Other official information and services: www.belgium.be

Warning: Critical Vulnerability in Microsoft Domain Name System (DNS) Server - SIGred

Reference:

Advisory #2020-025

Version:

1.0

Affected software:

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1903 (Server Core installation)

Windows Server, version 1909 (Server Core installation)

Windows Server, version 2004 (Server Core installation)

Type:

Remote Code Execution (RCE)

CVE/CVSS:

CVE-2020-1350: 10

Date:

16/07/2020

Sources

https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remo...
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2...

Risks

Exploiting this vulnerability can result in arbitrary code execution with SYSTEM privileges. The exploit has the capability to spread without user interaction (wormable vulnerability)

As the Microsoft DNS Server service is usually enabled on Active Directory domain controllers, the attacker could be able to compromise the information system's Active Directory domain controllers.

Description

A vulnerability has been discovered in the Microsoft Domain Name System (DNS) Server service. This vulnerability is located in the code that parses responses to DNS queries.

The Windows DNS server parses an incoming DNS query, and in the way it parses a response to a forwarded DNS query. If triggered by a malicious DNS query, it triggers a heap-based buffer overflow, enabling the hacker to take control of the server.

An attacker can exploit vulnerable systems by crafting a specific response, in a particular format, to a legitimate request issued by a Microsoft DNS Server, which can cause a buffer overflow at the level of the Microsoft DNS Server service.

Recommended Actions

CERT.be recommends system administrators to apply the latest patches released on Patch Tuesday by the vendor as soon as possible.