The Microsoft Security Response Center identified a Critical Remote Code Execution (RCE) vulnerability in the Windows DNS server (CVE-2020-1350). What is it, what’s the risk, how can it be fixed and how can Sherweb help your MSP business manage it? You’ve come to the right place!
What is this Critical Remote Code Execution (RCE) vulnerability and why is it important?
Microsoft doesn’t often flag security vulnerabilities that require immediate action, so this situation caught our attention right away. The problem comes from a flaw in in Microsoft’s Domain Name System (DNS) server implementation, wherein a vulnerability is created when DNS servers fail to handle requests.
An RCE vulnerability is a high-risk issue because, as its name suggests, it can be exploited without an attacker being physically present. In this instance, bad actors could send harmful requests to a Windows DNS server.
Because DNS is a highly important networking component, exploitation could cause service interruptions and compromise critical accounts for affected organizations.
This specific vulnerability is also considered ‘wormable’, meaning it can be exploited to spread malware to other machines using Windows DNS servers. While it’s not known to have been utilized in cyberattacks, the potential impacts of such activity loom large.
The issue affects all Windows Server versions; non-Microsoft DNS servers are not affected by this vulnerability.
What’s being done about this vulnerability?
Microsoft highly recommends applying the necessary updates as soon as possible, which modify how Windows DNS servers handle requests. However, if you can’t update your systems right away, the following workaround is also available…
Make the following registry change to restrict the size of the largest inbound TCP-based DNS response packet that’s allowed:
- Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
- Value: TcpReceivePacketSize
- Type: DWORD
- Value data: 0xFF00
- The default (also maximum) Value data = 0xFFFF
- The recommended Value data = 0xFF00 (255 bytes less than the maximum)
- Restart the DNS Service for the registry change to take effect. To do this, run the following command at an elevated command prompt: net stop dns && net start dns
- After the workaround is implemented, a Windows DNS server will be unable to resolve DNS names for its clients if the DNS response from the upstream server is larger than 65,280 bytes
Sherweb’s NOC Services keep you safe in these scenarios
Finding out about this kind of security vulnerability directly from Microsoft—and then following the recommended steps to resolve it—is all well and good. But if you’re learning about the issue from this blog, you’re unfortunately behind on your response.
Being able to protect your clients from such vulnerabilities is a crucial step in positioning yourself as their trusted IT advisor. It’s also a good move if you’re trying to move from break-fix to MSP, or if you’re goal is to add more managed services (Infrastructure-as-a-Service, for example) to your offering.
Sherweb’s NOC Services can easily make this happen for your business. Including monitoring, patching and alerting services, NOC Services ensure your clients’ infrastructure is protected and that their systems stay up and running.
How NOC Services came to the rescue for CVE-2020-1350
- Sherweb cloud experts alerted to the vulnerability
- Workaround application initiated for Sherweb partners using NOC Services or Managed Cloud
- Necessary updates scheduled during upcoming monthly maintenance for Sherweb partners
- Partners notified of vulnerability and what Sherweb is doing about it, with no action necessary on their end
Maximize your value for clients and keep them safe at the same time! Learn more about NOC Services and how they can benefit your MSP business by taking a look at our detailed product sheet.