Warning: Critical Vulnerability in Microsoft Domain Name System (DNS) Server - SIGred
CVE-2020-1350: 10
Sources
https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remo...
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2...
Risks
Exploiting this vulnerability can result in arbitrary code execution with SYSTEM privileges. The exploit has the capability to spread without user interaction (wormable vulnerability)
As the Microsoft DNS Server service is usually enabled on Active Directory domain controllers, the attacker could be able to compromise the information system's Active Directory domain controllers.
Description
A vulnerability has been discovered in the Microsoft Domain Name System (DNS) Server service. This vulnerability is located in the code that parses responses to DNS queries.
The Windows DNS server parses an incoming DNS query, and in the way it parses a response to a forwarded DNS query. If triggered by a malicious DNS query, it triggers a heap-based buffer overflow, enabling the hacker to take control of the server.
An attacker can exploit vulnerable systems by crafting a specific response, in a particular format, to a legitimate request issued by a Microsoft DNS Server, which can cause a buffer overflow at the level of the Microsoft DNS Server service.
Recommended Actions
CERT.be recommends system administrators to apply the latest patches released on Patch Tuesday by the vendor as soon as possible.