时时博在线娱乐城-百家乐代理 -禁毒法规定娱乐场所应当建立什么制度?

網(wǎng)絡(luò)安全

關(guān)于Windows Lightweight Directory Access Protocol遠(yuǎn)程代碼執(zhí)行漏洞(CVE-2024-49112)的預(yù)警提示

2025-01-06

一、漏洞詳情

Windows Lightweight Directory Access Protocol (LDAP)是一種基于LDAP協(xié)議的輕量級(jí)目錄訪(fǎng)問(wèn)協(xié)議,廣泛用于Windows Active Directory (AD)環(huán)境中,用來(lái)訪(fǎng)問(wèn)和管理目錄服務(wù)信息。

近日,監(jiān)測(cè)到Windows Lightweight Directory Access Protocol遠(yuǎn)程代碼執(zhí)行漏洞(CVE-2024-49112)。Windows LDAP服務(wù)的wldap32.dll中存在整數(shù)溢出問(wèn)題,攻擊者可以通過(guò)未認(rèn)證的特制DCE/RPC調(diào)用(或通過(guò)其他方式)誘使目標(biāo)服務(wù)器(作為L(zhǎng)DAP客戶(hù)端)向攻擊者控制的惡意LDAP服務(wù)器發(fā)起查詢(xún)請(qǐng)求,當(dāng)惡意LDAP服務(wù)器返回特制的、惡意構(gòu)造的響應(yīng)時(shí),可能觸發(fā)目標(biāo)服務(wù)器中的漏洞,進(jìn)而導(dǎo)致LSASS崩潰,引發(fā)系統(tǒng)重啟,并可能進(jìn)一步利用該漏洞導(dǎo)致遠(yuǎn)程代碼執(zhí)行。

建議受影響用戶(hù)做好資產(chǎn)自查以及預(yù)防工作,以免遭受黑客攻

二、影響范圍

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server 2025

Windows 11 Version 24H2 for x64-based Systems

Windows 11 Version 24H2 for ARM64-based Systems

Windows Server 2022, 23H2 Edition (Server Core installation)

Windows 11 Version 23H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows Server 2025 (Server Core installation)

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

三、修復(fù)建議

目前微軟已發(fā)布該漏洞的安全更新,受影響的用戶(hù)可在更新可用時(shí)及時(shí)修復(fù)。