0x00 引言
Windows 操作系统中包含一项名为 Microsoft Remote Registry Service(远程注册表服务)的功能,允许用户通过网络远程访问和管理目标系统的注册表内容。
0x01 漏洞概述
该漏洞的成因在于,当 Microsoft Remote Registry 客户端检测到 SMB 传输不可用时,会自动回退至使用 RPC(远程过程调用)进行认证,并切换到较旧的通信协议(如 TCP/IP),同时采用较低的安全认证级别(RPC_C_AUTHN_LEVEL_CONNECT)。此认证级别无法确保通信的完整性或身份真实性,导致攻击者可借此漏洞拦截 NTLM 身份验证过程,并将认证凭据中继至其他服务(例如 ADCS),从而实施 NTLM 中继攻击。通过该方式,攻击者可能非法创建域管理员账户,甚至完全控制整个域环境。
0x02 CVE 编号
CVE-2024-43532
0x03 受影响版本
Windows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2012Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1607 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 for 32-bit SystemsWindows 11 Version 24H2 for x64-based SystemsWindows 11 Version 24H2 for ARM64-based SystemsWindows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2 for x64-based SystemsWindows 11 Version 23H2 for ARM64-based SystemsWindows 10 Version 22H2 for 32-bit SystemsWindows 10 Version 22H2 for ARM64-based SystemsWindows 10 Version 22H2 for x64-based SystemsWindows 11 Version 22H2 for x64-based SystemsWindows 11 Version 22H2 for ARM64-based SystemsWindows 10 Version 21H2 for x64-based SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows 10 Version 21H2 for 32-bit SystemsWindows 11 version 21H2 for ARM64-based SystemsWindows 11 version 21H2 for x64-based SystemsWindows Server 2022 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2019Windows 10 Version 1809 for x64-based SystemsWindows 10 Version 1809 for 32-bit Systems
0x04 漏洞验证
POC 地址:
https://www.php.cn/link/5142f159455fdf571ab0d67b89fa64f5
0x05 参考资料
https://www.php.cn/link/f1a64a0e360d5ddaf0a3b33c67e3c016
https://www.php.cn/link/5142f159455fdf571ab0d67b89fa64f5
以上就是CVE-2024-43532|Microsoft Remote Registry Service特权提升漏洞(POC)的详细内容,更多请关注php中文网其它相关文章!
每个人都需要一台速度更快、更稳定的 PC。随着时间的推移,垃圾文件、旧注册表数据和不必要的后台进程会占用资源并降低性能。幸运的是,许多工具可以让 Windows 保持平稳运行。
广告Copyright 2014-2025 https://www.php.cn/ All Rights Reserved | php.cn | 湘ICP备2023035733号
692
收藏
