Microsoft has recently released a security updates/patch for the systems running DNS service (Domain Name System) on Windows Server 2008, Window Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019. This has affected Windows server core installation as well.
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.
To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows Dns Server.
Microsoft has released a security updates as well as monthly roll up for all supported operating systems. Users should install updates their servers as soon as possible. As per the report, this vulnerability is wormable, and would run under the system context, giving any attackers full control of an affected DNS host.
Workarounds
If you are unable to apply security update due to some reason, you can use the following workaround on your server.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
DWORD = TcpReceivePacketSize
Value = 0xFF00You must restart the DNS Service for the registry change to take effect. To do this, run the following command at an elevated command prompt:
net stop dns && net start dnsAfter the workaround is implemented, a Windows DNS server will be unable to resolve DNS names for its clients if the DNS response from the upstream server is larger than 65,280 bytes.
To remove the workaround
After applying the patch, the admin can remove the value TcpReceivePacketSize and its corresponding data so that everything else under the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters remains as before.
The post CVE-2020-1350 Windows DNS Server Remote Code Execution Vulnerability appeared first on Web Hosting Blog.
This post first appeared on Web Hosting Blog - Web Hosting Discussion, please read the originial post: here
