Microsoft Vulnerability in Windows DNS

CVE-2020-1350

Today Microsoft announced a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0.

The threat

This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are not affected.

The impact

Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction. Windows DNS Server is a core networking component.

Our recommendations

While this vulnerability is not currently known to be used in active attacks, Microsoft have advised that it is essential that Microsoft customers apply Windows updates to address this vulnerability as soon as possible.

If applying the update quickly is not practical, a registry-based workaround is available that does not require restarting the server. The update and the workaround are both detailed in CVE-2020-1350.

Check Point, who discovered the vulnerability, also strongly recommend users to patch their affected Windows DNS Servers in order to prevent the exploitation of this vulnerability. They have outlined further technical detail in their research blog

Below are the links to further information about the vulnerability. We recommend you review this information if you are concerned about the impact to your business. We will continue to monitor the situation and update this webpage as new information becomes available.

Integrity360 clients can email their account manager to query anything related to this vulnerability. Alternatively, please email info@integrity360.com and we will arrange a follow up for you. As always, Integrity360 Managed Security Service customers will be covered through our proactive security approach.

More information