¡¾Îó²îͨ¸æ¡¿Windows LDAP¾Ü¾øЧÀÍÎó²î£¨CVE-2024-49113£©

Ðû²¼Ê±¼ä 2025-01-04

Ò»¡¢Îó²î¸ÅÊö


Îó²îÃû³Æ

Windows LDAP¾Ü¾øЧÀÍÎó²î

CVE   ID

CVE-2024-49113

Îó²îÀàÐÍ

Ô½½ç¶ÁÈ¡

·¢Ã÷ʱ¼ä

2024-12-11

Îó²îÆÀ·Ö

7.5

Îó²îÆ·¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

ʹÓÃÄѶÈ

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

ÒѹûÕæ

ÔÚҰʹÓÃ

δ·¢Ã÷

 


Windows Lightweight Directory Access Protocol (LDAP) ÊÇÒ»ÖÖ»ùÓÚ LDAP ЭÒéµÄÇáÁ¿¼¶Ä¿Â¼»á¼ûЭÒ飬£¬£¬£¬£¬£¬ÆÕ±éÓÃÓÚ Windows Active Directory (AD) ÇéÐÎÖУ¬£¬£¬£¬£¬£¬ÓÃÀ´»á¼ûºÍÖÎÀíĿ¼ЧÀÍÐÅÏ¢ ¡£¡£¡£¡£¡£¡£


2025Äê1ÔÂ2ÈÕ£¬£¬£¬£¬£¬£¬¿­Ðý¹ú¼ÊÓÎÏ·¼¯ÍÅVSRC¼à²âµ½Windows Lightweight Directory Access Protocol¾Ü¾øЧÀÍÎó²î£¨CVE-2024-49113£¬£¬£¬£¬£¬£¬CVSSÆÀ·Ö7.5£©µÄÊÖÒÕϸ½Ú¼°PoCÔÚ»¥ÁªÍøÉϹûÕæ ¡£¡£¡£¡£¡£¡£


Windows LDAP ЧÀ굀 wldap32.dll Öб£´æÔ½½ç¶ÁÈ¡Îó²î£¬£¬£¬£¬£¬£¬¹¥»÷Õß¿ÉÒÔͨ¹ýδÈÏÖ¤µÄÌØÖÆDCE/RPCŲÓ㨻òͨ¹ýÆäËû·½·¨£©ÓÕʹĿµÄЧÀÍÆ÷£¨×÷Ϊ LDAP ¿Í»§¶Ë£©Ïò¹¥»÷Õß¿ØÖƵĶñÒâ LDAP ЧÀÍÆ÷ÌᳫÅÌÎÊÇëÇ󣬣¬£¬£¬£¬£¬µ±¶ñÒâЧÀÍÆ÷·µ»ØÌØÖƵġ¢¶ñÒâ½á¹¹µÄLDAPÏìӦʱ£¬£¬£¬£¬£¬£¬¿ÉÄÜ´¥·¢Ä¿µÄЧÀÍÆ÷ÖеÄÔ½½ç¶ÁÈ¡Îó²î£¬£¬£¬£¬£¬£¬´Ó¶øµ¼Ö¾ܾøЧÀÍ£¨Òý·¢ LSASS ЧÀÍÍ߽⣬£¬£¬£¬£¬£¬µ¼ÖÂÄ¿µÄϵͳ×Ô¶¯ÖØÆô£¬£¬£¬£¬£¬£¬Ôì³ÉЧÀÍÖÐÖ¹£©»òÐÅϢй¶£¨µ¼ÖÂÄÚ´æÖÐÃô¸ÐÐÅÏ¢£¬£¬£¬£¬£¬£¬Èçƾ֤¡¢»á»°Êý¾Ý±»Ð¹Â¶£© ¡£¡£¡£¡£¡£¡£


¶þ¡¢Ó°Ïì¹æÄ£


Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server 2025

Windows 11 Version 24H2 for x64-based Systems

Windows 11 Version 24H2 for ARM64-based Systems

Windows Server 2022, 23H2 Edition (Server Core installation)

Windows 11 Version 23H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows Server 2025 (Server Core installation)

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems


Èý¡¢Çå¾²²½·¥


3.1 Éý¼¶°æ±¾


ÏÖÔÚ΢ÈíÒÑÐû²¼¸ÃÎó²îµÄÇå¾²¸üУ¬£¬£¬£¬£¬£¬ÊÜÓ°ÏìµÄÓû§¿ÉʵʱÐÞ¸´ ¡£¡£¡£¡£¡£¡£


£¨Ò»£© Windows Update×Ô¶¯¸üÐÂ

Microsoft UpdateĬÈÏÆôÓ㬣¬£¬£¬£¬£¬µ±ÏµÍ³¼ì²âµ½¿ÉÓøüÐÂʱ£¬£¬£¬£¬£¬£¬½«»á×Ô¶¯ÏÂÔظüв¢ÔÚÏÂÒ»´ÎÆô¶¯Ê±×°Öà ¡£¡£¡£¡£¡£¡£Ò²¿ÉÑ¡Ôñͨ¹ýÒÔÏ°취ÊÖ¶¯¾ÙÐиüУº

1¡¢µã»÷¡°×îÏȲ˵¥¡±»ò°´Windows¿ì½Ý¼ü£¬£¬£¬£¬£¬£¬µã»÷½øÈë¡°ÉèÖá±

2¡¢Ñ¡Ôñ¡°¸üкÍÇå¾²¡±£¬£¬£¬£¬£¬£¬½øÈë¡°Windows¸üС±£¨Windows 8¡¢Windows 8.1¡¢Windows Server 2012ÒÔ¼°Windows Server 2012 R2¿Éͨ¹ý¿ØÖÆÃæ°å½øÈë¡°Windows¸üС±£¬£¬£¬£¬£¬£¬Ïêϸ°ì·¨Îª¡°¿ØÖÆÃæ°å¡±->¡°ÏµÍ³ºÍÇå¾²¡±->¡°Windows¸üС±£©

3¡¢Ñ¡Ôñ¡°¼ì²é¸üС±£¬£¬£¬£¬£¬£¬ÆÚ´ýϵͳ×Ô¶¯¼ì²é²¢ÏÂÔØ¿ÉÓøüР¡£¡£¡£¡£¡£¡£

4¡¢¸üÐÂÍê³ÉºóÖØÆôÅÌËã»ú£¬£¬£¬£¬£¬£¬¿Éͨ¹ý½øÈë¡°Windows¸üС±->¡°Éó²é¸üÐÂÀúÊ·¼Í¼¡±Éó²éÊÇ·ñÀÖ³É×°ÖÃÁ˸üР¡£¡£¡£¡£¡£¡£¹ØÓÚûÓÐÀÖ³É×°ÖõĸüУ¬£¬£¬£¬£¬£¬¿ÉÒÔµã»÷¸Ã¸üÐÂÃû³Æ½øÈë΢Èí¹Ù·½¸üÐÂÐÎòÁ´½Ó£¬£¬£¬£¬£¬£¬µã»÷×îеÄSSUÃû³Æ²¢ÔÚÐÂÁ´½ÓÖеã»÷¡°Microsoft ¸üÐÂĿ¼¡±£¬£¬£¬£¬£¬£¬È»ºóÔÚÐÂÁ´½ÓÖÐÑ¡ÔñÊÊÓÃÓÚÄ¿µÄϵͳµÄ²¹¶¡¾ÙÐÐÏÂÔز¢×°Öà ¡£¡£¡£¡£¡£¡£


£¨¶þ£© ÊÖ¶¯×°ÖøüÐÂ

Microsoft¹Ù·½ÏÂÔØÏìÓ¦²¹¶¡¾ÙÐиüР¡£¡£¡£¡£¡£¡£


ÏÂÔØÁ´½Ó£º

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49113


3.2 ÔÝʱ²½·¥


ÔÝÎÞ ¡£¡£¡£¡£¡£¡£


3.3 ͨÓý¨Òé


? °´ÆÚ¸üÐÂϵͳ²¹¶¡£¬£¬£¬£¬£¬£¬ïÔ̭ϵͳÎó²î£¬£¬£¬£¬£¬£¬ÌáÉýЧÀÍÆ÷µÄÇå¾²ÐÔ ¡£¡£¡£¡£¡£¡£

ÔöǿϵͳºÍÍøÂçµÄ»á¼û¿ØÖÆ£¬£¬£¬£¬£¬£¬Ð޸ķÀ»ðǽսÂÔ£¬£¬£¬£¬£¬£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻòЧÀÍ£¬£¬£¬£¬£¬£¬ïÔÌ­½«Î£ÏÕЧÀÍ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬£¬£¬£¬£¬£¬ïÔÌ­¹¥»÷Ãæ ¡£¡£¡£¡£¡£¡£

ʹÓÃÆóÒµ¼¶Çå¾²²úÆ·£¬£¬£¬£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂçÇå¾²ÐÔÄÜ ¡£¡£¡£¡£¡£¡£

ÔöǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬£¬£¬£¬ÆôÓöàÒòËØÈÏÖ¤»úÖƺÍ×îСȨÏÞÔ­Ôò£¬£¬£¬£¬£¬£¬Óû§ºÍÈí¼þȨÏÞÓ¦¼á³ÖÔÚ×îµÍÏÞ¶È ¡£¡£¡£¡£¡£¡£

ÆôÓÃÇ¿ÃÜÂëÕ½ÂÔ²¢ÉèÖÃΪ°´ÆÚÐÞ¸Ä ¡£¡£¡£¡£¡£¡£


3.4 ²Î¿¼Á´½Ó


https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49113/

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49113


ËÄ¡¢°æ±¾ÐÅÏ¢


°æ±¾

ÈÕÆÚ

±¸×¢

V1.0

2025-01-04

Ê×´ÎÐû²¼

 

Îå¡¢¸½Â¼


5.1 ¿­Ðý¹ú¼ÊÓÎÏ·¼ò½é


¿­Ðý¹ú¼ÊÓÎÏ·½¨ÉèÓÚ1996Ä꣬£¬£¬£¬£¬£¬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ½¨ÉèµÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢Çå¾²¸ß¿Æ¼¼ÆóÒµ ¡£¡£¡£¡£¡£¡£ÊǺ£ÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢Çå¾²²úÆ·¡¢Ç徲ЧÀͽâ¾ö¼Æ»®µÄÁ캽ÆóÒµÖ®Ò» ¡£¡£¡£¡£¡£¡£


¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°¿­Ðý¹ú¼ÊÓÎÏ·´óÏ㬣¬£¬£¬£¬£¬¹«Ë¾Ô±¹¤6000ÓàÈË£¬£¬£¬£¬£¬£¬Ñз¢ÍŶÓ1200ÓàÈË, ÊÖÒÕЧÀÍÍŶÓ1300ÓàÈË ¡£¡£¡£¡£¡£¡£ÔÚÌìϸ÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬£¬£¬£¬£¬£¬ÓµÓÐÁýÕÖÌìϵÄÏúÊÛϵͳ¡¢ÇþµÀϵͳºÍÊÖÒÕÖ§³Öϵͳ ¡£¡£¡£¡£¡£¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐС°å¹ÒÅÆÉÏÊÐ ¡£¡£¡£¡£¡£¡££¨¹ÉƱ´úÂ룺002439£©


¶àÄêÀ´£¬£¬£¬£¬£¬£¬¿­Ðý¹ú¼ÊÓÎÏ·ÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷Á¢ÒìµÄÇå¾²²úÆ·ºÍ×î¼Ñʵ¼ùЧÀÍ£¬£¬£¬£¬£¬£¬×ÊÖú¿Í»§ÖÜÈ«ÌáÉýÆäIT»ù´¡ÉèÊ©µÄÇå¾²ÐÔºÍÉú²úЧÄÜ£¬£¬£¬£¬£¬£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Çå¾²¹¤ÒµÁì¾üÆ·Åƶø²»Ð¸Æð¾¢ ¡£¡£¡£¡£¡£¡£


5.2 ¹ØÓÚ¿­Ðý¹ú¼ÊÓÎÏ·


¿­Ðý¹ú¼ÊÓÎÏ·Çå¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÒÑÐû²¼1000¶à¸öÎó²îͨ¸æºÍΣº¦Ô¤¾¯£¬£¬£¬£¬£¬£¬ÎÒÃǽ«Ò»Á¬¸ú×ÙÈ«Çò×îеÄÍøÂçÇå¾²ÊÂÎñºÍÎó²î£¬£¬£¬£¬£¬£¬ÎªÆóÒµµÄÐÅÏ¢Çå¾²±£¼Ý»¤º½ ¡£¡£¡£¡£¡£¡£


¹Ø×¢ÎÒÃÇ£º


Çå¾²¼òѶ.jpg