Vulnerability Found in Microsoft Exchange Server
A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. ...
24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management
CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support
If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.
Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.
At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.
2 min read
Daniel Guidry : Jul 15, 2020 12:00:00 AM
On July 14, 2020, Microsoft released a security update for the issue described in CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability. This advisory describes a Critical Remote Code Execution (RCE) vulnerability that affects Windows servers that are configured to run the DNS Server role. We strongly recommend that server administrators apply the security update at their earliest convenience.
A registry-based workaround can be leveraged to help protect an affected Windows server, and it can be implemented without requiring an administrator to restart the server. Because of the volatility of this vulnerability, administrators may have to implement the workaround before applying the security update in order to enable them to update their systems by using a standard deployment cadence.
This advisory specifically applies to the following Windows server versions:
CVE-2020-1350
Remote Code Execution (RCE)
Unknown at this time.
Publicly Disclosed |
No |
Exploited |
No |
Latest Software Release |
1 - Exploitation More Likely |
Older Software Release |
1 - Exploitation More Likely |
Denial of Service |
N/A |
CVSS Score of 10/10 (Severe)
An attacker who exploited the vulnerability could run arbitrary code in the context of the Local System Account. Due to the fact that the DNS service runs in elevated privileges, if it is compromised, an attacker is also granted successfully Domain Administrator rights, and in some circumstances, the vulnerability can be triggered remotely through browser sessions.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
DWORD = TcpReceivePacketSize
Value = 0xFF00
A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. ...
Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted...
VMWare refers to these two vulnerabilities collectively as VMSA-2021-0010. CVE-2021-21985 - The vSphere Client (HTML5) contains a remote code...