What You Need to Know About the Windows DNS Vulnerability - CVE-2020-1350

  • Wednesday, 15 Jul 2020 12:00PM EDT (15 Jul 2020 16:00 UTC)
  • Speaker: Jorge Orchilles

Microsoft just released a patch for a critical risk vulnerability in their server implementation of DNS, known as Windows DNS Server: CVE-2020-1350.The vulnerability, known as SIGRed, allows an unauthenticated user to execute code with SYSTEM level privileges on the vulnerable server. As many organizations run the Windows DNS Server on their Active Directory Domain Controllers, this vulnerability can have significant collateral impact on your internal systems. Microsoft Windows Server 2008 through 2019 are vulnerable.

DNS is a fundamental network protocol used on a daily basis by all internet users. It is often called the \phone book of the internet", translating domain names to IP addresses. There are many DNS server implementations available and the one one we will discuss today is the Microsoft Windows DNS server which has a critical vulnerability: CVE-2020-1350. Other DNS Server implementations are not vulnerable. There is a workaround that does not require a reboot to implement.

References:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability

https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/