What You Need to Know About the Windows DNS Vulnerability – CVE-2020-1350
Microsoft just released a patch for a critical risk vulnerability in their server implementation of DNS, known as Windows DNS Server: CVE-2020-1350. The vulnerability, known as SIGRed, allows an unauthenticated user to execute code with SYSTEM level privileges on the vulnerable server. As many organizations run the Windows DNS Server on their Active Directory Domain Controllers, this vulnerability can have a significant collateral impact on your internal systems. Microsoft Windows Server 2008 through 2019 are vulnerable.
DNS is a fundamental network protocol used on a daily basis by all internet users. It is often called the “phonebook of the internet”, translating domain names to IP addresses. There are many DNS server implementations available and the one we will discuss today is the Microsoft Windows DNS server which has a critical vulnerability: CVE-2020-1350. Other DNS Server implementations are not vulnerable. There is a workaround that does not require a reboot to implement.
References:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability
SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers
Speaker: Jorge Orchilles @jorgeorchilles
Jorge Orchilles has been involved in Information Technology since 2001. He began his career as a network and system administrator for a small private high school. Realizing his passion for IT, he founded The Business Strategy Partners in 2002 providing consulting services to residential, small, and medium businesses. While gaining work experience, he was a very involved, full-time student in Florida International University (FIU). He founded the FIU MIS Club and was later contracted to work on the University’s Active Directory Migration Project. After successful and on time completion of the project, he was employed by Terremark in 2007, a datacenter and cloud service provider acquired by Verizon. Jorge helped build and secure Terremark’s Infrastructure as a Service (IaaS) solution first called Collocation 2.0 and then “The Enterprise Cloud” in 2008.
SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet’s early warning system – the Internet Storm Center.
SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet’s early warning system – the Internet Storm Center.
source by SANS Institute
windows server dns
Thank you for the presentation.
Kaspersky on my company send me this network attack code (Intrusion.Win.CVE-2020-1350.b) and the attack IP was an internal IP is that a false positive?
and I checked we already have the patch update thankfully plus our DNS is definitely not online on the internet.