2020年7月14日,微软发布补丁修复了一个标注为远程代码执行的DNS Server漏洞,官方分类为“可蠕虫级”高危漏洞,易受攻击的漏洞有可能通过恶意软件在易受攻击的计算机之间传播,而无需用户干预。
CVSS评分10分(即高危且易利用),漏洞编号CVE-2020-1350。
风险等级高危
影响范围Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core)
Windows Server 2012
Windows Server 2012 (Server Core)
Windows Server 2012
Windows Server 2012 (Server Core)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core)
Windows Server 2016
Windows Server 2016 (Server Core)
Windows Server 2019
Windows Server 2019 (Server Core)
Windows Server, version 1903 (Server Core)
Windows Server, version 1909 (Server Core)
Windows Server, version 2004 (Server Core)
启用DNS服务的系统会受影响
修复建议临时缓解措施:
通过注册表编辑器,限制tcp包的长度
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters DWORD = TcpReceivePacketSize Value = 0xFF00
重启DNS服务生效。
参考资料微软7月安全公告
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jul
CVE-2020-1350 | Windows DNS服务器远程执行代码漏洞
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
July 2020 Security Update: CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server
https://msrc-blog.microsoft.com/2020/07/14/july-2020-security-update-cve-2020-1350-vulnerability-in-windows-domain-name-system-dns-server/