕýʽ¹ÒÅÆÉÏÊУ¬£¬£¬£¬£¬£¬ÊǺ£ÄÚ¼«¾ßʵÁ¦µÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÍøÂçÇå¾²²úÆ·¡¢¿ÉÐÅÇå¾²ÖÎÀíƽ̨¡¢Ç徲ЧÀÍÓë½â¾ö¼Æ»®µÄ×ÛºÏÌṩÉÌ¡£¡£¡£¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°£¬£¬£¬£¬£¬£¬ÔÚÌìϸ÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÓзÖÖ§»ú¹¹£¬£¬£¬£¬£¬£¬ÓµÓÐÁýÕÖÌìϵÄÇþµÀϵͳºÍÊÖÒÕÖ§³ÖÖÐÐÄ£¬£¬£¬£¬£¬£¬²¢ÔÚ±±¾©¡¢ÉϺ£¡¢³É¶¼¡¢¹ãÖÝ¡¢³¤É³¡¢º¼ÖݵȶàµØÉèÓÐÑз¢ÖÐÐÄ¡£¡£¡£¡£

¶àÄêÀ´£¬£¬£¬£¬£¬£¬ÍòÀû¹ú¼Ê¹ÙÍøÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷Á¢ÒìµÄÇå¾²²úÆ·ºÍ×î¼Ñʵ¼ùЧÀÍ£¬£¬£¬£¬£¬£¬×ÊÖú¿Í»§ÖÜÈ«ÌáÉýÆäIT»ù´¡ÉèÊ©µÄÇå¾²ÐÔºÍÉú²úЧÄÜ£¬£¬£¬£¬£¬£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Çå¾²¹¤ÒµÁì¾üÆ·Åƶø²»Ð¸Æ𾢡£¡£¡£¡£


¹ØÓÚÍòÀû¹ú¼Ê¹ÙÍø

ÍòÀû¹ú¼Ê¹ÙÍøÇå¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÖ÷ÒªÕë¶ÔÖ÷ÒªÇå¾²Îó²îµÄÔ¤¾¯¡¢¸ú×ٺͷÖÏíÈ«Çò×îеÄÍþвÇ鱨ºÍÇå¾²±¨¸æ¡£¡£¡£¡£

¹Ø×¢ÒÔϹ«Öںţ¬£¬£¬£¬£¬£¬»ñÈ¡È«Çò×îÐÂÇå¾²×ÊѶ£º

image.png