{"id":21517,"date":"2020-07-16T14:31:11","date_gmt":"2020-07-16T18:31:11","guid":{"rendered":"https:\/\/www.sherweb.com\/blog\/?p=21517"},"modified":"2022-09-06T10:57:07","modified_gmt":"2022-09-06T14:57:07","slug":"critical-remote-code-execution-rce-vulnerability-in-windows-dns-server","status":"publish","type":"post","link":"https:\/\/www.sherweb.com\/blog\/cloud-server\/critical-remote-code-execution-rce-vulnerability-in-windows-dns-server\/","title":{"rendered":"Critical Remote Code Execution (RCE) vulnerability in Windows DNS server: how Sherweb\u2019s NOC Services keep you safe"},"content":{"rendered":"

The Microsoft Security Response Center identified a Critical Remote Code Execution (RCE) vulnerability in the Windows DNS server<\/a> (CVE-2020-1350). What is it, what\u2019s the risk, how can it be fixed and how can Sherweb help your MSP business manage it? You\u2019ve come to the right place!<\/p>\n

What is this Critical Remote Code Execution (RCE) vulnerability and why is it important?<\/strong><\/h2>\n

Microsoft doesn\u2019t often flag security vulnerabilities that require immediate action, so this situation caught our attention right away. The problem comes from a flaw in in Microsoft\u2019s Domain Name System (DNS) server implementation, wherein a vulnerability is created when DNS servers fail to handle requests<\/a>.<\/p>\n

Get ahead of security risks like this with Sherweb\u2019s NOC services<\/a><\/em><\/h3>\n

An RCE vulnerability is a high-risk issue because, as its name suggests, it can be exploited without an attacker being physically present. In this instance, bad actors could send harmful requests to a Windows DNS server.<\/p>\n

Because DNS is a highly important networking component, exploitation could cause service interruptions and compromise critical accounts for affected organizations.<\/p>\n

This specific vulnerability is also considered \u2018wormable\u2019, meaning it can be exploited to spread malware to other machines using Windows DNS servers. While it\u2019s not known to have been utilized in cyberattacks, the potential impacts of such activity loom large.<\/p>\n

The issue affects all Windows Server versions; non-Microsoft DNS servers are not affected by this vulnerability.<\/p>\n

What\u2019s being done about this vulnerability?<\/strong><\/h2>\n

Microsoft highly recommends applying the necessary updates<\/a> as soon as possible, which modify how Windows DNS servers handle requests. However, if you can\u2019t update your systems right away, the following workaround<\/a> is also available…<\/p>\n

Make the following registry change\u00a0to restrict\u00a0the size of the largest inbound TCP-based DNS response packet that’s allowed:<\/strong><\/span><\/p>\n