CVE-2020-1350 | Windows DNS ServerÔ¶³Ì´úÂëÖ´Ðзì϶¹«¸æ

°ä²¼¹¦·ò 2020-07-15

0x00 ·ì϶¸ÅÊö


CVE   ID

CVE-2020-1350

ʱ    ¼ä

2020-07-15

Àà  ÐÍ

RCE

µÈ    ¼¶

ÑϳÁ

Ô¶³ÌÀûÓÃ

ÊÇ

Ó°ÏìÁìÓò


0x01 ·ì϶ÏêÇé


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


΢ÈíÓÚÖܶþ°ä²¼ÁË7Ô°²È«¸üв¹¶¡  £¬½¨¸´ÁË123¸ö·ì϶¡£ÆäÖÐÔ̺¬Ò»¸öWindows DNS ServerÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2020-1350£©  £¬CVSSÆÀ·ÖΪ10·Ö¡£

¸Ã·ì϶µÄ³ÉÒòÊÇDNS¿Í»§¶Ëͨ¹ýDNS·þÎñÆ÷Ïò¶ñÒâDNS·þÎñÆ÷²éÎÊʱ  £¬¶ñÒâ·þÎñÆ÷µÄÏìÓ¦±»Ò»Ê±»º´æÔÚ±¾µØDNS·þÎñÆ÷ÖÐ  £¬²¢ÇÒÏ´ÎDNS¿Í»§¶ËÒªÇó²éÎÊʱ  £¬±¾µØDNS·þÎñÆ÷½«³¢ÊÔÔÚÏìӦ֮ǰ½øÐнâѹËõ×Ö¶ÎÄÚÈÝ  £¬µ¼ÖÂÔ¶³Ì´úÂëÖ´ÐС£

Windows DNS·þÎñÆ÷ÊÇÖ÷ÌâÍøÂç×é¼þ  £¬¸Ã·ì϶¿ÉÒý·¢Èä³æʽ´«²¼  £¬¶øÎÞÐèÓû§½»»¥ºÍÉí·ÝÑéÖ¤  £¬Windows DNS ServerĬÈÏÅäÖü´¿É´¥·¢¡£

SonarÏîÄ¿ÔÚ7Ô³õµÄ»¥ÁªÍøɨÃèÖз¢ÏÖÁ˽«½ü50000̨Microsoft DNS·þÎñÆ÷  £¬¾ßÌåÈçÏ£º

fingerprint                                         count

cpe:/o:microsoft:windows_server_2008:Service Pack 1 38005

Known Microsoft but OS type/version unknown          7785

cpe:/o:microsoft:windows_server_2008:Service Pack 2  2113

cpe:/o:microsoft:windows_server_2008:-               1561

cpe:/o:microsoft:windows_server_2016:-                 20

cpe:/o:microsoft:windows_server_2012:-                  4


0x02 Ó°ÏìÁìÓò


ÒÔÏÂÊÇCVE-2020-1350·ì϶ÊÜÓ°ÏìµÄϵͳ°æ±¾£º

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1903 (Server Core installation)

Windows Server, version 1909 (Server Core installation)

Windows Server, version 2004 (Server Core installation)


0x03 ´ëÖý¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼²¹¶¡  £¬ÏÂÔØÁ´½Ó£º

https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2020-1350

һʱ´ëÊ©£º

ÔÚÒÔÏÂ×¢²á±íÏîÖÐÔö³¤TcpReceivePacketSize¼üÖµ£º

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters

Value: TcpReceivePacketSize

Data Type DWORD = 0xFF00

°ÑÎÈ£ºÅäÖÃÍêÐè³ÁÆôDNS·þÎñ¡£


0x04 ÓйØÐÂÎÅ


https://reportcybercrime.com/windows-dns-server-rce-vulnerability-cve-2020-1350/


0x05 ²Î¿¼Á´½Ó


https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2020-1350


0x06 ¹¦·òÏß


2020-07-14 ΢Èí¸üзì϶²¹¶¡

2020-07-15 VSRC°ä²¼·ì϶¹«¸æ



GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾