Service Notices
Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350)
Jul 23, 2020 GMT+08:00
I. Overview
Microsoft recently released its monthly set of security updates for July, which disclosed an important RCE vulnerability in Windows DNS. According to the analysis by security researchers, this vulnerability has the worm-level attack capability, and its CVSS score is 10. This vulnerability affects Windows Server versions from 2003 to 2019. Attackers can exploit this vulnerability to send specially crafted request packets to the targeted server and run arbitrary code.
If you are a Windows DNS user, check your service and implement timely security hardening.
Reference link:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Affected versions:
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server version 1909 (Server Core installation)
Windows Server version 1903 (Server Core installation)
Windows Server version 2004 (Server Core installation)
IV. Vulnerability Handling
This vulnerability has been fixed in the latest official patch release. You can use Windows Update to automatically update. Or, you can manually download the patch from the following website:
https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1350
If you are unable to update, refer to the following workarounds provided on the official website to temporarily avoid risks:
In the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDNSParameters registry, set the parameters as follows and restart the DNS server:
DWORD = TcpReceivePacketSize
Value = 0xFF00
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.