Windows远程过程调用远程代码执行漏洞 CVE-2022-26809
日期:2022-09-27 10:50:18  发布人:信息化建设中心  浏览量:0

组件介绍

Windows远程过程调用 (RPC) 定义了一种用于创建分布式客户端/服务器程序的强大技术。RPC 运行时存根和库管理与网络协议和通信相关的大部分进程,使用户能够专注于应用程序的细节,而不是网络的细节。

漏洞描述

近日,深信服安全团队监测到一则 Microsoft 远程过程调用rpcrt4.dll组件存在远程代码执行漏洞的信息,漏洞编号: CVE-2022-26809,漏洞威胁等级:高危。

攻击者可利用该漏洞在未授权的情况下,构造恶意数据执行远程代码执行攻击,最终获取服务器最高权限。

影响范围

目前受影响的Windows版本:

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2012

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server, version 20H2 (Server Core Installation)

官方修复建议

当前官方已发布受影响版本的对应补丁,建议受影响的用户及时更新官方的安全补丁。


 

联系电话:023-42464987 重庆人文科技学院信息化建设中心 版权所有