Forum

CVE- 2020-1350 aka ...
 
Notifications
Clear all

CVE- 2020-1350 aka SIGRed  

  RSS

Hayden
(@hayden-kirk)
Member Admin
Joined: 4 years ago
Posts: 85
15/07/2020 9:57 am  

A new critical CVE is in the wild and actively being exploited. As below:

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.

To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server.

The update addresses the vulnerability by modifying how Windows DNS servers handle requests.

Advise is to update ASAP. The workaround can be found here:  https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability

A powershell command is available to disable large DNS requests and responses

New-ItemProperty "HKLM:SYSTEMCurrentControlSetServicesDNSParameters" -PropertyType DWORD -name TcpReceivePacketSize -Value '0xFF00' -Force Restart-Service "DNS Server" -Forced

Ideally, the patch needs to be applied as soon as possible.

More can be found here https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/


Quote
Share: