Vulnerability in Microsoft Windows Server

  • CERT Admin
  • Tue Nov 03 2020
  • Alerts

Systems Affected

Windows servers running the DNS server on any of the following versions:

  • Windows Server 2003, 2008, 2012, 2016, 2019
  • Windows Server versions 1903,1909,2004


Overview

Remote code execution vulnerability (CVE‐2020‐1350) resides in Windows Domain Name System (DNS) servers. Vulnerability allows an attacker to run arbitrary codes in the Local System context.


Description

This vulnerability resides in windows servers with the DNS role, including Domain Controllers and the systems are vulnerable until updates are applied. Vulnerability allows an unauthenticated attacker to send maliciously crafted DNS queries to a vulnerable Windows DNS server and execute arbitrary codes. A successful compromise to a single computer in a network might affect other devices in the same network. It can spread from one vulnerable computer to another without any human interaction. Finally, this will enable attacker to gain full control over the system.


Impact

  • Possibility of exposing confidential information to unauthorized parties
  • Possibility of losing control of the entire network
  • Disruption to your day to day operations


Solution/ Workarounds

  • Apply the latest patch for this vulnerability released by Microsoft. Security patch is available for Windows server 2008 onwards.
  • Note ‐ Windows Servers 2003 is no longer supported and does not have a patch.
  • Microsoft has issued guidelines on how to mitigate the vulnerability just by editing registry keys. Refer the link below.

     https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability


References

  • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
  • https://www.cert.govt.nz


Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.


Last updated: Tue Nov 03 2020