zoukankan      html  css  js  c++  java
  • cve202142287和cve202142278漏洞复现

    一、漏洞概述

    cve-2021-42287 : 由于Active Directory没有对域中计算机与服务器账号进行验证,经过身份验证的攻击 者利用该漏洞绕过完全限制,可将域中普通用户权限提升为域管理员权限并执行任意代码。
    cve-2021-42278 :由于应用程序缺少Active Directory Domain Services的安全限制,经过身份验证的 攻击者利用该漏洞绕过安全限制,导致 在目标系统上提升为管理员权限并执行任意代码。
    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287
    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42278

    二、影响范围

    漏洞编号受影响产品版本
    CVE-2021-42287 Windows Server 2012 R2 (Server Core installation)
    Windows Server 2012 R2
    Windows Server 2012 (Server Core installation)
    Windows Server 2012
    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
    Windows Server 2008 R2 for x64-based Systems Service Pack 1
    Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
    Windows Server 2008 for x64-based Systems Service Pack 2
    Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
    Windows Server 2016 (Server Core installation)
    Windows Server 2016
    Windows Server, version 20H2 (Server Core Installation)
    Windows Server, version 2004 (Server Core installation)
    Windows Server 2022 (Server Core installation)
    Windows Server 2022
    Windows Server 2019 (Server Core installation)
    Windows Server 2019
    CVE-2021-42278 Windows Server 2012 R2 (Server Core installation)
    Windows Server 2012 R2
    Windows Server 2012 (Server Core installation)
    Windows Server 2012
    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
    Windows Server 2008 R2 for x64-based Systems Service Pack 1
    Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
    Windows Server 2008 for x64-based Systems Service Pack 2
    Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
    Windows Server 2008 for 32-bit Systems Service Pack 2
    Windows Server 2016 (Server Core installation)
    Windows Server 2016
    Windows Server, version 20H2 (Server Core Installation)
    Windows Server, version 2004 (Server Core installation)
    Windows Server 2022 (Server Core installation)
    Windows Server 2022
    Windows Server 2019 (Server Core installation)
    Windows Server 2019

    漏洞利用示例

     

    漏洞防护

    补丁更新

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42278

    临时防护措施

    通过 域控的ADSI编辑器工具将AD的MAQ 配置为0,可中断此漏洞利用链。

    如何检测利用和攻陷迹象

    • sAMAccountName变更事件4662,需确保在域控制器上已启用才能捕获到这类活动 。

    • Windows Event 4741找到这些机器是否为新建

    https://docs.microsoft.com/zh-cn/windows/security/threat-protection/auditing/event-4741

  • 相关阅读:
    Android实现多个词汇连续输入的提示
    android 中使用AutoCompleteTextView 可以实现自动提示功能
    关于android中搜索功能的实现
    重复弹出Toast 解决方案
    Android显示不重复通知的Notification
    个人项目经历
    使用Google 官方的控件SwipeRefreshLayout实现下拉刷新功能
    安卓左滑实现返回上一个页面
    初学hadoop
    浅谈nodejs和php
  • 原文地址:https://www.cnblogs.com/i0day/p/15625328.html
Copyright © 2011-2022 走看看