• 我的位置:
  • 首页
  • -
  • 漏洞预警
  • -
  • 应用
  • -
    • Windows Installer本地提权漏洞CVE-2022-30147
    • CNNVD编号:未知
    • 危害等级: 高危 
    • CVE编号:CVE-2022-30147
    • 漏洞类型: 本地权限提升
    • 威胁类型:未知
    • 厂       商:未知
    • 漏洞来源:深信服
    • 发布时间:2023-03-20
    • 更新时间:2023-03-20

    漏洞简介

    2022年06月15日,深信服安全团队监测到一则 msi.dll组件存在本地权限提升漏洞的信息,漏洞编号:CVE-2022-30147,漏洞威胁等级:高危。

    该漏洞是由于逻辑错误,攻击者可利用该漏洞在获得权限的情况下,构造恶意数据执行本地权限提升攻击,最终获取服务器最高权限。






    漏洞公示

    暂无

    参考网站

    https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30147

    受影响实体

    目前受影响的 Windows 版本:

    Windows 10 for 32-bit Systems

    Windows 10 for x64-based Systems

    Windows 10 Version 1607 for 32-bit Systems

    Windows 10 Version 1607 for x64-based Systems

    Windows 10 Version 1809 for 32-bit Systems

    Windows 10 Version 1809 for ARM64-based Systems

    Windows 10 Version 1809 for x64-based Systems

    Windows 10 Version 20H2 for 32-bit Systems

    Windows 10 Version 20H2 for ARM64-based Systems

    Windows 10 Version 20H2 for x64-based Systems

    Windows 10 Version 21H1 for 32-bit Systems

    Windows 10 Version 21H1 for ARM64-based Systems

    Windows 10 Version 21H1 for x64-based Systems

    Windows 10 Version 21H2 for 32-bit Systems

    Windows 10 Version 21H2 for ARM64-based Systems

    Windows 10 Version 21H2 for x64-based Systems

    Windows 11 for ARM64-based Systems

    Windows 11 for x64-based Systems

    Windows 7 for 32-bit Systems Service Pack 1

    Windows 7 for x64-based Systems Service Pack 1

    Windows 8.1 for 32-bit systems

    Windows 8.1 for x64-based systems

    Windows RT 8.1

    Windows Server 2008 for 32-bit Systems Service Pack 2

    Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

    Windows Server 2008 for x64-based Systems Service Pack 2

    Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

    Windows Server 2008 R2 for x64-based Systems Service Pack 1

    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

    Windows Server 2012

    Windows Server 2012 (Server Core installation)

    Windows Server 2012 R2

    Windows Server 2012 R2 (Server Core installation)

    Windows Server 2016

    Windows Server 2016  (Server Core installation)

    Windows Server 2019

    Windows Server 2019  (Server Core installation)

    Windows Server 2022

    Windows Server 2022 (Server Core installation)

    Windows Server 2022 Azure Edition Core Hotpatch

    Windows Server version 20H2 (Server Core Installation)

    补丁


    解决方案

    图片

    1.如何检测组件系统版本

    使用 cmd.exe 执行 “systeminfo” 命令,可以获取 Windows 操作系统安装的补丁。


    图片


    查看是否存在以下网址安全更新程序一栏中对应的补丁包。

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30147


    图片

    图片

    2.官方修复建议

    当前官方已发布受影响版本的对应补丁,建议受影响的用户及时更新官方的安全补丁。链接如下:

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30147


    打补丁方法:

    进入上面的链接页面,下载当前系统版本对应的补丁包进行安装。

    参考链接

    返回漏洞列表