【威胁通告】Windows Active Directory 域服务权限提升漏洞通告

2021-12-16

一. 漏洞概述

12月13日，海王捕鱼CERT监测发现有研究人员公开了Active Directory Domain Services权限提升漏洞（CVE-2021-42287、CVE-2021-42278）的 PoC。微软官方已在11月的安全更新发布了以上漏洞的修复补丁，请相关用户尽快采取措施进行防护。

CVE-2021-42287（CVSS 3.0评分8.8）：由于Active Directory没有对域中计算器与服务器账号名进行验证，经过身份验证的远程攻击者利用该漏洞绕过安全限制，可将域中普通用户权限提升为域管理员权限并执行任意代码。

CVE-2021-42278 （CVSS 3.0评分8.8）：由于应用程序缺少对 Active Directory Domain Services的安全限制，经过身份验证的远程攻击者利用该漏洞绕过安全限制，导致在目标系统上提升为管理员权限并执行任意代码。

活动目录（Active Directory）是面向Windows Standard Server、Windows Enterprise Server以及 Windows Datacenter Server的目录服务。Active Directory存储了有关网络对象的信息，并且让管理员和用户能够轻松地查找和使用这些信息。Active Directory使用了一种结构化的数据存储方式，并以此作为基础对目录信息进行合乎逻辑的分层组织。

参考链接：

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42278

二. 影响范围

漏洞编号

受影响产品版本

CVE-2021-42287

Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016 (Server Core installation)

Windows Server 2016
Windows Server, version 20H2 (Server Core Installation)

Windows Server, version 2004 (Server Core installation)

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

CVE-2021-42278

Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019