CRITICAL Advisory
Windows DNS Server Update for 'Wormable' Remote Code Execution Vulnerability
Situation
Microsoft has released a security update to address a remote code execution (RCE) vulnerability (CVE-2020-1350) in Windows DNS Servers, which a remote attacker could exploit to take control of an affected system. This is considered a “wormable” vulnerability that affects all Windows Server versions.
Problem
A Critical Remote Code Execution (RCE) vulnerability in Windows DNS Servers, that is classified as a ‘wormable’ vulnerability, which has a CVSS base score of 10.0. This issue is caused by a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are not affected.
Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without any user interaction.
Implication
If an attacker is able to successfully exploit this vulnerability, they could execute arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.
Need
Microsoft strongly recommends users and administrators to update vulnerable Windows DNS Servers as soon as possible. If applying the update quickly is not practical, a registry-based workaround is available that does not require restarting the server.
Workaround
Microsoft workaround guide
Additional information
Microsoft security advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
Microsoft security blog
