Only Forward: CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability (Short Temp Fix)

Wednesday 15 July 2020

CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability (Short Temp Fix)

A DNS Security risk has been found in Windows DNS that could / will be weaponised as a worm.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

Short Term Fix Until you install the patch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters

DWORD = TcpReceivePacketSize

Value = 0xFF00

https://support.microsoft.com/en-gb/help/4569509/windows-dns-server-remote-code-execution-vulnerability

The DNS service has to be restarted.

This workaround may break some DNS request, Microsoft says that standard DNS queries "should" be ok, but recommend diagnostic logging of the DNS server before applying to confirm.

The Default (also max) Value = 0xFFFF

The Recommended Value = 0xFF00 (255 bytes less than the max)

Once you have the security patch installed you can remove the "TcpReceivePacketSize" Registry key returning it all back to default.

Only Forward

Wednesday 15 July 2020

CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability (Short Temp Fix)

No comments:

Post a Comment