[dns-operations] Wormable RCE in MS Windows DNS Server CVE-2020-1350

Phil Pennock dnsop+phil at spodhuis.org
Wed Jul 15 14:55:27 UTC 2020


For anyone whose organization has some MS Windows servers running a DNS
server, you might care about a CVSS 10.0 wormable Remote Code Execution
vulnerability:

  https://msrc-blog.microsoft.com/2020/07/14/july-2020-security-update-cve-2020-1350-vulnerability-in-windows-domain-name-system-dns-server/

There's a registry mitigation which doesn't require server restart, and
patches available.

My sympathy to those affected (and my relief that _this_ time it's not a
Unix software stack).

-Phil


More information about the dns-operations mailing list