¡¾·ì϶¹«¸æ¡¿Windows Lightweight Directory Access ProtocolÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2024-49112£©

°ä²¼¹¦·ò 2025-01-02

Ò»¡¢·ì϶¸ÅÊö


·ìϼûû³Æ

Windows Lightweight Directory Access ProtocolÔ¶³Ì´úÂëÖ´Ðзì϶

CVE   ID

CVE-2024-49112

·ì϶ÀàÐÍ

ÕûÊýÒç³ö

·¢ÏÖ¹¦·ò

2024-12-11

·ì϶ÆÀ·Ö

9.8

·ì϶µÈ¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

δ¹«¿ª

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ

 


Windows Lightweight Directory Access Protocol (LDAP) ÊÇÒ»ÖÖ»ùÓÚ LDAP ºÍ̸µÄÇáÁ¿¼¶Ä¿Â¼½Ó¼ûºÍ̸£¬£¬£¬£¬£¬£¬£¬¿í·ºÓÃÓÚ Windows Active Directory (AD) »·¾³ÖУ¬£¬£¬£¬£¬£¬£¬ÓÃÀ´½Ó¼ûºÍÖÎÀíĿ¼·þÎñÐÅÏ¢¡£¡£¡£¡£¡£


2025Äê1ÔÂ2ÈÕ£¬£¬£¬£¬£¬£¬£¬8827Ì«Ñô¼¯Íż¯ÍÅVSRC¼à²âµ½Windows Lightweight Directory Access ProtocolÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2024-49112£¬£¬£¬£¬£¬£¬£¬CVSSÆÀ·Ö9.8£©µÄ¼¼Êõϸ½Ú¼°PoCÔÚ»¥ÁªÍøÉϹ«¿ª¡£¡£¡£¡£¡£


Windows LDAP ·þÎñµÄ wldap32.dll ÖдæÔÚÕûÊýÒç³öÎÊÌ⣬£¬£¬£¬£¬£¬£¬¹¥»÷ÕßÄܹ»Í¨¹ýδÈÏÖ¤µÄÌØÔìDCE/RPCŲÓ㨻òͨ¹ýÆäËû·½Ê½£©ÓÕʹָ±ê·þÎñÆ÷£¨×÷Ϊ LDAP ¿Í»§¶Ë£©Ïò¹¥»÷Õß½ÚÔìµÄ¶ñÒâ LDAP ·þÎñÆ÷ÌáÒé²éÎÊÒªÇ󣬣¬£¬£¬£¬£¬£¬µ±¶ñÒâ LDAP ·þÎñÆ÷·µ»ØÌØÔìµÄ¡¢¶ñÒâ»ú¹ØµÄÏìӦʱ£¬£¬£¬£¬£¬£¬£¬¿ÉÄÜ´¥·¢Ö¸±ê·þÎñÆ÷Öеķì϶£¬£¬£¬£¬£¬£¬£¬³É¹¦ÀûÓø÷ì϶¿ÉÄܵ¼ÖÂÔ¶³Ì´úÂëÖ´ÐС£¡£¡£¡£¡£


¶þ¡¢Ó°ÏìÁìÓò


Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server 2025

Windows 11 Version 24H2 for x64-based Systems

Windows 11 Version 24H2 for ARM64-based Systems

Windows Server 2022, 23H2 Edition (Server Core installation)

Windows 11 Version 23H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows Server 2025 (Server Core installation)

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems


Èý¡¢°²È«´ëÊ©


3.1 Éý¼¶°æ±¾


Ŀǰ΢ÈíÒÑ°ä²¼¸Ã·ì϶µÄ°²È«¸üУ¬£¬£¬£¬£¬£¬£¬ÊÜÓ°ÏìµÄÓû§¿ÉÔÚ¸üпÉÓÃʱʵʱ½¨¸´¡£¡£¡£¡£¡£

£¨Ò»£© Windows Update×Ô¶¯¸üÐÂ

Microsoft UpdateĬÈÏÆôÓ㬣¬£¬£¬£¬£¬£¬µ±ÏµÍ³¼ì²âµ½¿ÉÓøüÐÂʱ£¬£¬£¬£¬£¬£¬£¬½«»á×Ô¶¯ÏÂÔظüв¢±ÉÈËÒ»´ÎÆô¶¯Ê±×°Öᣡ£¡£¡£¡£Ò²¿ÉÑ¡Ôñͨ¹ýÒÔϲ½ÖèÊÖ¶¯½øÐиüУº

1¡¢µã»÷¡°ÆðÍ·²Ëµ¥¡±»ò°´Windows¿ì½Ý¼ü£¬£¬£¬£¬£¬£¬£¬µã»÷½øÈë¡°ÉèÖá±

2¡¢Ñ¡Ôñ¡°¸üкͰ²È«¡±£¬£¬£¬£¬£¬£¬£¬½øÈë¡°Windows¸üС±£¨Windows 8¡¢Windows 8.1¡¢Windows Server 2012ÒÔ¼°Windows Server 2012 R2¿Éͨ¹ý½ÚÔìÃæ°å½øÈë¡°Windows¸üС±£¬£¬£¬£¬£¬£¬£¬¾ßÌå²½ÖèΪ¡°½ÚÔìÃæ°å¡±->¡°ÏµÍ³ºÍ°²È«¡±->¡°Windows¸üС±£©

3¡¢Ñ¡Ôñ¡°²é³­¸üС±£¬£¬£¬£¬£¬£¬£¬ÆÚ´ýϵͳ×Ô¶¯²é³­²¢ÏÂÔØ¿ÉÓøüС£¡£¡£¡£¡£

4¡¢¸üÐÂʵÏÖºó³ÁÆôÍÆËã»ú£¬£¬£¬£¬£¬£¬£¬¿Éͨ¹ý½øÈë¡°Windows¸üС±->¡°²é¿´¸üк¹Çà¼Í¼¡±²é¿´ÊÇ·ñ³É¹¦×°ÖÃÁ˸üС£¡£¡£¡£¡£¶ÔÓÚûÓгɹ¦×°ÖõĸüУ¬£¬£¬£¬£¬£¬£¬Äܹ»µã»÷¸Ã¸üÐÂÃû³Æ½øÈë΢Èí¹Ù·½¸üÐÂÃèÊöÁ´½Ó£¬£¬£¬£¬£¬£¬£¬µã»÷×îеÄSSUÃû³Æ²¢ÔÚÐÂÁ´½ÓÖеã»÷¡°Microsoft ¸üÐÂĿ¼¡±£¬£¬£¬£¬£¬£¬£¬¶øºóÔÚÐÂÁ´½Óµ±Ñ¡ÔñºÏÓÃÓÚÖ¸±êϵͳµÄ²¹¶¡½øÐÐÏÂÔز¢×°Öᣡ£¡£¡£¡£

£¨¶þ£© ÊÖ¶¯×°ÖøüÐÂ

Microsoft¹Ù·½ÏÂÔØÏàÓ¦²¹¶¡½øÐиüС£¡£¡£¡£¡£


ÏÂÔØÁ´½Ó£º

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112


3.2 һʱ´ëÊ©


ÔÝÎÞ¡£¡£¡£¡£¡£


3.3 ͨÓý¨Òé


¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¡£¡£¡£¡£¬£¬£¬£¬£¬£¬£¬Ï÷¼õϵͳ·ì϶£¬£¬£¬£¬£¬£¬£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£¡£¡£¡£¡£

¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔ죬£¬£¬£¬£¬£¬£¬Åú¸Ä·À»ðǽսÊõ£¬£¬£¬£¬£¬£¬£¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬£¬£¬£¬£¬£¬£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬£¬£¬£¬£¬£¬£¬Ï÷¼õ¹¥»÷Ãæ¡£¡£¡£¡£¡£

ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬£¬£¬£¬£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£¡£¡£¡£¡£

¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬£¬£¬£¬£¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò£¬£¬£¬£¬£¬£¬£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏ޶ȡ£¡£¡£¡£¡£

? ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£¡£¡£¡£¡£


3.4 ²Î¿¼Á´½Ó


https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49112/

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112


ËÄ¡¢°æ±¾ÐÅÏ¢


°æ±¾

ÈÕÆÚ

±¸×¢

V1.0

2025-01-02

³õ´Î°ä²¼

 

Îå¡¢¸½Â¼


5.1 8827Ì«Ñô¼¯Íżò½é


8827Ì«Ñô¼¯ÍųÉÁ¢ÓÚ1996Ä꣬£¬£¬£¬£¬£¬£¬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ´´½¨µÄ¡¢Õ¼ÓÐÆëÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢°²È«¸ß¿Æ¼¼ÆóÒµ¡£¡£¡£¡£¡£ÊǹúÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢°²È«²úÆ·¡¢°²È«·þÎñ½â¾ö¹æ»®µÄÁ캽ÆóÒµÖ®Ò»¡£¡£¡£¡£¡£


¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°8827Ì«Ñô¼¯ÍÅ´óÏ㬣¬£¬£¬£¬£¬£¬¹«Ë¾Ô±¹¤6000ÓàÈË£¬£¬£¬£¬£¬£¬£¬Ñз¢ÍŶÓ1200ÓàÈË, ¼¼Êõ·þÎñÍŶÓ1300ÓàÈË¡£¡£¡£¡£¡£ÔÚÈ«¹ú¸÷Ê¡¡¢ÊÓ×¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬£¬£¬£¬£¬£¬£¬Õ¼Óи²¸ÇÈ«¹úµÄÏúÊÛϵͳ¡¢Çþ·ϵͳºÍ¼¼ÊõÖ§³Öϵͳ¡£¡£¡£¡£¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÀö½­ÖÐÓ×°å¹ÒÅÆÉÏÊС£¡£¡£¡£¡££¨¹ÉƱ´úÂ룺002439£©


¶àÄêÀ´£¬£¬£¬£¬£¬£¬£¬8827Ì«Ñô¼¯ÍÅÖÂÁ¦ÓÚÌṩӵÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷´´Ðµİ²È«²úÆ·ºÍ×î¼Ñʵ¼Ê·þÎñ£¬£¬£¬£¬£¬£¬£¬Ô®ÊÖ¿Í»§È«ÃæÌáÉýÆäIT»ù´¡ÉèÊ©µÄ°²È«ÐԺͳö²úЧÁ¦£¬£¬£¬£¬£¬£¬£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢°²È«²úÒµÁì¾üÆ·Åƶø²»Ð¸ÖÂÁ¦¡£¡£¡£¡£¡£


5.2 ¹ØÓÚ8827Ì«Ñô¼¯ÍÅ


8827Ì«Ñô¼¯ÍÅ°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄÒÑ°ä²¼1000¶à¸ö·ì϶¹«¸æ΢·çÏÕÔ¤¾¯£¬£¬£¬£¬£¬£¬£¬ÎÒÃǽ«³ÖÐø¸ú×ÙÈ«Çò×îеÄÍøÂ簲ȫÊÂÎñºÍ·ì϶£¬£¬£¬£¬£¬£¬£¬ÎªÆóÒµµÄÐÅÏ¢°²È«±£¼Ý»¤º½¡£¡£¡£¡£¡£


¹Ø×¢ÎÒÃÇ£º


°²È«¼òѶ.jpg