7月15日,金山云安全应急响应中心监测到微软发布补丁修复了一个DNSSever远程代码执行漏洞。
该漏洞风险等级高且利用门槛低,建议广大用户及时更新系统补丁或采取暂缓措施,避免被黑客攻击造成损失。
漏洞编号
CVE--1350
漏洞描述
微软官方将该漏洞分类为“蠕虫级”高危漏洞,该漏洞可通过恶意软件在易受攻击的计算机之间传播,无需用户干预。CVSS评分为10分,高危且易利用。
利用此漏洞,未经身份验证的攻击者可以通过发送特殊构造的数据包到目标DNS Server以达到远程代码执行的效果。如果域控制器上存在DNS服务,攻击者利用此漏洞可获取到域控制器的系统权限。
风险等级
高危
影响版本
Windows Server for 32-bit Systems Service Pack 2
Windows Server for 32-bit Systems Service Pack 2 (Server Core)
Windows Server for x64-based Systems Service Pack 2
Windows Server for x64-based Systems Service Pack 2 (Server Core)
Windows Server for 32-bit Systems Service Pack 2
Windows Server for 32-bit Systems Service Pack 2 (Server Core)
Windows Server for x64-based Systems Service Pack 2
Windows Server for x64-based Systems Service Pack 2 (Server Core)
Windows Server R2 for x64-based Systems Service Pack 1
Windows Server R2 for x64-based Systems Service Pack 1 (Server Core)
Windows Server R2 for x64-based Systems Service Pack 1
Windows Server R2 for x64-based Systems Service Pack 1 (Server Core)
Windows Server
Windows Server (Server Core)
Windows Server
Windows Server (Server Core)
Windows Server R2
Windows Server R2 (Server Core)
Windows Server R2
Windows Server R2 (Server Core)
Windows Server
Windows Server (Server Core)
Windows Server
Windows Server (Server Core)
Windows Server, version 1903 (Server Core)
Windows Server, version 1909 (Server Core)
Windows Server, version (Server Core)
修复建议
1.更新系统补丁:前往微软官方下载相应补丁进行更新
https://portal./en-US/security-guidance/advisory/CVE--1350
【备注】:建议您在安装补丁前做好数据备份工作,避免出现意外。
2.如不方便升级,可运行如下命令缓解该漏洞(注意:必须重新启动DNS服务才能生效)
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v "TcpReceivePacketSize" /t REG_DWORD /d 0xFF00 /f
net stop DNS && net start DNS
参考链接
https://portal./en-US/security-guidance/advisory/CVE--1350
https://msrc-//07/14/july--security-update-cve--1350-vulnerability-in-windows-domain-name-system-dns-server/
https://portal./en-us/security-guidance/releasenotedetail/-Jul
北京金山云网络技术有限公司
/07/15
