虽然是个前段时间的漏洞了,但是之前一直只关注漏洞的利用,而未关注具体的解决方案,今天无意中和用户聊天时提到的,用户让帮忙找个解决方案,网上搜索了下,在 刺 那里找的相关的说明,并在微软的找到了具体的解决办法。详细如下:

这个漏洞是由于在NetworkService 或者 LocalService 下运行的代码,可以访问同样是在 NetworkService 或者 LocalService 下运行的进程,某些进程允许提升权限为LocalSystem。

对于IIS,默认安装是不受影响的,受影响的是你的ASP.NET代码是以 Full Trust 运行,如果权限低于 Full Trust,也不会受影响。老的Asp 代码不受影响,只有 ASP.NET才受影响。

对于 SQL Server,如果用户以 administrative 权限运行代码,则会受影响

对于Windows Server 2003,攻击者可以通过MSDTC获取token访问其他同样token的进程,从而可能造成提权。

任何具有SeImpersonatePrivilege的进程都有可能造成提权。

对于服务器管理员来说,做一些简单的调整可以在IIS上对抗此威胁。

IIS 6.0 - Configure a Worker Process Identity (WPI) for an application pool in IIS to use a created account in IIS Manager and disable MSDTC
Perform the following steps:

1.n IIS Manager, expand the local computer, expand Application Pools, right-click the application pool and select Properties.

2.Click the Identity tab and click Configurable. In the User name and Password boxes, type the user name and password of the account under which you want the worker process to operate.

3. Add the chosen user account to the IIS_WPG group.

Disabling the Distributed Transaction Coordinator will help protect the affected system from attempts to exploit this vulnerability. To disable the Distributed Transaction Coordinator, perform these steps:

1.Click Start, and then click Control Panel. Alternatively, point to Settings, and then click Control Panel.

2.Double-click Administrative Tools. Alternatively, click Switch to Classic View and then double-click Administrative Tools.

3.Double-click Services.

4.Double-click Distributed Transaction Coordinator.

5.In the Startup type list, click Disabled.

6.Click Stop (if started), and then click OK.

You can also stop and disable the MSDTC service by using the following command at the command prompt:
sc stop MSDTC & sc config MSDTC start= disabled

Impact of Workaround: Managing the additional user accounts created in this workaround results in increased administrative overhead. Depending on the nature of applications running in this application pool, application functionality may be affected. An example is Windows Authentication; see Microsoft Knowledge Base Article 871179. Disabling MSDTC will prevent applications from using distributed transactions. Disabling MSDTC will prevent IIS 5.1 from running in Windows XP Professional Service Pack 2 and Windows XP Professional Service Pack 3, and IIS 6.0 running in IIS 5.0 compatibility mode. Disabling MSDTC will prevent configuration as well as running of COM+ applications.

相关链接:

http://hi.baidu.com/aullik5/blog/item/8f81d73e2ed471c47d1e7135.html

http://www.microsoft.com/technet/security/advisory/951306.mspx
Bug&Exp | Comments(0) | Trackbacks(0) | Reads(6394)
Add a comment
Emots
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
Enable HTML
Enable UBB
Enable Emots
Hidden
Nickname   Password   Optional
Site URI   Email   [Register]
               

Security code Case insensitive