IP Clarity Ltd - Scotland Cyber Security Provider

View Original

CVE-2020-1350 Microsoft Server DNS Critical Vunerabilty - CVSS Score of 10 !

Microsoft have confirmed CVE-2020-1350 Vunerability in Windows Server DNS and released an urgent / critical patch for all Windows Server that are running DNS Server, this has the potential to be remotely exploited and is considered very urgent that all Windows Server Operator Patch this NOW.

Here is what Microsoft say:

July 2020 Security Update: CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server

MSRC / By MSRC Team / July 14, 2020 / DNSMSRCWindowsWorm

Today we released an update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are not affected.

Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction. Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.

If applying the update quickly is not practical, a registry-based workaround is available that does not require restarting the server. The update and the workaround are both detailed in CVE-2020-1350.

Customers with automatic updates turned on do not need to take any additional action.