Service Notices

All Notices > Security Notices > Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350)

Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350)

Jul 23, 2020 GMT+08:00

I. Overview

Microsoft recently released its monthly set of security updates for July, which disclosed an important RCE vulnerability in Windows DNS. According to the analysis by security researchers, this vulnerability has the worm-level attack capability, and its CVSS score is 10. This vulnerability affects Windows Server versions from 2003 to 2019. Attackers can exploit this vulnerability to send specially crafted request packets to the targeted server and run arbitrary code.

If you are a Windows DNS user, check your service and implement timely security hardening.

Reference link:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Affected versions:

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server version 1909 (Server Core installation)

Windows Server version 1903 (Server Core installation)

Windows Server version 2004 (Server Core installation)

IV. Vulnerability Handling

This vulnerability has been fixed in the latest official patch release. You can use Windows Update to automatically update. Or, you can manually download the patch from the following website:

https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1350 

If you are unable to update, refer to the following workarounds provided on the official website to temporarily avoid risks:

In the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters registry, set the parameters as follows and restart the DNS server:

DWORD = TcpReceivePacketSize

Value = 0xFF00

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.