Описание
Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver
Microsoft is aware of a vulnerability involving DNS cache poisoning caused by IP fragmentation that affects Windows DNS Resolver. An attacker who successfully exploited this vulnerability could spoof the DNS packet which can be cached by the DNS Forwarder or the DNS Resolver.
For more information see the Workaround sections of this advisory.
Обходное решение
Configure Windows DNS servers to have UDP buffer size of 1221
Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.
Run regedit.exe as Administrator.
In Registry Editor, navigate to the
HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameterssubkey and set the following parameters:- Value: MaximumUdpPacketSize
- Type: DWORD
- Data: 4C5 Hexadecimal or 1221 Decimal
Close Registry Editor and restart the DNS service.
Impact of workaround
For responses larger than 4C5 or 1221, the DNS resolver would now switch to TCP.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS