• 我的位置:
  • 首页
  • -
  • 漏洞预警
  • -
  • 应用
  • -
    • Powershell 远程代码执行漏洞 CVE-2022-41076
    • CNNVD编号:未知
    • 危害等级: 高危 
    • CVE编号:CVE-2022-41076
    • 漏洞类型: 远程代码执行
    • 威胁类型:远程
    • 厂       商:未知
    • 漏洞来源:深信服
    • 发布时间:2023-03-21
    • 更新时间:2023-03-21

    漏洞简介

    该漏洞是由于Powershell提供的Powershell Remoting运行环境对用户输入验证不足, 攻击者可利用该漏洞在获得权限的情况下,构造特殊的恶意数据来逃逸限制环境并执行任意的 Powershell 命令,最终获取服务器最高权限。

    漏洞公示

    暂无

    参考网站

    暂无

    受影响实体

    Windows 10 Version 21H1 for ARM64-basedSystems
    Windows 10 Version 21H1 for x64-based Systems
    Windows Server 2019 (Server Core installation)
    Windows Server 2019
    Windows 10 Version 1809 for ARM64-basedSystems
    Windows 10 Version 1809 for x64-based Systems
    Windows 10 Version 1809 for 32-bit Systems
    Windows 10 Version 20H2 for ARM64-basedSystems
    Windows 10 Version 20H2 for 32-bit Systems
    Windows 10 Version 20H2 for x64-based Systems
    Windows Server 2022 Datacenter: Azure Edition
    Windows Server 2022 (Server Core installation)
    Windows Server 2022
    Windows 10 Version 21H1 for 32-bit Systems
    Windows Server 2012 R2 (Server Core installation)

    Windows Server 2012 R2
    Windows Server 2012 (Server Core installation)
    Windows Server 2012
    Windows Server 2008 R2 for x64-based Systems
    Service Pack 1 (Server Core installation)
    Windows Server 2008 R2 for x64-based Systems
    Service Pack 1
    Windows Server 2008 for x64-based Systems
    Service Pack 2 (Server Core installation)
    Windows 10 Version 22H2 for x64-based Systems
    Windows 11 Version 22H2 for x64-based Systems
    Windows 11 Version 22H2 for ARM64-basedSystems
    Windows 10 Version 21H2 for x64-based Systems
    Windows 10 Version 21H2 for ARM64-basedSystems
    Windows 10 Version 21H2 for 32-bit Systems
    Windows 11 for ARM64-based Systems
    Windows 11 for x64-based Systems
    Windows Server 2008 for x64-based SystemsService Pack 2
    Windows Server 2008 for 32-bit Systems Service
    Pack 2(Server Core installation)
    Windows Server 2008 for 32-bit Systems Service

    Pack 2
    Windows RT 8.1
    Windows 8.1 for x64-based systems
    Windows 8.1 for 32-bit systems
    Windows 7 for x64-based Systems Service Pack 1
    Windows 7 for 32-bit Systems Service Pack 1
    Windows Server 2016 (Server Core installation)
    Windows Server 2016
    Windows 10 Version 1607 for x64-based Systems
    Windows 10 Version 1607 for 32-bit Systems
    Windows 10 for x64-based Systems
    Windows 10 for 32-bit Systems
    Windows 10 Version 22H2 for 32-bit Systems
    Windows 10 Version 22H2 for ARM64-basedSystems
    PowerShell 7.2
    PowerShell 7.3

    补丁

    官方修复建议
    当前官方已发布最新版本,建议受影响的用户及时更新升级到最新版本。链接如下:
    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41076
    返回漏洞列表