一、背景介绍
12月14日,市委网信办技术支撑单位监测到关于Microsoft Windows Active Directory的域服务权限提升漏洞细节和利用过程在互联网上公开(CVE-2021-42287、CVE-2021-42278)。
1.1 漏洞描述
攻击者利用该漏洞可以在域内将普通的用户权限提升到管理员的权限。
1、CVE-2021-42287
该漏洞是由于AD没有对域内机器账户名做验证,导致绕过安全限制。经过远程身份验证的攻击者可以结合CVE-2021-42278将域内普通用户权限提升到域管理员权限。
2、CVE-2021-42278
该漏洞则是由于应用程序没有对 Active Directory 域服务进行适当的安全限制。结合CVE-2021-42287可以导致绕过安全限制和权限提升。
1.2 漏洞编号
CVE-2021-42287
CVE-2021-42278
1.3漏洞等级
高危
二、修复建议
2.1 受影响版本
CVE-2021-42287:
Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
CVE-2021-42278:
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2019
Windows Server 2012 R2 (Server Core installation)
2.2 修复建议
目前官方已发布最新版本并修复了以上漏洞,请受影响的用户尽快升级版本进行防护:
1.更新Windows系统到最新版;
2.使用官方补丁:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42278