2020年7月15日,金山云安全應急響應中心監(jiān)測到微軟發(fā)布補丁修復了一個DNS Sever遠程代碼執(zhí)行漏洞��。
該漏洞風險等級高且利用門檻低�,建議廣大用戶及時更新系統(tǒng)補丁或采取暫緩措施��,避免被黑客攻擊造成損失�����。
漏洞編號
CVE-2020-1350
風險等級
高危
漏洞描述
微軟官方將該漏洞分類為“蠕蟲級”高危漏洞�����,該漏洞可通過惡意軟件在易受攻擊的計算機之間傳播����,無需用戶干預。CVSS評分為10分���,高危且易利用�����。
利用此漏洞�,未經身份驗證的攻擊者可以通過發(fā)送特殊構造的數(shù)據(jù)包到目標DNS Server以達到遠程代碼執(zhí)行的效果���。如果域控制器上存在DNS服務��,攻擊者利用此漏洞可獲取到域控制器的系統(tǒng)權限����。
影響版本
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core)
Windows Server 2012
Windows Server 2012 (Server Core)
Windows Server 2012
Windows Server 2012 (Server Core)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core)
Windows Server 2016
Windows Server 2016 (Server Core)
Windows Server 2019
Windows Server 2019 (Server Core)
Windows Server, version 1903 (Server Core)
Windows Server, version 1909 (Server Core)
Windows Server, version 2004 (Server Core)
修復建議
1. 更新系統(tǒng)補?。呵巴④浌俜较螺d相應補丁進行更新
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
【備注】:建議您在安裝補丁前做好數(shù)據(jù)備份工作,避免出現(xiàn)意外。
2. 如不方便升級��,可運行如下命令緩解該漏洞(注意:必須重新啟動DNS服務才能生效):
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v "TcpReceivePacketSize" /t REG_DWORD /d 0xFF00 /f
net stop DNS && net start DNS
參考鏈接
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
https://msrc-blog.microsoft.com/2020/07/14/july-2020-security-update-cve-2020-1350-vulnerability-in-windows-domain-name-system-dns-server/
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jul
北京金山云網(wǎng)絡技術有限公司
2020/07/15