{"id":11985,"date":"2020-09-22T18:51:41","date_gmt":"2020-09-22T10:51:41","guid":{"rendered":"https:\/\/www.kaspersky.com.cn\/blog\/?p=11985"},"modified":"2020-09-22T18:51:41","modified_gmt":"2020-09-22T10:51:41","slug":"cve-2020-1472-domain-controller-vulnerability","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.cn\/blog\/cve-2020-1472-domain-controller-vulnerability\/11985\/","title":{"rendered":"Zerologon\u6f0f\u6d1e\u5bf9\u57df\u63a7\u5236\u5668\u7684\u5b89\u5168\u9020\u6210\u4e86\u5a01\u80c1"},"content":{"rendered":"<p>\u5fae\u8f6f\u516c\u53f8\u5728\u516b\u6708\u4efd\u53d1\u5e03\u8865\u4e01\u7a0b\u5e8f\u65f6\u4fee\u8865\u4e86\u51e0\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u5176\u4e2d\u5305\u62ec<a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-1472\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2020-1472<\/a>\uff0c\u8fd9\u4e2a\u6709\u5173Netlogon\u534f\u8bae\u7684\u6f0f\u6d1e\u7684\u5b89\u5168\u7ea7\u522b\u4e3a\u201d\u9ad8\u5371\u201d\uff08\u901a\u7528\u6f0f\u6d1e\u8bc4\u5206\u8fbe\u5230\u4e86\u6700\u5927\u503c10.0\u5206\uff09\u3002\u6beb\u65e0\u7591\u95ee\u5b83\u4f1a\u9020\u6210\u4e00\u7cfb\u5217\u5a01\u80c1\uff0c\u800c\u5c31\u5728\u524d\u4e24\u5929\uff0c\u6f0f\u6d1e\u7684\u53d1\u73b0\u8005\u5b89\u5168\u7814\u7a76\u5458Tom Tervoort\uff0c\u53d1\u5e03\u4e86\u4e00\u4efd<a href=\"https:\/\/www.secura.com\/blog\/zero-logon\" target=\"_blank\" rel=\"noopener nofollow\">\u8be6\u7ec6\u7684\u6f0f\u6d1e\u62a5\u544a<\/a>\uff0c\u5206\u6790\u89e3\u91ca\u4e86\u8fd9\u4e2a\u79f0\u4e3aZerologon\u7684\u6f0f\u6d1e\u4e3a\u4f55\u5982\u6b64\u5371\u9669\uff0c\u4ee5\u53ca\u5982\u4f55\u4f7f\u7528\u5b83\u52ab\u6301\u57df\u63a7\u5236\u5668\u3002<\/p>\n<h2>\u4f55\u4e3aZerologon<\/h2>\n<p>CVE-2020-1472\u5b9e\u8d28\u4e0a\u662f\u7531Netlogon\u8fdc\u7a0b\u534f\u8bae\u52a0\u5bc6\u8ba4\u8bc1\u673a\u5236\u4e2d\u7684\u9519\u8bef\u6240\u5bfc\u81f4\u3002\u8be5\u534f\u8bae\u5bf9\u57fa\u4e8e\u57df\u7684\u7f51\u7edc\u4e2d\u7684\u7528\u6237\u548c\u673a\u5668\u8fdb\u884c\u8ba4\u8bc1\uff0c\u5b83\u4e5f\u88ab\u7528\u4e8e\u8fdc\u7a0b\u66f4\u65b0\u8ba1\u7b97\u673a\u5bc6\u7801\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u6b64\u6f0f\u6d1e\u4f2a\u88c5\u6210\u4e00\u53f0\u5ba2\u6237\u8ba1\u7b97\u673a\u5e76\u66ff\u6362\u57df\u63a7\u5236\u5668\uff08\u63a7\u5236\u6574\u4e2a\u7f51\u7edc\u5e76\u8fd0\u884c\u76ee\u5f55\u670d\u52a1\u7684\u670d\u52a1\u5668\uff09\u7684\u5bc6\u7801\u4ece\u800c\u83b7\u53d6\u57df\u7ba1\u7406\u5458\u6743\u9650\u3002<\/p>\n<h2>\u54ea\u4e9b\u7cfb\u7edf\u5b58\u5728\u5b89\u5168\u9690\u60a3\uff1f<\/h2>\n<p>CVE-2020-1472\u8ba9\u90a3\u4e9b\u4f7f\u7528Windows\u57df\u63a7\u5236\u5668\u7684\u516c\u53f8\u66b4\u9732\u5728\u5b89\u5168\u98ce\u9669\u4e4b\u4e0b\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u52ab\u6301\u4ee5\u4e0b\u7248\u672c\u7684\u57df\u63a7\u5236\u5668\uff1a\u6240\u6709\u7248\u672c\u7684Windows Server 2019\uff0cWindows Server 2016\uff0cWindows Server\u7248\u672c1909\/1903\/1809\uff0cWindows Server 2012 R2\uff0cWindows Server 2012\u548cWindows Server 2008 R2 Service Pack 1\u3002\u7f51\u7edc\u4e0d\u6cd5\u5206\u5b50\u4eec\u9700\u8981\u5148\u6e17\u900f\u8fdb\u5165\u4f01\u4e1a\u7f51\u7edc\u624d\u80fd\u53d1\u52a8\u653b\u51fb\uff0c\u7136\u800c\u8fd9\u5e76\u975e\u96be\u4e8b\uff0c\u4e4b\u524d\u51fa\u73b0\u8fc7\u5404\u79cd\u5148\u4f8b\uff0c\u5176\u4e2d\u5305\u62ec<a href=\"https:\/\/encyclopedia.kaspersky.com\/knowledge\/recognizing-different-types-of-insiders\/\" target=\"_blank\" rel=\"noopener\">\u5185\u90e8\u653b\u51fb<\/a>\u548c\u901a\u8fc7\u516c\u53f8\u516c\u5171\u573a\u6240\u7684<a href=\"https:\/\/www.kaspersky.com\/blog\/dark-vishnya-attack\/24867\/\" target=\"_blank\" rel=\"noopener nofollow\">\u4ee5\u592a\u7f51\u63d2\u53e3\u8fdb\u884c\u6e17\u900f<\/a>\u7b49\u7b49\u3002<\/p>\n<p>\u5e78\u8fd0\u7684\u662f\uff0c\u76ee\u524dZerologon\u8fd8\u6ca1\u6709\u88ab\u7528\u5728\u771f\u5b9e\u653b\u51fb\u4e2d\uff08\u81f3\u5c11\u6211\u4eec\u8fd8\u6ca1\u6709\u6536\u5230\u4efb\u4f55\u62a5\u544a\uff09\u3002\u4e0d\u8fc7Tervoort\u7684\u5b89\u5168\u62a5\u544a\u5f88\u53ef\u80fd\u5f15\u8d77\u7f51\u7edc\u653b\u51fb\u8005\u7684\u6ce8\u610f\uff0c\u5c3d\u7ba1\u5b89\u5168\u7814\u7a76\u4eba\u5458\u5e76\u6ca1\u6709\u516c\u5e03\u6210\u529f\u7684<a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/poc-proof-of-concept\/\" target=\"_blank\" rel=\"noopener\">\u6982\u5ff5\u8bc1\u660e<\/a>\uff0c\u4f46\u662f\u6beb\u65e0\u7591\u95ee\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5206\u6790\u8865\u4e01\u7a0b\u5e8f\u521b\u9020\u51fa\u653b\u51fb\u7a0b\u5e8f\u3002<\/p>\n<h2>\u5982\u4f55\u9632\u5fa1\u6765\u81eaZerologon\u7684\u653b\u51fb<\/h2>\n<p>\u5fae\u8f6f\u516c\u53f8\u5df2\u7ecf\u5728\u4eca\u5e74\u516b\u6708\u521d\u53d1\u5e03\u4e86\u6240\u6709\u53d7\u5f71\u54cd\u7cfb\u7edf\u7684<a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-1472\" target=\"_blank\" rel=\"noopener nofollow\">\u8865\u4e01\u7a0b\u5e8f<\/a>\uff0c\u6240\u4ee5\u4f60\u5e94\u8be5\u5c3d\u5feb\u5b89\u88c5\u8865\u4e01\u7a0b\u5e8f\u3002\u9664\u6b64\u4e4b\u5916\uff0c\u5fae\u8f6f\u8fd8\u5efa\u8bae\u4f01\u4e1a\u76d1\u63a7\u4e00\u5207\u901a\u8fc7\u4e0d\u5b89\u5168\u7248\u672c\u534f\u8bae\u8fdb\u884c\u7684\u767b\u5f55\u5c1d\u8bd5\uff0c\u5e76\u627e\u51fa\u4e0d\u652f\u6301\u65b0\u7248\u672c\u534f\u8bae\u7684\u8bbe\u5907\u3002\u7406\u60f3\u60c5\u51b5\u4e0b\uff0c\u5e94\u8be5\u5c06\u57df\u63a7\u5236\u5668\u8bbe\u7f6e\u4e3a\u7279\u5b9a\u7684\u6a21\u5f0f\uff0c\u5728\u8fd9\u79cd\u6a21\u5f0f\u4e2d\u6240\u6709\u8bbe\u5907\u90fd\u4f7f\u7528\u5b89\u5168\u7248\u672cNetlogon\u534f\u8bae\u3002<\/p>\n<p>\u8fd9\u6b21\u7684\u66f4\u65b0\u5e76\u4e0d\u4f1a\u5f3a\u5236\u8fd9\u4e00\u8981\u6c42\uff0c\u56e0\u4e3aNetlogon\u8fdc\u7a0b\u534f\u8bae\u5e76\u4e0d\u53ea\u662f\u88ab\u7528\u4e8eWindows\u7cfb\u7edf\u4e2d\uff0c\u8bb8\u591a\u57fa\u4e8e\u5176\u4ed6\u64cd\u4f5c\u7cfb\u7edf\u7684\u8bbe\u5907\u4e5f\u4f9d\u8d56\u4e8e\u8be5\u534f\u8bae\uff0c\u5982\u679c\u5f3a\u5236\u4f7f\u7528\u7684\u8bdd\uff0c\u4e00\u4e9b\u8bbe\u5907\u53ef\u80fd\u65e0\u6cd5\u6b63\u5e38\u8fd0\u884c\u3002<\/p>\n<p>\u4e0d\u8fc7\uff0c\u4ece2021\u5e742\u67089\u65e5\u5f00\u59cb\uff0c\u57df\u63a7\u5236\u5668\u5c06\u88ab\u8981\u6c42\u4f7f\u7528\u8fd9\u79cd\u6a21\u5f0f\uff08\u6bd4\u5982\u5f3a\u5236\u6240\u6709\u8bbe\u5907\u4f7f\u7528\u5b89\u5168\u7248\u672c\u7684Netlogon\u534f\u8bae\uff09\uff0c\u6240\u4ee5\u7cfb\u7edf\u7ba1\u7406\u5458\u9700\u8981\u63d0\u524d\u89e3\u51b3\u7b2c\u4e09\u65b9\u8bbe\u5907\u7b26\u5408\u89c4\u5b9a\u7684\u95ee\u9898\uff0c\u8981\u4e48\u66f4\u65b0\u8bbe\u5907\u7cfb\u7edf\uff0c\u8981\u4e48\u5c06\u4ed6\u4eec\u52a0\u5165\u4f8b\u5916\u5217\u8868\u4e2d\u3002\u5982\u679c\u60f3\u67e5\u770b\u66f4\u591a\u6709\u5173\u516b\u6708\u4efd\u8865\u4e01\u7a0b\u5e8f\u7684\u5185\u5bb9\u4ee5\u53ca\u4e8c\u6708\u4efd\u5373\u5c06\u5230\u6765\u7684\u53d8\u5316\uff0c\u8bf7\u9605\u8bfb\u8fd9\u7bc7<a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4557222\/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc\" target=\"_blank\" rel=\"noopener nofollow\">\u5fae\u8f6f\u516c\u53f8\u53d1\u5e03\u7684\u6587\u7ae0<\/a>\u3002<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-top3\">\n","protected":false},"excerpt":{"rendered":"<p>Netlogon\u534f\u8bae\u4e2d\u7684CVE-2020-1472\u6f0f\u6d1e\uff08\u53c8\u79f0Zerologon\uff09\u5bfc\u81f4\u653b\u51fb\u8005\u52ab\u6301\u57df\u63a7\u5236\u5668\u3002<\/p>\n","protected":false},"author":2581,"featured_media":11986,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1845],"tags":[2383,73,44],"class_list":{"0":"post-11985","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-1845","8":"tag-cve","9":"tag-73","10":"tag-44"},"hreflang":[{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/cve-2020-1472-domain-controller-vulnerability\/11985\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/cve-2020-1472-domain-controller-vulnerability\/21903\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/cve-2020-1472-domain-controller-vulnerability\/17377\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/cve-2020-1472-domain-controller-vulnerability\/23294\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/cve-2020-1472-domain-controller-vulnerability\/21486\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/cve-2020-1472-domain-controller-vulnerability\/20106\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/cve-2020-1472-domain-controller-vulnerability\/23898\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/cve-2020-1472-domain-controller-vulnerability\/22837\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/cve-2020-1472-domain-controller-vulnerability\/29085\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/cve-2020-1472-domain-controller-vulnerability\/8828\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/cve-2020-1472-domain-controller-vulnerability\/37048\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/cve-2020-1472-domain-controller-vulnerability\/15680\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/cve-2020-1472-domain-controller-vulnerability\/16049\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/cve-2020-1472-domain-controller-vulnerability\/13982\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/cve-2020-1472-domain-controller-vulnerability\/25178\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/cve-2020-1472-domain-controller-vulnerability\/29235\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/cve-2020-1472-domain-controller-vulnerability\/26096\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/cve-2020-1472-domain-controller-vulnerability\/22875\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/cve-2020-1472-domain-controller-vulnerability\/28197\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/cve-2020-1472-domain-controller-vulnerability\/28029\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.cn\/blog\/tag\/%e6%bc%8f%e6%b4%9e\/","name":"\u6f0f\u6d1e"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/posts\/11985","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/comments?post=11985"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/posts\/11985\/revisions"}],"predecessor-version":[{"id":11991,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/posts\/11985\/revisions\/11991"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/media\/11986"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/media?parent=11985"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/categories?post=11985"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/tags?post=11985"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}