2020年7月15日，金山云安全应急响应中心监测到微软发布补丁修复了一个DNS Sever远程代码执行漏洞。

该漏洞风险等级高且利用门槛低，建议广大用户及时更新系统补丁或采取暂缓措施，避免被黑客攻击造成损失。

漏洞编号

CVE-2020-1350

风险等级

高危

漏洞描述

微软官方将该漏洞分类为“蠕虫级”高危漏洞，该漏洞可通过恶意软件在易受攻击的计算机之间传播，无需用户干预。CVSS评分为10分，高危且易利用。

利用此漏洞，未经身份验证的攻击者可以通过发送特殊构造的数据包到目标DNS Server以达到远程代码执行的效果。如果域控制器上存在DNS服务，攻击者利用此漏洞可获取到域控制器的系统权限。 

影响版本

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core)

Windows Server 2012

Windows Server 2012 (Server Core)

Windows Server 2012

Windows Server 2012 (Server Core)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core)

Windows Server 2016

Windows Server 2016 (Server Core)

Windows Server 2019

Windows Server 2019 (Server Core)

Windows Server, version 1903 (Server Core)

Windows Server, version 1909 (Server Core)

Windows Server, version 2004 (Server Core)

修复建议

1. 更新系统补丁：前往微软官方下载相应补丁进行更新

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

【备注】：建议您在安装补丁前做好数据备份工作，避免出现意外。

2. 如不方便升级，可运行如下命令缓解该漏洞（注意：必须重新启动DNS服务才能生效）：

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v "TcpReceivePacketSize" /t REG_DWORD /d 0xFF00 /f

net stop DNS && net start DNS

参考链接

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

https://msrc-blog.microsoft.com/2020/07/14/july-2020-security-update-cve-2020-1350-vulnerability-in-windows-domain-name-system-dns-server/

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jul

北京金山云网络技术有限公司

2020/07/15