漏洞描述

Windows DNS(Domain Name System)服务器处理请求时存在缺陷,从而导致存在远程执行代码漏洞。远程且未经授权的攻击者通过向 Windows DNS 服务端发送精心构造的恶意请求,即能以本地系统账户权限执行任意代码。

漏洞等级

影响范围

Windows 10 Version 1607 for 32-bit Systems 

Windows 10 Version 1607 for x64-based Systems 

Windows 10 Version 1709 for 32-bit Systems 

Windows 10 Version 1709 for 64-based Systems 

Windows 10 Version 1709 for ARM64-based Systems 

Windows 10 Version 1803 for 32-bit Systems 

Windows 10 Version 1803 for ARM64-based Systems 

Windows 10 Version 1803 for x64-based Systems 

Windows 10 Version 1809 for 32-bit Systems 

Windows 10 Version 1809 for ARM64-based Systems 

Windows 10 Version 1809 for x64-based Systems 

Windows Server 2012 R2 

Windows Server 2012 R2 (Server Core installation) 

Windows Server 2016 

Windows Server 2016 (Server Core installation) 

Windows Server 2019 

Windows Server 2019 (Server Core installation) 

Windows Server, version 1709 (Server Core Installation) 

Windows Server, version 1803 (Server Core Installation)

解决方案

前往微软官方下载对应的安全补丁:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8626

参考资料:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8626

https://mp.weixin.qq.com/s/nCm8yrHBUsCXG_1cjznU5g