¡¾·ì϶¹«¸æ¡¿Microsoft Windows Îļþ×ÊÔ´ÖÎÀíÆ÷ºýŪ·ì϶(CVE-2025-50154)

°ä²¼¹¦·ò 2025-08-14

Ò»¡¢·ì϶¸ÅÊö


·ì϶Ãû³Æ

Microsoft Windows Îļþ×ÊÔ´ÖÎÀíÆ÷ºýŪ·ì϶

CVE   ID

CVE-2025-50154

·ì϶ÀàÐÍ

ºýŪ·ì϶

·¢ÏÖ¹¦·ò

2025-08-14

·ì϶ÆÀ·Ö

7.5

·ì϶µÈ¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

²»±ØÒª

PoC/EXP

Òѹ«¿ª

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ


WindowsÎļþ×ÊÔ´ÖÎÀíÆ÷ÊÇMicrosoft Windows²Ù×÷ϵͳÄÚÖõÄͼÐλ¯ÎļþÖÎÀí¹¤¾ß£¬£¬ÓÃÓÚä¯ÀÀ¡¢ÖÎÀíºÍ²Ù×÷±¾µØ¼°ÍøÂçÉϵÄÎļþºÍÎļþ¼Ð¡£ËüÖ§³Ö¸´ÖÆ¡¢Òƶ¯¡¢É¾³ý¡¢Öض¨ÃûµÈÎļþ²Ù×÷£¬£¬²¢ÌṩËÑË÷¡¢Ô¤ÀÀ¡¢ÊôÐԲ鿴µÈÖ°ÄÜ£¬£¬Í¬Ê±Óëϵͳ×ÀÃæ¡¢¹¤×÷À¸ºÍÀûÓ÷¨Ê½çÇÃܼ¯³É£¬£¬ÊÇÓû§ÓëÎļþϵͳ½»»¥µÄÖ÷Ìâ½çÃæ¡£


2025Äê8ÔÂ14ÈÕ£¬£¬OG¶«·½Ìü¼¯ÍÅVSRC¼à²âµ½Microsoft WindowsÎļþ×ÊÔ´ÖÎÀíÆ÷ºýŪ·ì϶£¨CVE-2025-50154£©µÄPOCÓë¼¼Êõϸ½ÚÒѹ«¿ª¡£¸Ã·ì϶ÀûÓÃÁãµã»÷»úÖÆ£¬£¬ÔÚ´¦ÖÃÔ¶³Ìͼ±êµÈ×ÊԴʱ»á×Ô¶¯´¥·¢NTLMÉí·ÝÑéÖ¤£¬£¬¹¥»÷Õ߿ɽè´ËÇÔÈ¡¹þÏ£²¢½øÐÐÆƽâ»òÖмÌ£¬£¬´Ó¶øʵÏÖδÊÚȨ½Ó¼û¡¢È¨ÏÞÌáÉý»òºáÏòÒƶ¯¡£¸Ã·ì϶ÈƹýÁË΢ÈíÓÚ2025Äê3ÔÂÕë¶ÔCVE-2025-24054°ä²¼µÄ²¹¶¡¡£·ì϶ÆÀ·Ö7.5£¬£¬·ì϶¼¶±ð¸ßΣ¡£¡£¡£


¶þ¡¢Ó°ÏìÁìÓò


Windows 10 Version 1809 32-bit Systems, x64-based Systems
Windows Server 2019 x64-based Systems
Windows Server 2019 (Server Core installation) x64-based Systems
Windows Server 2022 x64-based Systems
Windows 10 Version 21H2 32-bit Systems, ARM64-based Systems, x64-based Systems
Windows 11 version 22H2 ARM64-based Systems, x64-based Systems
Windows 10 Version 22H2 x64-based Systems, ARM64-based Systems, 32-bit Systems
Windows Server 2025 (Server Core installation) x64-based Systems
Windows 11 version 22H3 ARM64-based Systems
Windows 11 Version 23H2 x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation) x64-based Systems
Windows 11 Version 24H2 ARM64-based Systems, x64-based Systems
Windows Server 2025 x64-based Systems
Windows 10 Version 1507 32-bit Systems, x64-based Systems
Windows 10 Version 1607 32-bit Systems, x64-based Systems
Windows Server 2016 x64-based Systems
Windows Server 2016 (Server Core installation) x64-based Systems
Windows Server 2008 Service Pack 2 32-bit Systems
Windows Server 2008 Service Pack 2 (Server Core installation) 32-bit Systems, x64-based Systems
Windows Server 2008 Service Pack 2 x64-based Systems
Windows Server 2008 R2 Service Pack 1 x64-based Systems
Windows Server 2008 R2 Service Pack 1 (Server Core installation) x64-based Systems
Windows Server 2012 x64-based Systems
Windows Server 2012 (Server Core installation) x64-based Systems
Windows Server 2012 R2 x64-based Systems
Windows Server 2012 R2 (Server Core installation) x64-based Systems¡£


Èý¡¢°²È«´ëÊ©


3.1 Éý¼¶°æ±¾


Microsoft¹Ù·½ÒÑ°ä²¼°²È«²¹¶¡£¬£¬½¨ÒéÓû§¾¡¿ìÉý¼¶¡£


ÏÂÔØÁ´½Ó£º£ºhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50154


3.2 һʱ´ëÊ©


ÔÝÎÞ¡£


3.3 ͨÓý¨Òé


? ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬£¬Ï÷¼õϵͳ·ì϶£¬£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£
¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÖÆ£¬£¬Åú¸Ä·À»ðǽսÊõ£¬£¬¹Ø±Õ·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬£¬Ï÷¼õ¹¥»÷Ãæ¡£
ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£
¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬ÆôÓöà³É·ÖÈÏÖ¤»úÖƺÍ×îСȨÏÞ×¼Ôò£¬£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏ޶ȡ£
ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£


3.4 ²Î¿¼Á´½Ó


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50154/
https://www.cve.org/CVERecord?id=CVE-2025-50154
https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154