¡¾·ì϶¹«¸æ¡¿Microsoft Windows Îļþ×ÊÔ´ÖÎÀíÆ÷ºýŪ·ì϶(CVE-2025-50154)

°ä²¼¹¦·ò 2025-08-14

Ò»¡¢·ì϶¸ÅÊö


·ìϼûû³Æ

Microsoft Windows Îļþ×ÊÔ´ÖÎÀíÆ÷ºýŪ·ì϶

CVE   ID

CVE-2025-50154

·ì϶ÀàÐÍ

ºýŪ·ì϶

·¢ÏÖ¹¦·ò

2025-08-14

·ì϶ÆÀ·Ö

7.5

·ì϶µÈ¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

²»±ØÒª

PoC/EXP

Òѹ«¿ª

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ


WindowsÎļþ×ÊÔ´ÖÎÀíÆ÷ÊÇMicrosoft Windows²Ù×÷ϵͳÄÚÖõÄͼÐλ¯ÎļþÖÎÀí¹¤¾ß £¬ÓÃÓÚä¯ÀÀ¡¢ÖÎÀíºÍ²Ù×÷±¾µØ¼°ÍøÂçÉϵÄÎļþºÍÎļþ¼Ð ¡£ËüÖ§³Ö¸´Ôì¡¢Òƶ¯¡¢É¾³ý¡¢³Á¶¨ÃûµÈÎļþ²Ù×÷ £¬²¢ÌṩËÑË÷¡¢Ô¤ÀÀ¡¢ÊôÐԲ鿴µÈÖ°ÄÜ £¬Í¬Ê±Óëϵͳ×ÀÃæ¡¢¹¤×÷À¸ºÍÀûÓ÷¨Ê½çÇÃܼ¯³É £¬ÊÇÓû§ÓëÎļþϵͳ½»»¥µÄÖ÷Ìâ½çÃæ ¡£


2025Äê8ÔÂ14ÈÕ £¬GA»Æ½ð¼×¼¯ÍÅVSRC¼à²âµ½Microsoft WindowsÎļþ×ÊÔ´ÖÎÀíÆ÷ºýŪ·ì϶£¨CVE-2025-50154£©µÄPOCÓë¼¼Êõϸ½ÚÒѹ«¿ª ¡£¸Ã·ì϶ÀûÓÃÁãµã»÷»úÔì £¬ÔÚ´¦ÖÃÔ¶³Ìͼ±êµÈ×ÊԴʱ»á×Ô¶¯´¥·¢NTLMÉí·ÝÑéÖ¤ £¬¹¥»÷Õ߿ɽè´ËÇÔÈ¡¹þÏ£²¢½øÐÐÆƽâ»òÖÐ¼Ì £¬´Ó¶øʵÏÖδÊÚȨ½Ó¼û¡¢È¨ÏÞÌáÉý»òºáÏòÒƶ¯ ¡£¸Ã·ì϶ÈƹýÁË΢ÈíÓÚ2025Äê3ÔÂÕë¶ÔCVE-2025-24054°ä²¼µÄ²¹¶¡ ¡£·ì϶ÆÀ·Ö7.5 £¬·ì϶¼¶±ð¸ßΣ ¡£


¶þ¡¢Ó°ÏìÁìÓò


Windows 10 Version 1809 32-bit Systems, x64-based Systems
Windows Server 2019 x64-based Systems
Windows Server 2019 (Server Core installation) x64-based Systems
Windows Server 2022 x64-based Systems
Windows 10 Version 21H2 32-bit Systems, ARM64-based Systems, x64-based Systems
Windows 11 version 22H2 ARM64-based Systems, x64-based Systems
Windows 10 Version 22H2 x64-based Systems, ARM64-based Systems, 32-bit Systems
Windows Server 2025 (Server Core installation) x64-based Systems
Windows 11 version 22H3 ARM64-based Systems
Windows 11 Version 23H2 x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation) x64-based Systems
Windows 11 Version 24H2 ARM64-based Systems, x64-based Systems
Windows Server 2025 x64-based Systems
Windows 10 Version 1507 32-bit Systems, x64-based Systems
Windows 10 Version 1607 32-bit Systems, x64-based Systems
Windows Server 2016 x64-based Systems
Windows Server 2016 (Server Core installation) x64-based Systems
Windows Server 2008 Service Pack 2 32-bit Systems
Windows Server 2008 Service Pack 2 (Server Core installation) 32-bit Systems, x64-based Systems
Windows Server 2008 Service Pack 2 x64-based Systems
Windows Server 2008 R2 Service Pack 1 x64-based Systems
Windows Server 2008 R2 Service Pack 1 (Server Core installation) x64-based Systems
Windows Server 2012 x64-based Systems
Windows Server 2012 (Server Core installation) x64-based Systems
Windows Server 2012 R2 x64-based Systems
Windows Server 2012 R2 (Server Core installation) x64-based Systems ¡£


Èý¡¢°²È«´ëÊ©


3.1 Éý¼¶°æ±¾


Microsoft¹Ù·½ÒÑ°ä²¼°²È«²¹¶¡ £¬½¨ÒéÓû§¾¡¿ìÉý¼¶ ¡£


ÏÂÔØÁ´½Ó£ºhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50154


3.2 һʱ´ëÊ©


ÔÝÎÞ ¡£


3.3 ͨÓý¨Òé


? ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡ £¬Ï÷¼õϵͳ·ì϶ £¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ ¡£
¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔì £¬Åú¸Ä·À»ðǽսÊõ £¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ £¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø £¬Ï÷¼õ¹¥»÷Ãæ ¡£
ʹÓÃÆóÒµ¼¶°²È«²úÆ· £¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ ¡£
¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí £¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò £¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏÞ¶È ¡£
ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä ¡£


3.4 ²Î¿¼Á´½Ó


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50154/
https://www.cve.org/CVERecord?id=CVE-2025-50154
https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154