Security Advisory: Windows DNS Server Vulnerability ( CVE-2020-1350)

KRISHNA KONA

July 14, 2020 - 2 Min. de leitura

Security Insights

Conteúdo

Article
Mais blogs

Background

Today is July 2020 Patch Tuesday, and Microsoft has released updates/fixes for multiple vulnerabilities. One of them is a critical vulnerability with a CVSS score of 10.

What is the issue?

Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350)

Microsoft released an update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are not affected.

Systems impacted

Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server, version 1903 (Server Core installation)
Windows Server, version 2004 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)

What can you do to protect yourself?

According to Microsoft, this vulnerability is not currently known to be used in active attacks. It is essential that customers apply Windows updates to address this vulnerability as soon as possible. If applying the update quickly is not practical, a registry-based workaround is available that does not require restarting the server.

It is important to have updated security software and the latest software patches applied to the endpoints. As always, avoid opening suspicious emails containing attachments or links that come from any unknown sources. And disable macros in Office programs. Do not enable them unless it is essential to do so.

Zscaler coverage

Zscaler ThreatLabZ has added detection signatures for exploitation of this vulnerability through our Advanced Cloud Firewall protection.

Advanced Cloud Firewall Signatures
Win32.Exploit.CVE-2020-1350

Details related to these threat signatures can be found in the Zscaler Threat Library.

Reference

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

https://msrc-blog.microsoft.com/2020/07/14/july-2020-security-update-cve-2020-1350-vulnerability-in-windows-domain-name-system-dns-server/

https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability

Obrigado por ler

Esta postagem foi útil?？

Sim, muito útil!

Na verdade, não

Aviso legal: este post no blog foi criado pela Zscaler apenas para fins informativos e é fornecido "no estado em que se encontra", sem quaisquer garantias de exatidão, integridade ou confiabilidade. A Zscaler não se responsabiliza por quaisquer erros, omissões ou por quaisquer ações tomadas com base nas informações fornecidas. Quaisquer sites ou recursos de terceiros vinculados neste post são fornecidos apenas para sua conveniência, e a Zscaler não se responsabiliza por seu conteúdo ou práticas. Todo o conteúdo está sujeito a alterações sem aviso prévio. Ao acessar este blog, você concorda com estes termos e reconhece que é de sua exclusiva responsabilidade verificar e utilizar as informações conforme apropriado para suas necessidades.