PowerShell 是一种跨平台的任务自动化解决方案,由命令行 shell、脚本语言和配置管理框架组成。PowerShell 在 Windows、Linux 和 macOS 上运行。
近日,奇安信 CERT 监测到互联网上公开 PowerShell 远程代码执行漏洞(CVE -2022-41076)技术细节及 PoC,国外厂商将此漏洞命名为“TabShell”。经过身份认证的远程攻击者可利用此漏洞绕过 PowerShell 限制环境,在目标机器上执行任意 PowerShell 代码。目前,此漏洞技术细节、POC 及 EXP 已公开,鉴于此漏洞影响范围较大,建议尽快做好自查及防护。
一、CVE-2022-41076 PowerShell 远程代码执行漏洞详情
风险等级:严重
漏洞类型:远程代码执行
漏洞简介:由于 PowerShell 对用户提供的输入的验证不足,远程攻击者将特制数据传递给应用程序触发漏洞,在目标系统上执行任意代码。
二、受影响的系统
Windows Server 2022 Datacenter: Azure EditionWindows Server 2022 (Server Core installation)Windows Server 2022Windows 10 Version 21H1 for 32-bit SystemsWindows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2012Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows 10 Version 22H2 for x64-based SystemsWindows 11 Version 22H2 for x64-based SystemsWindows 11 Version 22H2 for ARM64-based SystemsWindows 10 Version 21H2 for x64-based SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows 10 Version 21H2 for 32-bit SystemsWindows 11 for ARM64-based SystemsWindows 11 for x64-based SystemsWindows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows RT 8.1Windows 8.1 for x64-based systemsWindows 8.1 for 32-bit systemsWindows 7 for x64-based Systems Service Pack 1Windows 7 for 32-bit Systems Service Pack 1Windows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1607 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 for 32-bit SystemsWindows 10 Version 22H2 for 32-bit SystemsWindows 10 Version 22H2 for ARM64-based SystemsPowerShell 7.2PowerShell 7.3
奇安信天守终端安全管理系统 ,天守客户端防病毒模块可以拦截。企业管理员请关注这个补丁的安装情况,及时安装补丁修复漏洞,避免被蓄意攻击利用。
