关于Windows TCP/IP远程代码执行漏洞的预警提示
2020-10-19 08:43:48
一、漏洞详情
Microsoft Windows是美国微软(Microsoft)公司发布的一系列操作系统。
当Windows TCP/IP协议栈在处理ICMPv6 Router Advertisement数据包时,存在远程执行代码漏洞。攻击者可通过特制的ICMPv6 Router Advertisement数据包发送至目标主机上,成功利用该漏洞可在目标服务器或客户端上执行任意代码。
二、影响范围
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server, version 2004 (Server Core installation)
三、修复建议
1.厂商建议
目前,微软已更新安全补丁,建议受影响用户尽快下载更新补丁并安装。
下载地址:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16898
2.临时缓解措施:
如果目前无法升级,官方建议可以通过以下步骤临时缓解影响。
使用PowerShell命令禁用ICMPv6 RDNSS(只适用于Windows 1709及以上版本)
netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable
使用PowerShell命令禁用解决方法。
netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=enable
注:更改或禁用后,无需重新启动。