2020年7月15日�,金山云安全應(yīng)急響應(yīng)中心監(jiān)測(cè)到微軟發(fā)布補(bǔ)丁修復(fù)了一個(gè)DNS Sever遠(yuǎn)程代碼執(zhí)行漏洞。
該漏洞風(fēng)險(xiǎn)等級(jí)高且利用門檻低�����,建議廣大用戶及時(shí)更新系統(tǒng)補(bǔ)丁或采取暫緩措施�,避免被黑客攻擊造成損失。
漏洞編號(hào)
CVE-2020-1350
風(fēng)險(xiǎn)等級(jí)
高危
漏洞描述
微軟官方將該漏洞分類為“蠕蟲(chóng)級(jí)”高危漏洞��,該漏洞可通過(guò)惡意軟件在易受攻擊的計(jì)算機(jī)之間傳播�����,無(wú)需用戶干預(yù)�。CVSS評(píng)分為10分,高危且易利用�����。
利用此漏洞,未經(jīng)身份驗(yàn)證的攻擊者可以通過(guò)發(fā)送特殊構(gòu)造的數(shù)據(jù)包到目標(biāo)DNS Server以達(dá)到遠(yuǎn)程代碼執(zhí)行的效果��。如果域控制器上存在DNS服務(wù)�����,攻擊者利用此漏洞可獲取到域控制器的系統(tǒng)權(quán)限��。
影響版本
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core)
Windows Server 2012
Windows Server 2012 (Server Core)
Windows Server 2012
Windows Server 2012 (Server Core)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core)
Windows Server 2016
Windows Server 2016 (Server Core)
Windows Server 2019
Windows Server 2019 (Server Core)
Windows Server, version 1903 (Server Core)
Windows Server, version 1909 (Server Core)
Windows Server, version 2004 (Server Core)
修復(fù)建議
1. 更新系統(tǒng)補(bǔ)?�。呵巴④浌俜较螺d相應(yīng)補(bǔ)丁進(jìn)行更新
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
【備注】:建議您在安裝補(bǔ)丁前做好數(shù)據(jù)備份工作��,避免出現(xiàn)意外���。
2. 如不方便升級(jí)�,可運(yùn)行如下命令緩解該漏洞(注意:必須重新啟動(dòng)DNS服務(wù)才能生效):
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v "TcpReceivePacketSize" /t REG_DWORD /d 0xFF00 /f
net stop DNS && net start DNS
參考鏈接
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
https://msrc-blog.microsoft.com/2020/07/14/july-2020-security-update-cve-2020-1350-vulnerability-in-windows-domain-name-system-dns-server/
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jul
北京金山云網(wǎng)絡(luò)技術(shù)有限公司
2020/07/15