关联漏洞
标题:Microsoft Windows DNS Server 输入验证错误漏洞 (CVE-2020-1350)Description:Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows DNS Server 存在输入验证错误漏洞,该漏洞源于程序无法正确处理请求。攻击者可通过发送恶意的请求利用该漏洞在本地系统帐户的上下文中运行任意代码。以下产品及版本受到影响:Windows Server 2008 SP2,Windows Server 2008 R2 SP1,Windows Server 2012,Windows Server 2012 R2,Windo
Description
A powershell script to deploy the registry mitigation key for CVE-2020-1350
介绍
This is a powershell script that'll grab all the AD servers for the domain your computer is on. It'll then set the CVE 2020-1350 DNS workaround on those servers and restart DNS.
NOTE!! it will restart DNS so you might need a maintenance window to run it. This workaround does not mean that you can avoid patching your servers but it should help buy you some time especially if you have windows servers on the internet.
You can read about cve-2020-1350 here -> https://blog.gdwnet.com/2020/07/15/sigred-dns-flaw-summary/
Questions? Issues? Suggestions? contact@gdwnet.com
Useful? If so, why not buy me a coffee to say thanks? https://www.buymeacoffee.com/garyw
文件快照
[4.0K] /data/pocs/71310e4e65bec9297b51105579d5162da45494c1
├── [1.5K] dns-reg-tweak.ps1
└── [ 663] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。