SECURITY ALERTS

Critical Vulnerability (CVE-2020-1350) Exists in Windows DNS Server That Could Allow for Remote Code Execution

DESCRIPTION:

The flaw (CVE-2020-1350) is in the way the Windows DNS server parses an incoming DNS query, and in the way, it parses a response to a forwarded DNS query. If triggered by a malicious DNS query, it triggers a heap-based buffer overflow, enabling the hacker to take control of the server.

 

To add to the severity of the flaw, Microsoft described it as ‘wormable,’ which means that a single exploit can start a chain reaction that allows attacks to spread from vulnerable machines to vulnerable machines without requiring any human interaction. As DNS security is not something many organizations monitor for or have tight controls around, this means that a single compromised machine could be a ‘super spreader,’ enabling the attack to spread throughout an organization’s network within minutes of the first exploit.

 

AFFECTED RELEASES:

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1903 (Server Core installation)

Windows Server, version 1909 (Server Core installation)

Windows Server, version 2004 (Server Core installation)

 

SOLUTION:

Users and system administrators of affected products are advised to apply the security updates immediately from the following URL:

1. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

2. https://support.microsoft.com/zh-tw/help/4569509/windows-dns-server-remote-code-execution-vulnerability

 

REFERENCE:

1.https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

2.https://support.microsoft.com/zh-tw/help/4569509/windows-dns-server-remote-code-execution-vulnerability

3.https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1350

Back To Top