Jump to content

REMOTE code execution in windows (server) DNS server (how to patch)

Ben Mitchell
 Share
Posted (edited)

Over the last few hours, Microsoft has announced they have patched a remote code execution in the Windows (server) DNS server. (CVE-2020-1350).

 

There are already patches and workarounds, these need to be applied ASAP. You can find the article on the MSRC page here

 

TLDR;

 

If you cannot apply the patch you can quickly deploy a registry workaround which will mitigate the risk until you can fully patch it. 

  

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters 
  DWORD = TcpReceivePacketSize 
  Value = 0xFF00

NOTE: this requires a DNS service restart. 

 

Edit: Specify that it only affects the server variants.

 

Edit2:

 

Take this with a grain of salt but there seems to be someone claiming responsibility for it over on twitter.

Edited by Ben Mitchell
Specify that it is for server, also twitter link.
Link to post
Share on other sites
Posted

Should probably note that this is about Windows Server, irrelevant for most people here.

F@H
Desktop: i9-13900K, ASUS Z790-E, 64GB DDR5-6000 CL36, RTX3080, 2TB MP600 Pro XT, 2TB SX8200Pro, 2x16TB Ironwolf RAID0, Corsair HX1200, Antec Vortex 360 AIO, Thermaltake Versa H25 TG, Samsung 4K curved 49" TV, 23" secondary, Mountain Everest Max

Mobile SFF rig: i9-9900K, Noctua NH-L9i, Asrock Z390 Phantom ITX-AC, 32GB, GTX1070, 2x1TB SX8200Pro RAID0, 2x5TB 2.5" HDD RAID0, Athena 500W Flex (Noctua fan), Custom 4.7l 3D printed case

 

Asus Zenbook UM325UA, Ryzen 7 5700u, 16GB, 1TB, OLED

 

GPD Win 2

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Windows

×