近日,网宿安全实验室监测到Powershell组件存在远程代码执行漏洞,漏洞编号:CVE-2022-41076。经研判,攻击者可通过该漏洞绕过沙箱限制,在目标机器上执行任意代码。
网宿安全实验室第一时间启应急流程,上线防护规则,为平台用户开启拦截。
PowerShell 是微软发布的跨平台自动化和配置工具,在处理结构化数据(如 JSON、CSV、XML 等)、REST API和对象模型方面做了大量针对性的优化。PowerShell可在Windows、Linux和macOS上运行,该漏洞影响范围较广。
目前,该漏洞的技术细节已在网络中传播,微软官方也已发布官方补丁,网宿安全建议企业第一时间启动应急修复。
漏洞详情
漏洞编号:CVE-2022-41076
POC状态:已公开
在野利用状态:存在
威胁程度:高危
漏洞描述:
PowerShell提供了运行空间功能,允许应用程序自定义运行空间,运行空间对用户输入验证不足,攻击者可以在绕过身份验证的基础上,构造恶意攻击语句,绕过环境限制并执行任意代码,最终获取服务器最高权限。
受影响的版本:
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 Datacenter: Azure Edition
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
PowerShell 7.2
PowerShell 7.3
安装官方补丁
目前官方已发布安全补丁,修复此漏洞,建议受影响的用户尽快安装补丁。
官方补丁下载渠道:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41076
接入网宿云WAF
网宿云WAF已支持对该漏洞利用攻击的防护。网宿将持续监测各类0day漏洞情报,第一时间上线防护规则,缩短0day“空窗期”。
如未接入网宿云WAF,在线注册,免费开通测试