• 我的位置:
  • 首页
  • -
  • 漏洞预警
  • -
  • 操作系统
  • -
    • Windows Advanced Local Procedure Call 权限提升漏洞
    • CNNVD编号:未知
    • 危害等级: 未知
    • CVE编号:CVE-2022-30160
    • 漏洞类型: 本地权限提升
    • 威胁类型:未知
    • 厂       商:未知
    • 漏洞来源:深信服
    • 发布时间:2022-06-24
    • 更新时间:2022-06-24

    漏洞简介

    2022年06月15日,深信服安全团队监测到 ALPC 组件存在权限提升漏洞,漏洞编号:CVE-2022-30160,漏洞威胁等级:高危。

    攻击者可利用该漏洞在获得权限的情况下,构造恶意程序进行权限提升攻击,最终可获取服务器最高权限。

    漏洞公示

    暂无

    参考网站

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30160

    受影响实体

    以下版本的操作系统受漏洞影响:

    Windows 10 for 32-bit Systems

    Windows 10 for x64-based Systems

    Windows 10 Version 1607 for 32-bit Systems

    Windows 10 Version 1607 for x64-based Systems

    Windows 10 Version 1809 for 32-bit Systems

    Windows 10 Version 1809 for ARM64-based Systems

    Windows 10 Version 1809 for x64-based Systems

    Windows 10 Version 20H2 for 32-bit Systems

    Windows 10 Version 20H2 for ARM64-based Systems

    Windows 10 Version 20H2 for x64-based Systems

    Windows 10 Version 21H1 for 32-bit Systems

    Windows 10 Version 21H1 for ARM64-based Systems

    Windows 10 Version 21H1 for x64-based Systems

    Windows 10 Version 21H2 for 32-bit Systems

    Windows 10 Version 21H2 for ARM64-based Systems

    Windows 10 Version 21H2 for x64-based Systems

    Windows 11 for ARM64-based Systems

    Windows 11 for x64-based Systems

    Windows 7 for 32-bit Systems Service Pack 1

    Windows 7 for x64-based Systems Service Pack 1

    Windows 8.1 for 32-bit systems

    Windows 8.1 for x64-based systems

    Windows RT 8.1

    Windows Server 2008 for 32-bit Systems Service Pack 2

    Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

    Windows Server 2008 for x64-based Systems Service Pack 2

    Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

    Windows Server 2008 R2 for x64-based Systems Service Pack 1

    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

    Windows Server 2012

    Windows Server 2012 (Server Core installation)

    Windows Server 2012 R2

    Windows Server 2012 R2 (Server Core installation)

    Windows Server 2016

    Windows Server 2016  (Server Core installation)

    Windows Server 2019

    Windows Server 2019  (Server Core installation)

    Windows Server 2022

    Windows Server 2022 (Server Core installation)

    Windows Server 2022 Azure Edition Core Hotpatch

    Windows Server version 20H2 (Server Core Installan)

    补丁

    当前官方已发布受影响版本的对应补丁,建议受影响的用户及时更新官方的安全补丁。链接如下:

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30160



    打补丁方法:

    1. 打开上述链接,根据系统版本选择对应的补丁包进行下载。

    2. 在需要打补丁的 Windows 系统中运行补丁包。
    返回漏洞列表