Описание
Windows PKU2U Elevation of Privilege Vulnerability
FAQ
What is PKU2U?
PKU2U is a peer-to-peer authentication protocol. This setting prevents online identities from authenticating to domain-joined systems. Authentication will be centrally managed with Windows user accounts.
How do I know if my servers are exploitable by this vulnerability?
If your servers are not configured to allow the use of PKU2U authentication, they would not be vulnerable. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you do not use PKU2U authentication. Please see Network security Allow PKU2U authentication requests to this computer to use online identities for more information.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows 7 for 32-bit Systems Service Pack 1 | ||
| Windows 7 for x64-based Systems Service Pack 1 | ||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | ||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | ||
| Windows Server 2012 | ||
| Windows Server 2012 (Server Core installation) | ||
| Windows 8.1 for 32-bit systems | ||
| Windows 8.1 for x64-based systems | ||
| Windows Server 2012 R2 | ||
| Windows RT 8.1 | - |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
7.8 High
CVSS3
Связанные уязвимости
Windows PKU2U Elevation of Privilege Vulnerability
Уязвимость реализации протокола аутентификации PKU2U операционных систем Windows, позволяющая нарушителю повысить свои привилегии
EPSS
7.8 High
CVSS3