产品动态 > 正文

漏洞预警 | Powershell远程代码执行漏洞处置通告

2023-01-12

近日,网宿安全实验室监测到Powershell组件存在远程代码执行漏洞,漏洞编号:CVE-2022-41076。经研判,攻击者可通过该漏洞绕过沙箱限制,在目标机器上执行任意代码。

网宿安全实验室第一时间启应急流程,上线防护规则,为平台用户开启拦截。

PowerShell 是微软发布的跨平台自动化和配置工具,在处理结构化数据(如 JSON、CSV、XML 等)、REST API和对象模型方面做了大量针对性的优化。PowerShell可在Windows、Linux和macOS上运行,该漏洞影响范围较广。

目前,该漏洞的技术细节已在网络中传播,微软官方也已发布官方补丁,网宿安全建议企业第一时间启动应急修复。

漏洞详情

漏洞编号:CVE-2022-41076

POC状态:已公开

在野利用状态:存在

威胁程度:高危

漏洞描述:

PowerShell提供了运行空间功能,允许应用程序自定义运行空间,运行空间对用户输入验证不足,攻击者可以在绕过身份验证的基础上,构造恶意攻击语句,绕过环境限制并执行任意代码,最终获取服务器最高权限。

受影响的版本:

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 Datacenter: Azure Edition

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

PowerShell 7.2

PowerShell 7.3

安装官方补丁

目前官方已发布安全补丁,修复此漏洞,建议受影响的用户尽快安装补丁。

官方补丁下载渠道:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41076

接入网宿云WAF

网宿云WAF已支持对该漏洞利用攻击的防护。网宿将持续监测各类0day漏洞情报,第一时间上线防护规则,缩短0day“空窗期”。

如未接入网宿云WAF,在线注册,免费开通测试

本文内容的版权持有者为网宿科技股份有限公司(“网宿科技”),未经许可,不得转载。