通告概要

2020年11月11日,在微软每月的例行补丁日修复了两个NFS(网络文件系统,最初由Sun公司开发用于Unix类系统)共享服务中的漏洞。漏洞成因都是由于NFS服务未能正确处理客户端发送的畸形数据所导致,编号分别为CVE-2020-17047及CVE-2020-17051, CVE-2020-17047为远程拒绝服务漏洞,CVE-2020-17051为远程代码执行漏洞。

奇安信威胁情报中心红雨滴团队第一时间跟进了这两个漏洞,确认两个漏洞都可以在无需用户验证交互的情况下触发目标系统远程拒绝服务,导致系统蓝屏崩溃,其中CVE-2020-17051还存在远程代码执行的可能性,强烈建议相关启用了NFS服务的Windows系统用户安装对应补丁以避免受到影响。

漏洞概要

漏洞名称

Microsoft NFS 远程拒绝服务漏洞(CVE-2020-17047)

威胁类型

远程拒绝服务漏洞

威胁等级

漏洞ID

CVE-2020-17047

利用场景

无需任何交互认证,攻击者通过构造畸形数据包,并发送至受影响且开启了NFS服务的服务器将导致远程拒绝服务

CVSS

3.0 7.5/6.7

受影响系统及应用版本

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows Server, version 1909 (Server Core installation)

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows Server, version 1903 (Server Core installation)

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for x64-based Systems

漏洞名称

Microsoft NFS 远程代码执行漏洞(CVE-2020-17051)

威胁类型

远程代码执行

威胁等级

严重

漏洞ID

CVE-2020-17051

CVSS

3.0 9.8/8.5

利用场景

无需任何认证,攻击者通过构造畸形数据包,并发送至受影响且开启了NFS服务的服务器将导致远程代码执行或拒绝服务攻击

受影响系统及应用版本

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 8.1 for 32-bit systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows Server, version 1903 (Server Core installation)

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows Server, version 1909 (Server Core installation)

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

漏洞描述

NFS网络文件系统,英文Network FileSystem(NFS),是由SUN公司研发的UNIX表示层协议,允许一个系统在网络上与它人共享目录和文件。通过使用NFS,用户和程序可以像访问本地文件一样访问远端系统上的文件,该实现方式之后也被微软所采纳并使用。

CVE-2020-17047及CVE-2020-17051都是由于NFS服务未能正确处理客户端发送的畸形数据所导致,其中CVE-2020-17047为远程拒绝服务漏洞,CVE-2020-17051为远程代码执行漏洞,攻击者通过构造恶意的畸形数据并发送至受影响且开启了NFS服务的Windows机器,可能分别导致远程拒绝服务和代码执行。

影响面评估

这两个漏洞存在于当前所有的Windows Servers系统,奇安信威胁情报中心评估互联网可访问的受影响系统数量在万级,强烈建议使用了该服务的企业及用户及时更新补丁。

处置建议

临时处置措施

针对该漏洞,微软已发布相关补丁更新,见如下链接,相关开启了该服务的企业用户请及时更新。

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17051

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17047

参考资料

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17051

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17047

声明:本文来自奇安信威胁情报中心,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。