Windows DNS Server遠程代碼執行漏洞
2020年7月14日,武漢雲之巅監測到微軟發(fā)布補丁修複了一個标注爲遠程代碼執行的DNS Server漏洞(CVE-2020-1350),官方分類爲“可蠕蟲級”高危漏洞。目前微軟官方已提供臨時緩解措施以及相應的月度安全補丁修複該漏洞。
漏洞描述
微軟官方于7月14日發(fā)布安全更新,其中修複了一個标注爲遠程代碼執行的DNS Server漏洞(CVE-2020-1350),官方分類爲“可蠕蟲級”高危漏洞。未經(jīng)身份驗證的攻擊者可以發(fā)送特殊構造的數據包到目标DNS Server來利用此漏洞,成(chéng)功利用此漏洞可能(néng)達到遠程代碼執行的效果。如果域控制器上存在DNS服務,攻擊者可利用此漏洞獲取到域控制器的系統權限。武漢雲之巅提醒 Windows 用戶盡快采取安全措施阻止漏洞攻擊。
漏洞評級
CVE-2020-1350 高危
影響版本
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core)
Windows Server 2012
Windows Server 2012 (Server Core)
Windows Server 2012
Windows Server 2012 (Server Core)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core)
Windows Server 2016
Windows Server 2016 (Server Core)
Windows Server 2019
Windows Server 2019 (Server Core)
Windows Server, version 1903 (Server Core)
Windows Server, version 1909 (Server Core)
Windows Server, version 2004 (Server Core)
安全建議
1、緩解措施。修改 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters 中TcpReceivePacketSize的值爲0xFF00,并重啓DNS Service。
2、前往微軟官方下載相應補丁進(jìn)行更新 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
3、阿裡(lǐ)雲雲安全中心Windows系統漏洞模塊已支持對(duì)該漏洞補丁一鍵檢測和修複,詳情登陸雲安全中心
Windows Server 2008 (官方已停止免費補丁維護,需購買微軟ESU服務,建議放棄使用:https://www.microsoft.com/en-us/windows-server/extended-security-updates)
Windows Server 2012 補丁:KB4565537
Windows Server 2012 R2 補丁:KB4565541
Windows Server 2016 補丁:KB4565511
Windows Server 2019 補丁:KB4558998
相關鏈接
SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350