11:15am, 15 July 2020
TLP Rating:
Critical vulnerability in Microsoft Windows Server
A Remote Code Execution (RCE) vulnerability exists in Windows Domain Name System (DNS) servers. This allows an unauthenticated remote attacker to run arbitrary code in the Local System context.
This is a wormable vulnerability, meaning an attack on a single compromised machine can spread from one vulnerable computer to another without any human interaction.
What's happening
Systems affected
Windows servers running the DNS server on any of the following versions:
- Windows Server 2003, 2008, 2012, 2016, 2019
- Windows Server, versions 1903, 1909, 2004
Windows Servers with the DNS role, including Domain Controllers, are vulnerable until updates are applied. Due to the critical nature of these servers, we recommend you prioritise protecting them immediately.
What this means
This RCE vulnerability can be exploited by a remote unauthenticated attacker sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution.
This will enable the attacker to gain full control over the system.
What to look for
How to tell if you're at risk
Windows DNS servers that have not had the latest updates applied from Microsoft are at risk.
What to do
Prevention
Microsoft has issued a patch for this vulnerability. It is available via the Microsoft portal for Windows servers 2008 onwards.
The patch also includes security updates for a further 122 other vulnerabilities, with a total 18 flaws listed as critical, and 105 listed as important.
Note – Windows Servers 2003 is no longer supported and does not have a patch.
Mitigation
Microsoft has advised that mitigation can be achieved by editing registry keys on vulnerable servers. Details can be found on the Microsoft website at:
More information
Microsoft Portal Link:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350 External Link
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.
For media enquiries, email our media desk at certmedia@cert.govt.nz or call on 021 854 384
How helpful was this page?
This site is protected by reCAPTCHA and the Google Privacy Policy External Link and Terms of Service External Link apply.