[dns-operations] Wormable RCE in MS Windows DNS Server CVE-2020-1350
Phil Pennock
dnsop+phil at spodhuis.org
Wed Jul 15 14:55:27 UTC 2020
For anyone whose organization has some MS Windows servers running a DNS
server, you might care about a CVSS 10.0 wormable Remote Code Execution
vulnerability:
https://msrc-blog.microsoft.com/2020/07/14/july-2020-security-update-cve-2020-1350-vulnerability-in-windows-domain-name-system-dns-server/
There's a registry mitigation which doesn't require server restart, and
patches available.
My sympathy to those affected (and my relief that _this_ time it's not a
Unix software stack).
-Phil
More information about the dns-operations
mailing list