ALERT: Apply Microsoft Update for Vulnerability in Windows DNS Server

07/15/2020

This information is intended for U-M IT staff who are responsible for Windows Domain Name System (DNS) servers.

Summary

Microsoft has provided an update to address a critical Remote Code Execution (RCE) vulnerability that affects Windows servers configured to run the DNS Server role. This is a critical vulnerability in Windows DNS Server, a core networking component. This vulnerability has the potential to spread via malware between vulnerable computers without user interaction (it is a "wormable" vulnerability). Apply the update as soon as possible after appropriate testing.

Problem

A flaw in Microsoft’s DNS server implementation that affects all Windows Server versions allows a buffer overflow to be exploited for remote code execution. The vulnerability is wormable and could propagate automatically to vulnerable machines on the network with no user interaction. Non-Microsoft DNS Servers are not affected.

Affected Systems

All Windows Server versions with Microsoft’s DNS server role implemented.

Action Items

Apply the update or mitigate as soon as possible after appropriate testing. The need for immediate action supersedes the remediation timeframes in Vulnerability Management (DS-21).

A workaround to address this vulnerability is to make a registry change to restrict the size of the largest inbound TCP-based DNS response packet allowed. For the workaround details, see KB4569509: Guidance for DNS Server Vulnerability CVE-2020-1350.

Please continue to monitor this alert on Safe Computing for updates.

Threats

Microsoft has no evidence of active exploitation of this vulnerability in the wild. It is wormable and could propagate automatically to vulnerable machines on the network with no user interaction.

Technical Details

CVE-2020-1350 is a wormable, critical vulnerability in the Windows DNS server that can be triggered by a malicious DNS response.

How We Protect U-M

  • Information Assurance (IA) monitors a number of sources for information about new vulnerabilities and threats and provides up-to-date information to the university community.
  • IA performs regular vulnerability scans of university networks to identify vulnerable devices and request remediation.
  • IA provides vulnerability management guidance to the university.

Information for Users

This vulnerability affects servers, not personal computers. Most users do not need to do anything.

Security