CNNVD-202601-2032 Information
CNNVD ID
CNNVD-202601-2032
Related CVE
- CNNVD Published: 2026-01-13
Description (Chinese)
Microsoft Windows Deployment Services是美国微软(Microsoft)公司的Windows部署服务(远程安装服务 (RIS) 的更新和重新设计版本)的设置容器,可以使用它通过基于网络的无人值守安装来设置新计算机。 Microsoft Windows Deployment Services存在访问控制错误漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows Server 2025 (Server Core installation),Windows Server 2022, 23H2 Edition (Server Core installation),Windows Server 2025,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。
Description (English)
Microsoft Windows Development Services is an installation container for the Windows deployment service (updated and redesigned version of the Remote Installation Service (RIS)) of Microsoft, United States, which can be used to set up new computers through network-based unmanned duty station installations. Microsoft Windows Development Services has access control bugs. The attackers used the loophole to implement the code remotely. The following products and versions have been affected: Windows Server 2019, Windows Server 2019 (Server Corporation), Windows Server 2022 (Server Corporation), Windows Server 2025 (Server Corporation), Windows Server 2022 (Server Corporation), Windows Server 2022, 23Hst Order 2008 (Server Code Service Service), Windows Switcher 2027 (Server Porter 2012Retter 2025, Windows Switcher 2012Retter 2016, Windows Server Services 2008 Building Building 2008SovererSovererShower-SovererShower-Soverer-Soverers)
Hazard Level
Medium
Vulnerability Type
访问控制错误
Affected Vendor
微软
Published
2026-01-13
Last Modified
2026-02-24
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0386
Patch
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0386
Share on: