• 我的位置:
  • 首頁
  • -
  • 漏洞預警
  • -
  • 操作系統(tǒng)
  • -
    • Windows Advanced Local Procedure Call 權限提升漏洞
    • CNNVD編號:未知
    • 危害等級: 未知
    • CVE編號:CVE-2022-30160
    • 漏洞類型: 本地權限提升
    • 威脅類型:未知
    • 廠       商:未知
    • 漏洞來源:深信服
    • 發(fā)布時間:2022-06-24
    • 更新時間:2022-06-24

    漏洞簡介

    2022年06月15日,深信服安全團隊監(jiān)測到 ALPC 組件存在權限提升漏洞,漏洞編號:CVE-2022-30160,漏洞威脅等級:高危。

    攻擊者可利用該漏洞在獲得權限的情況下,構造惡意程序進行權限提升攻擊,最終可獲取服務器最高權限。

    漏洞公示

    暫無

    參考網(wǎng)站

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30160

    受影響實體

    以下版本的操作系統(tǒng)受漏洞影響:

    Windows 10 for 32-bit Systems

    Windows 10 for x64-based Systems

    Windows 10 Version 1607 for 32-bit Systems

    Windows 10 Version 1607 for x64-based Systems

    Windows 10 Version 1809 for 32-bit Systems

    Windows 10 Version 1809 for ARM64-based Systems

    Windows 10 Version 1809 for x64-based Systems

    Windows 10 Version 20H2 for 32-bit Systems

    Windows 10 Version 20H2 for ARM64-based Systems

    Windows 10 Version 20H2 for x64-based Systems

    Windows 10 Version 21H1 for 32-bit Systems

    Windows 10 Version 21H1 for ARM64-based Systems

    Windows 10 Version 21H1 for x64-based Systems

    Windows 10 Version 21H2 for 32-bit Systems

    Windows 10 Version 21H2 for ARM64-based Systems

    Windows 10 Version 21H2 for x64-based Systems

    Windows 11 for ARM64-based Systems

    Windows 11 for x64-based Systems

    Windows 7 for 32-bit Systems Service Pack 1

    Windows 7 for x64-based Systems Service Pack 1

    Windows 8.1 for 32-bit systems

    Windows 8.1 for x64-based systems

    Windows RT 8.1

    Windows Server 2008 for 32-bit Systems Service Pack 2

    Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

    Windows Server 2008 for x64-based Systems Service Pack 2

    Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

    Windows Server 2008 R2 for x64-based Systems Service Pack 1

    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

    Windows Server 2012

    Windows Server 2012 (Server Core installation)

    Windows Server 2012 R2

    Windows Server 2012 R2 (Server Core installation)

    Windows Server 2016

    Windows Server 2016  (Server Core installation)

    Windows Server 2019

    Windows Server 2019  (Server Core installation)

    Windows Server 2022

    Windows Server 2022 (Server Core installation)

    Windows Server 2022 Azure Edition Core Hotpatch

    Windows Server version 20H2 (Server Core Installan)

    補丁

    當前官方已發(fā)布受影響版本的對應補丁,建議受影響的用戶及時更新官方的安全補丁。鏈接如下:

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30160



    打補丁方法:

    1. 打開上述鏈接,根據(jù)系統(tǒng)版本選擇對應的補丁包進行下載。

    2. 在需要打補丁的 Windows 系統(tǒng)中運行補丁包。