{"id":8588,"date":"2020-07-16T19:15:22","date_gmt":"2020-07-16T16:15:22","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=8588"},"modified":"2020-07-16T19:21:48","modified_gmt":"2020-07-16T16:21:48","slug":"cve-2020-1350-dns-rce","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/cve-2020-1350-dns-rce\/8588\/","title":{"rendered":"CVE-2020-1350: Windows DNS sunucular\u0131nda g\u00fcvenlik a\u00e7\u0131\u011f\u0131"},"content":{"rendered":"

Microsoft, Windows DNS sunucusunda CVE-2020-1350 g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 bildirdi. K\u00f6t\u00fc haber: G\u00fcvenlik a\u00e7\u0131\u011f\u0131 CVSS \u00f6l\u00e7e\u011finde 10 puan ald\u0131, bu da bu a\u00e7\u0131\u011f\u0131n kritik oldu\u011fu anlam\u0131na geliyor. \u0130yi haber: Siber su\u00e7lular bu a\u00e7\u0131\u011f\u0131 yaln\u0131zca sistem DNS sunucu modunda \u00e7al\u0131\u015f\u0131yorsa kullanabilirler. Ba\u015fka bir deyi\u015fle, potansiyel olarak savunmas\u0131z bilgisayarlar\u0131n say\u0131s\u0131 nispeten azd\u0131r. Ayr\u0131ca, \u015firket zaten yama ve ge\u00e7ici bir ge\u00e7ici \u00e7\u00f6z\u00fcm yay\u0131mlad\u0131<\/a>.<\/p>\n

G\u00fcvenlik a\u00e7\u0131\u011f\u0131 nedir ve nas\u0131l tehlikelidir?<\/h2>\n

CVE-2020-1350, Windows Server\u2019\u0131 \u00e7al\u0131\u015ft\u0131ran DNS sunucular\u0131n\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 kodlar\u0131 uzaktan y\u00fcr\u00fctmeye zorlar. Ba\u015fka bir deyi\u015fle, g\u00fcvenlik a\u00e7\u0131\u011f\u0131 RCE s\u0131n\u0131f\u0131na aittir. CVE-2020-1350 k\u00f6t\u00fcye kullanmak i\u00e7in, bir ki\u015finin sadece DNS sunucusuna \u00f6zel olarak olu\u015fturulan istek g\u00f6ndermesi yeterlidir.<\/p>\n

\u00dc\u00e7\u00fcnc\u00fc taraf kod, daha sonra LocalSystem hesab\u0131nda<\/a> y\u00fcr\u00fct\u00fcl\u00fcr. Bu hesap, yerel bilgisayarda geni\u015f ayr\u0131cal\u0131klara sahiptir ve a\u011fda bir bilgisayar g\u00f6revi g\u00f6r\u00fcr. Buna ek olarak, g\u00fcvenlik alt sistemi LocalSystem hesab\u0131n\u0131 tan\u0131maz. Microsoft\u2019a g\u00f6re, g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n en b\u00fcy\u00fck tehlikesi, yerel a\u011f \u00fczerinden bir tehdit yaymak i\u00e7in kullan\u0131labilmesidir. Bu nedenle, solucan olarak s\u0131n\u0131fland\u0131r\u0131l\u0131r.<\/p>\n

CVE-2020-1350 kimleri tehdit ediyor?<\/h2>\n

Windows Server\u2019\u0131n t\u00fcm s\u00fcr\u00fcmleri, yaln\u0131zca DNS sunucu modunda \u00e7al\u0131\u015f\u0131yorsa, g\u00fcvenlik a\u00e7\u0131\u011f\u0131na kar\u015f\u0131 tehdit alt\u0131ndad\u0131r. \u015eirketinizin bir DNS sunucusu yoksa veya farkl\u0131 bir i\u015fletim sistemine dayal\u0131 bir DNS sunucusu kullan\u0131yorsa endi\u015felenmenize gerek yoktur.<\/p>\n

Neyse ki, g\u00fcvenlik a\u00e7\u0131\u011f\u0131 Check Point Research taraf\u0131ndan ke\u015ffedildi ve hen\u00fcz nas\u0131l k\u00f6t\u00fcye kullan\u0131laca\u011f\u0131na y\u00f6nelik kamuya a\u00e7\u0131k bir bilgi yok. Buna ek olarak, \u015fu anda CVE-2020-1350 sald\u0131rganlar taraf\u0131ndan k\u00f6t\u00fcye kullan\u0131ld\u0131\u011f\u0131na dair hi\u00e7bir kan\u0131t da yok.<\/p>\n

Ancak, Microsoft sistemin g\u00fcncellenmesini \u00f6nermesinden sonra, siber su\u00e7lular\u0131n g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan nas\u0131l yararlan\u0131labilece\u011fini bulmak i\u00e7in savunmas\u0131z DNS sunucular\u0131na ve yay\u0131mlanan yamalara odaklanmas\u0131 muhtemeldir. Herkes ge\u00e7 olmadan yamay\u0131 y\u00fcklemelidir.<\/p>\n

Ne yapmal\u0131?<\/h2>\n

Yukar\u0131da belirtildi\u011fi gibi, en iyi eylem DNS sunucular\u0131 taraf\u0131ndan istekleri i\u015fleme y\u00f6ntemini de\u011fi\u015ftiren Microsoft yamas\u0131n y\u00fcklemektir. Yama, Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows Server s\u00fcr\u00fcm 1903, Windows Server s\u00fcr\u00fcm 1909 ve Windows Server s\u00fcr\u00fcm 2004 i\u00e7in kullan\u0131labilir. Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131na ayr\u0131lm\u0131\u015f Microsoft sayfas\u0131ndan yamay\u0131 indirebilirsiniz<\/a>.<\/p>\n

Ancak, baz\u0131 b\u00fcy\u00fck \u015firketlerin d\u00e2hili kurallar\u0131 ve yaz\u0131l\u0131m g\u00fcncelle\u015ftirmeleri i\u00e7in belirlenmi\u015f bir i\u00e7 kurallar\u0131 vard\u0131r ve sistem y\u00f6neticileri yamay\u0131 hemen y\u00fckleyemeyebilir. \u015eirket, DNS sunucular\u0131n\u0131n bu gibi durumlarda gizlili\u011finin ihlal edilmesini \u00f6nlemek i\u00e7in Microsoft bir ge\u00e7ici \u00e7\u00f6z\u00fcm de \u00f6nerdi<\/a>. Sistem kay\u0131t defterinde a\u015fa\u011f\u0131daki de\u011fi\u015fiklikleri yapmay\u0131 i\u00e7erir:<\/p>\n

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services
\n\\DNS\\Parameters
\nDWORD = TcpReceivePacketSize
\nValue = 0xFF00<\/code><\/p>\n

De\u011fi\u015fiklikleri kaydettikten sonra sunucuyu yeniden ba\u015flatman\u0131z gerekir. Bu ge\u00e7ici \u00e7\u00f6z\u00fcm, sunucunun 65.280 bayttan daha b\u00fcy\u00fck bir TCP paketi almas\u0131 durumunda yanl\u0131\u015f sunucu \u00e7al\u0131\u015fmas\u0131na yol a\u00e7abilece\u011fini unutmay\u0131n. Bu nedenle Microsoft\u2019un TcpReceivePacketSize anahtar\u0131n\u0131 ve de\u011ferini silerek kay\u0131t defteri giri\u015fini yama y\u00fcklendikten sonra orijinal durumuna d\u00f6nd\u00fcrmesini \u00f6neriyor.<\/p>\n

Biz altyap\u0131n\u0131zda \u00e7al\u0131\u015fan DNS sunucusunun di\u011fer u\u00e7 noktalarla ayn\u0131 \u015fekilde bir bilgisayar oldu\u011funu hat\u0131rlatmak isteriz. Ayr\u0131ca siber su\u00e7lular\u0131n k\u00f6t\u00fcye kullanmaya \u00e7al\u0131\u015fabilece\u011fi g\u00fcvenlik a\u00e7\u0131klar\u0131na da sahip olabilirler. Bu nedenle, a\u011fdaki di\u011fer u\u00e7 noktalar gibi Kaspersky Endpoint Security for Business<\/a> gibi bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc gerektirir.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

Microsoft, Windows Server sistemlerinde kritik bir RCE g\u00fcvenlik a\u00e7\u0131\u011f\u0131 i\u00e7in bir yama yay\u0131mlad\u0131.<\/p>\n","protected":false},"author":2581,"featured_media":8589,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[1903,503,790,38,506],"class_list":{"0":"post-8588","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-dns","10":"tag-guvenlik-acigi","11":"tag-guvenlik-aciklari","12":"tag-microsoft","13":"tag-yama"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/cve-2020-1350-dns-rce\/8588\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/cve-2020-1350-dns-rce\/21562\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/cve-2020-1350-dns-rce\/17025\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/cve-2020-1350-dns-rce\/8438\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/cve-2020-1350-dns-rce\/22822\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/cve-2020-1350-dns-rce\/21013\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/cve-2020-1350-dns-rce\/19661\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/cve-2020-1350-dns-rce\/23491\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/cve-2020-1350-dns-rce\/22334\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/cve-2020-1350-dns-rce\/28735\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/cve-2020-1350-dns-rce\/36366\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/cve-2020-1350-dns-rce\/15293\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/cve-2020-1350-dns-rce\/15766\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/cve-2020-1350-dns-rce\/13690\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/cve-2020-1350-dns-rce\/24721\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/cve-2020-1350-dns-rce\/25687\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/cve-2020-1350-dns-rce\/22591\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/cve-2020-1350-dns-rce\/27846\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/cve-2020-1350-dns-rce\/27682\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/guvenlik-aciklari\/","name":"g\u00fcvenlik a\u00e7\u0131klar\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8588","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=8588"}],"version-history":[{"count":5,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8588\/revisions"}],"predecessor-version":[{"id":8594,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8588\/revisions\/8594"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/8589"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=8588"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=8588"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=8588"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}