Critical Microsoft DNS Server Vulnerability (CVE-2020-1350)

About

Microsoft has released a patch for a Critical Vulnerability in the Windows DNS Service that can lead to Remote Code Execution (RCE). This is considered worm-able and can spread between devices without user interaction.

Fix

Microsoft System Matrix including patch download – https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

* This will require a reboot of the server

A no reboot registry workaround can be found below:

https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability

* This could have a negative impact, but is unlikely in most cases according to Microsoft

Scan your external IP address range for port udp/53 to verify your internal network DNS server is not open to the internet.

DATE PUBLISHEDJuly 15, 2020

AUTHORBlackpoint Cyber

Subscribe to the Blackpoint Blog

Don’t let a lack of awareness leave the organizations you protect vulnerable to sophisticated and elusive attacks. Subscribe now for a weekly roundup of Blackpoint’s empowering articles.

Subscribe now!

Critical Microsoft DNS Server Vulnerability (CVE-2020-1350)

About

Fix

DATE PUBLISHEDJuly 15, 2020

AUTHORBlackpoint Cyber

Subscribe to the Blackpoint Blog

Solutions

Why Blackpoint

Partners

Company

Resources

Critical Microsoft DNS Server Vulnerability (CVE-2020-1350)

About

Fix

DATE PUBLISHEDJuly 15, 2020

AUTHORBlackpoint Cyber

SHARE ON

Subscribe to the Blackpoint Blog