近日,一个Windows DNS服务器远程代码执行漏洞曝光,Windows DNS(Domain Name System)服务器处理请求时存在缺陷,从而导致存在远程执行代码漏洞。远程且未经授权的攻击者通过向 Windows DNS 服务端发送精心构造的恶意请求,即能以本地系统账户权限执行任意代码。
根据目前掌握的情况判定,我们认为该漏洞具有较高的风险等级;目前厂商已发布相关补丁,敬请用户知晓。
预警报告信息
影响版本
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for 64-based Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1709 (Server Core Installation)
Windows Server, version 1803 (Server Core Installation)
解决方案
前往微软官方下载对应的安全补丁:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8626
本来今天周末了,高高兴兴的,这漏洞一出,赶紧回公司加班吧,顺便把之前拿不下的项目,可以抓紧时间搞定了
顺便等一波CVE