CVE-2020-1350 | Windows DNS ServerÔ¶³Ì´úÂëÖ´ÐÐÎó²îͨ¸æ

Ðû²¼Ê±¼ä 2020-07-15

0x00 Îó²î¸ÅÊö


CVE   ID

CVE-2020-1350

ʱ    ¼ä

2020-07-15

Àà  ÐÍ

RCE

µÈ    ¼¶

ÑÏÖØ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£


0x01 Îó²îÏêÇé


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


΢ÈíÓÚÖܶþÐû²¼ÁË7ÔÂÇå¾²¸üв¹¶¡£¬£¬£¬£¬£¬£¬£¬ÐÞ¸´ÁË123¸öÎó²î¡£¡£¡£¡£¡£¡£ ¡£ÆäÖаüÀ¨Ò»¸öWindows DNS ServerÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2020-1350£©£¬£¬£¬£¬£¬£¬£¬CVSSÆÀ·ÖΪ10·Ö¡£¡£¡£¡£¡£¡£ ¡£

¸ÃÎó²îµÄ³ÉÒòÊÇDNS¿Í»§¶Ëͨ¹ýDNSЧÀÍÆ÷Ïò¶ñÒâDNSЧÀÍÆ÷ÅÌÎÊʱ£¬£¬£¬£¬£¬£¬£¬¶ñÒâЧÀÍÆ÷µÄÏìÓ¦±»ÔÝʱ»º±£´æÍâµØDNSЧÀÍÆ÷ÖУ¬£¬£¬£¬£¬£¬£¬²¢ÇÒÏ´ÎDNS¿Í»§¶ËÇëÇóÅÌÎÊʱ£¬£¬£¬£¬£¬£¬£¬ÍâµØDNSЧÀÍÆ÷½«ÊµÑéÔÚÏìӦ֮ǰ¾ÙÐнâѹËõ×Ö¶ÎÄÚÈÝ£¬£¬£¬£¬£¬£¬£¬µ¼ÖÂÔ¶³Ì´úÂëÖ´ÐС£¡£¡£¡£¡£¡£ ¡£

Windows DNSЧÀÍÆ÷Êǽ¹µãÍøÂç×é¼þ£¬£¬£¬£¬£¬£¬£¬¸ÃÎó²î¿ÉÒý·¢Èä³æʽÈö²¥£¬£¬£¬£¬£¬£¬£¬¶øÎÞÐèÓû§½»»¥ºÍÉí·ÝÑéÖ¤£¬£¬£¬£¬£¬£¬£¬Windows DNS ServerĬÈÏÉèÖü´¿É´¥·¢¡£¡£¡£¡£¡£¡£ ¡£

SonarÏîÄ¿ÔÚ7Ô³õµÄ»¥ÁªÍøɨÃèÖз¢Ã÷ÁË¿ìÒª50000̨Microsoft DNSЧÀÍÆ÷£¬£¬£¬£¬£¬£¬£¬ÏêϸÈçÏ£º

fingerprint                                         count

cpe:/o:microsoft:windows_server_2008:Service Pack 1 38005

Known Microsoft but OS type/version unknown          7785

cpe:/o:microsoft:windows_server_2008:Service Pack 2  2113

cpe:/o:microsoft:windows_server_2008:-               1561

cpe:/o:microsoft:windows_server_2016:-                 20

cpe:/o:microsoft:windows_server_2012:-                  4


0x02 Ó°Ïì¹æÄ£


ÒÔÏÂÊÇCVE-2020-1350Îó²îÊÜÓ°ÏìµÄϵͳ°æ±¾£º

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1903 (Server Core installation)

Windows Server, version 1909 (Server Core installation)

Windows Server, version 2004 (Server Core installation)


0x03 ´¦Öóͷ£½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼²¹¶¡£¬£¬£¬£¬£¬£¬£¬ÏÂÔØÁ´½Ó£º

https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2020-1350

ÔÝʱ²½·¥£º

ÔÚÒÔÏÂ×¢²á±íÏîÖÐÌí¼ÓTcpReceivePacketSize¼üÖµ£º

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters

Value: TcpReceivePacketSize

Data Type DWORD = 0xFF00

×¢ÖØ£ºÉèÖÃÍêÐèÖØÆôDNSЧÀÍ¡£¡£¡£¡£¡£¡£ ¡£


0x04 Ïà¹ØÐÂÎÅ


https://reportcybercrime.com/windows-dns-server-rce-vulnerability-cve-2020-1350/


0x05 ²Î¿¼Á´½Ó


https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2020-1350


0x06 ʱ¼äÏß


2020-07-14 ΢Èí¸üÐÂÎó²î²¹¶¡

2020-07-15 VSRCÐû²¼Îó²îͨ¸æ



¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨