windows sever2016漏洞安全问题

%3CLINGO-SUB%20id%3D%22lingo-sub-2399867%22%20slang%3D%22zh-CN%22%3EWindows%20sever2016%20vulnerability%20security%20issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2399867%22%20slang%3D%22zh-CN%22%3E%3CP%3EMy%20windows%20suffered%20a%20vulnerability%20attack%2C%20the%20name%20of%20which%3CSPAN%3Eis%20NTP%20Ntp_request.c%20Remote%20Denial%20of%20Service%20Vulnerability%2C%20but%20now%20Windows%20does%20not%20have%20a%20fix%20for%20this%20vulnerability.%20NTPd%20is%20an%20operating%20system%20daemon%20that%20uses%20the%20Network%20Time%20Protocol%20(NTP)%20to%20keep%20pace%20with%20the%20time%20server's%20system%20time.%20There%20is%20an%20input%20validation%20vulnerability%20in%20the%20ntp_request.c%20file's%20monlist%20feature%20in%20the%20ntpd%20daemon%20in%20the%20ntpd%20daemon%20in%20previous%20versions%20of%20NTP%204.2.7p26.%20A%20remote%20attacker%20can%20exploit%20the%20vulnerability%20to%20deny%20service%20by%20falsifying%20REQ_MON_GETLIST%20or%20REQ_MON_GETLIST_1%20requests.%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EWe%20hope%20windows%20will%20resolve%20this%20issue%20as%20soon%20as%20possible.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

 我的windows遭受了漏洞攻击,漏洞名称“NTP Ntp_request.c 远程拒绝服务漏洞”,但是现在windows并没有此漏洞的修复补丁。NTPd(Network Time Protocol daemon)是一个操作系统守护进程,它使用网络时间协议(NTP)与时间服务器的系统时间保持同步。NTP 4.2.7p26之前的版本中的ntpd守护进程中的ntp_request.c文件中的monlist功能中存在输入验证漏洞。远程攻击者可通过伪造REQ_MON_GETLIST或REQ_MON_GETLIST_1请求利用该漏洞造成拒绝服务。

希望windows尽快解决此问题。

0 Replies