Researchers from Checkpoint have just discovered a critical vulnerability in Microsoft’s DNS service, affecting all versions of Windows server from 2008 to 2019. This vulnerability (CVE-2020-1350) makes us very nervous. It allows remote code execution of the host and reminds of us of easily exploitable bugs that our penetration testers (and your attackers) use to gain Domain Administrator access on your domain.

The folks at Checkpoint have done an amazing job in discovering this bug, and their write-up of this vulnerability including technical details, can be found on their blog.

We urge all customers running Windows Server within their organisation to the latest Microsoft Security Update which remediates CVE-2020-1350. Where this is not possible, the below fix can be applied through a registry update and pushed out via Group Policy; however, this is not recommended as we encourage all customers to deploy effective patch management, and not spot fixes.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
DWORD = TcpReceivePacketSize
Value = 0xFF00

Categories:

Book a free Cyber Security consultation today