CVE-2020-1350 PoC — Microsoft Windows DNS Server 输入验证错误漏洞

Source

https://github.com/jmaddington/dRMM-CVE-2020-1350-response

Associated Vulnerability

Title:Microsoft Windows DNS Server 输入验证错误漏洞 (CVE-2020-1350)
Description:A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.

Description

Windows registry mitigation response to CVE-2020-1350

Readme

# Overview

Microsoft announced CVE-2020-1350 on July 14 2020. This vulnerability in Windows DNS server goes back to Server 2003
and is broadly thought to be wormable.

This script follows the intructions from KB456509 (<https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability>) to mitigate the issues without rebooting the server.

For Datto RMM users, you can import aem-component.cpt into the RMM. For other RMM users, the script simply needs command.bat and TcpRecievePacketSize.reg to work.

## Caveats
This script is only a few hours old and is not thoroughly tested. It based on the best information we have available from Microsoft right now.

Use at your own risk.

File Snapshot


 [4.0K]  /data/pocs/ec4aff0d5e885d231b5f1ff85de9c5b74277a9da
├── [667K]  aem-component.cpt
├── [4.0K]  bin
│   └── [4.0K]  7zip
│       ├── [1.0M]  7z.dll
│       ├── [259K]  7z.exe
│       └── [3.8K]  license.txt
├── [4.0K]  build
│   ├── [ 285]  repackage.bat
│   └── [ 464]  resource.xml
├── [  63]  command.bat
├── [4.0K]  initialize
│   └── [ 725]  init.ps1
├── [ 722]  README.md
├── [ 300]  TcpReceivePacketSize.reg
└── [4.0K]  vendor
    └── [  48]  readme.txt

5 directories, 11 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!