Windows DNS Server Remote Code Execution Vulnerability

Security Vulnerability

Released: Jul 14, 2020

Last updated: Jul 28, 2020

Assigning CNA
Microsoft
CVE.org link
CVE-2020-1350

Executive Summary

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.

To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server.

The update addresses the vulnerability by modifying how Windows DNS servers handle requests.

Exploitability

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Publicly disclosed
No
Exploited
No
Exploitability assessment
Exploitation More Likely

Workarounds

The following registry modification has been identified as a workaround for this vulnerability.

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters 
  DWORD = TcpReceivePacketSize 
  Value = 0xFF00

Note: A restart of the DNS Service is required to take effect.

Please see 4569509 for more information.

To remove the workaround:

After applying the patch, the admin can remove the value TcpReceivePacketSize and its corresponding data so that everything else under the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters remains as before.

FAQ

This vulnerability has a CVSS Base score of 10. How bad is this?

We consider this to be a wormable vulnerability, meaning that it has the potential to spread via malware between vulnerable computers without user interaction. DNS is a foundational networking component and commonly installed on Domain Controllers, so a compromise could lead to significant service interruptions and the compromise of high level domain accounts.

Are any other non-Microsoft DNS server implementations impacted by this vulnerability?

The vulnerability stems from a flaw in Microsoft’s DNS server implementation and is not the result of a protocol level flaw, so it does not affect any other non-Microsoft DNS server implementations.

Under what circumstances would I consider using the registry key workaround?

Microsoft recommends everyone who runs DNS servers to install the security update as soon as possible. However, if you are unable to apply the patch right away, Microsoft recommends that you use the workaround as soon as possible to protect your environment in the time before you install the updates.

Is the Windows DNS client affected by this vulnerability?

No, the vulnerability only affects Microsoft's Windows DNS Server implementation, so the Windows DNS client is not affected.

Are internal, non-public facing DNS servers also vulnerable?

Yes, Internally facing DNS servers are also affected because the vulnerability occurs when a server processes a maliciously crafted response and this can be triggered by any client name request.

Are all Windows Servers affected by this vulnerability?

No. Only Windows servers that are configured as DNS servers are affected by this vulnerability.

Acknowledgements

  • Sagi Tzadik and Eyal Itkin from Check Point Research
Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. See Acknowledgements for more information.

Security Updates

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle.

Release date Descending

Disclaimer

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

How satisfied are you with the MSRC Security Update Guide?