Threat Brief: Microsoft DNS Server Wormable Vulnerability CVE-2020-1350

In July 2020, Microsoft released a security update, CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability, for a new remote code execution (RCE) vulnerability.

This vulnerability exists within the Microsoft Windows Domain Name System (DNS) Server due to the improper handling of certain types of requests, specifically over port 53/TCP. Exploitation of this vulnerability is possible by creating an integer overflow, potentially leading to remote code execution.

This vulnerability only affects Windows DNS and the following builds of the Microsoft Windows operating system (OS):

  • Windows Server 2008/2008 R2
  • Windows Server 2012/2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server version 1803/1903/1909/2004 (Server Core installation)

Read more…
Source: Palo Alto