zoukankan      html  css  js  c++  java

  • cve202142287和cve202142278漏洞复现

    一、漏洞概述

    cve-2021-42287 : 由于Active Directory没有对域中计算机与服务器账号进行验证,经过身份验证的攻击 者利用该漏洞绕过完全限制,可将域中普通用户权限提升为域管理员权限并执行任意代码。
    cve-2021-42278 :由于应用程序缺少Active Directory Domain Services的安全限制,经过身份验证的 攻击者利用该漏洞绕过安全限制,导致 在目标系统上提升为管理员权限并执行任意代码。
    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287
    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42278

    二、影响范围

    漏洞编号受影响产品版本
    CVE-2021-42287 Windows Server 2012 R2 (Server Core installation)
    Windows Server 2012 R2
    Windows Server 2012 (Server Core installation)
    Windows Server 2012
    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
    Windows Server 2008 R2 for x64-based Systems Service Pack 1
    Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
    Windows Server 2008 for x64-based Systems Service Pack 2
    Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
    Windows Server 2016 (Server Core installation)
    Windows Server 2016
    Windows Server, version 20H2 (Server Core Installation)
    Windows Server, version 2004 (Server Core installation)
    Windows Server 2022 (Server Core installation)
    Windows Server 2022
    Windows Server 2019 (Server Core installation)
    Windows Server 2019
    CVE-2021-42278 Windows Server 2012 R2 (Server Core installation)
    Windows Server 2012 R2
    Windows Server 2012 (Server Core installation)
    Windows Server 2012
    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
    Windows Server 2008 R2 for x64-based Systems Service Pack 1
    Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
    Windows Server 2008 for x64-based Systems Service Pack 2
    Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
    Windows Server 2008 for 32-bit Systems Service Pack 2
    Windows Server 2016 (Server Core installation)
    Windows Server 2016
    Windows Server, version 20H2 (Server Core Installation)
    Windows Server, version 2004 (Server Core installation)
    Windows Server 2022 (Server Core installation)
    Windows Server 2022
    Windows Server 2019 (Server Core installation)
    Windows Server 2019

    漏洞利用示例

     

    漏洞防护

    补丁更新

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42278

    临时防护措施

    通过 域控的ADSI编辑器工具将AD的MAQ 配置为0,可中断此漏洞利用链。

    如何检测利用和攻陷迹象

    • sAMAccountName变更事件4662,需确保在域控制器上已启用才能捕获到这类活动 。

    • Windows Event 4741找到这些机器是否为新建

    https://docs.microsoft.com/zh-cn/windows/security/threat-protection/auditing/event-4741
  • 相关阅读:
    实用Javascript调试技巧
    fetch的常见问题及其解决办法
    为什么重复的GET请求变慢了?
    JavaScript深入浅出第4课:V8引擎是如何工作的?
    一步一步搭建前端监控系统:如何定位前端线上问题?
    如何使用 Set 来提高JS代码的性能
    详解Vue的slot新用法
    详解Vue响应式原理
    BeautyWe.js 一套专注于微信小程序的开发范式
    await Task.Yield()和await Task.CompletedTask有什么不同
  • 原文地址:https://www.cnblogs.com/i0day/p/15625328.html
Copyright © 2011-2022 走看看