欢迎user
威胁预警团队
2021/12/14
目录是存储有关网络上对象信息的层次结构,目录服务(Active Directory 域服务 (AD DS) )提供了一个分布式数据库,用于存储和管理来自目录的应用数据和网络资源数据信息。 2021年11月10日Microsoft发布了十一月安全更新补丁,修复了Microsoft中多个漏洞,其中包括两个关于域权限提升的漏洞(CVE-2021-42278和CVE-2021-42287)。近日,新华三攻防实验室监测到这两个关于域权限提升漏洞的利用细节和POC已在网上公开,攻击者可以利用此漏洞在目标域内将身份提升至管理员权限,对企业身份认证和相关资产产生巨大威胁,新华三攻防实验室建议受影响用户尽快采取措施修复相关漏洞。
CVE-2021-42278
由于Microsoft Windows Active Directory 域服务中存在权限提升漏洞,AD域中的计算机账户名一般是以“$”结尾,但是AD域并没有对该符号进行验证,导致经过身份验证的恶意攻击者可以绕过AD域的安全措施,配合CVE-2021-42287实现将域内的普通用户权限提升至管理员权限。
CVE-2021-42287
由于Microsoft Windows Active Directory 域服务中存在权限提升漏洞,当恶意攻击者创建与机器账户用户名相同的账户,用户名不以“$”结尾时,可以绕过AD域服务的安全限制措施,从而将普通用户权限提升至管理员权限。
搭建AD域环境,创建普通域内用户,发送恶意数据至服务器得到票证:
Windows Server 2012 R2
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
高危
目前官方已发布漏洞修复补丁,请及时更新下载安全补丁。官方链接:https://msrc.microsoft.com/update-guide/releaseNote/2021-Nov
https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2021-42278
https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2021-42287