7*24小时服务热线   021-20685566
it-support@shanghaitech.edu.cn

关于微软PowerShell远程代码执行漏洞CVE-2022-41076的风险提示

日期:2023-01-12文章来源:图书信息中心

一、背景介绍

近日,市委网信办技术支撑单位监测到互联网上公开了Microsoft PowerShell远程代码执行漏洞的细节和EXP,漏洞命名为Tabshell,由于漏洞影响范围较大,建议受影响用户尽快安装漏洞补丁。

1.1漏洞描述

Windows PowerShell是微软发布的一种命令行外壳程序和脚本环境,使命令行用户和脚本编写者可以利用 .NET Framework的强大功能。PowerShell也提供了受限制的Powershell Remoting运行环境,限制了危险的cmdlet和命令的执行,该漏洞是由于Powershell Remoting对用户输入验证不足,攻击者可利用该漏洞在获得权限的情况下,构造特殊的恶意数据来逃逸限制环境并执行任意的Powershell命令,从而在目标机器上执行任意代码。

1.2漏洞编号

CVE-2022-41076

1.3漏洞等级

高危

二、修复建议

2.1受影响版本

Windows 10 Version 21H1 for ARM64-based Systems  

Windows 10 Version 21H1 for x64-based Systems  

Windows Server 2019 (Server Core installation)  

Windows Server 2019  

Windows 10 Version 1809 for ARM64-based Systems  

Windows 10 Version 1809 for x64-based Systems  

Windows 10 Version 1809 for 32-bit Systems  

Windows 10 Version 20H2 for ARM64-based Systems  

Windows 10 Version 20H2 for 32-bit Systems  

Windows 10 Version 20H2 for x64-based Systems  

Windows Server 2022 Datacenter: Azure Edition  

Windows Server 2022 (Server Core installation)  

Windows Server 2022  

Windows 10 Version 21H1 for 32-bit Systems  

Windows Server 2012 R2 (Server Core installation)  

Windows Server 2012 R2  

Windows Server 2012 (Server Core installation)  

Windows Server 2012  

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)  

Windows Server 2008 R2 for x64-based Systems Service Pack 1  

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core   installation)  

Windows 10 Version 22H2 for x64-based Systems  

Windows 11 Version 22H2 for x64-based Systems  

Windows 11 Version 22H2 for ARM64-based Systems  

Windows 10 Version 21H2 for x64-based Systems  

Windows 10 Version 21H2 for ARM64-based Systems  

Windows 10 Version 21H2 for 32-bit Systems  

Windows 11 for ARM64-based Systems  

Windows 11 for x64-based Systems  

Windows Server 2008 for x64-based Systems Service Pack 2  

Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)  

Windows Server 2008 for 32-bit Systems Service Pack 2  

Windows RT 8.1  

Windows 8.1 for x64-based systems  

Windows 8.1 for 32-bit systems  

Windows 7 for x64-based Systems Service Pack 1  

Windows 7 for 32-bit Systems Service Pack 1  

Windows Server 2016 (Server Core installation)  

Windows Server 2016  

Windows 10 Version 1607 for x64-based Systems  

Windows 10 Version 1607 for 32-bit Systems  

Windows 10 for x64-based Systems  

Windows 10 for 32-bit Systems  

Windows 10 Version 22H2 for 32-bit Systems  

Windows 10 Version 22H2 for ARM64-based Systems  

PowerShell 7.2  

PowerShell 7.3

2.2修复建议

微软官方已发布漏洞,建议受影响用户可参考下面链接修复此漏洞:

https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2022-41076