Skip to the main content.
Government Programs
Integrated technology, solutions, and services that support rapid innovation within the DoD ecosystem.

CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR/RMF Pro)
ATO/RMF Support

Book GP Demo

Professional Services
Expertise in security strategy, incident response readiness, policy development, and risk assessments.

Risk Assessments
vCISO
Penetration Testing

Book ProServ Demo

Digital Forensics & Incident Response
Are You Under Attack?

If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.

CONTACT US

Subscribe-to-NetSec-News-v4Subscribe to NetSec News

Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.

SIGN UP

Ingalls Information Security

At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.

Meet The Leadership Team

2 min read

Vulnerability in Windows Domain Name System (DNS)

On July 14, 2020, Microsoft released a security update for the issue described in CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability. This advisory describes a Critical Remote Code Execution (RCE) vulnerability that affects Windows servers that are configured to run the DNS Server role. We strongly recommend that server administrators apply the security update at their earliest convenience.

A registry-based workaround can be leveraged to help protect an affected Windows server, and it can be implemented without requiring an administrator to restart the server. Because of the volatility of this vulnerability, administrators may have to implement the workaround before applying the security update in order to enable them to update their systems by using a standard deployment cadence.

Affected Software / System

This advisory specifically applies to the following Windows server versions:

  • Windows Server, version 2004 (Server Core installation)
  • Windows Server, version 1909 (Server Core installation)
  • Windows Server, version 1903 (Server Core installation)
  • Windows Server, version 1803 (Server Core Installation)
  • Windows Server 2019 (Server Core installation)
  • Windows Server 2019
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2016
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for 32-bit Systems Service Pack 2


CVE (if applicable)

CVE-2020-1350

Type

Remote Code Execution (RCE)

Exploit Status: Exploited but not Public

Unknown at this time.

Publicly Disclosed

No

Exploited

No

Latest Software Release

1 - Exploitation More Likely

Older Software Release

1 - Exploitation More Likely

Denial of Service

N/A

 

Rating

CVSS Score of 10/10 (Severe)

Impact

An attacker who exploited the vulnerability could run arbitrary code in the context of the Local System Account. Due to the fact that the DNS service runs in elevated privileges, if it is compromised, an attacker is also granted successfully Domain Administrator rights, and in some circumstances, the vulnerability can be triggered remotely through browser sessions.

Mitigation

  • Microsoft recommended workaround:
    • The following registry modification has been identified as a workaround for this vulnerability.
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
DWORD = TcpReceivePacketSize
Value = 0xFF00
    • Note:A restart of the DNS Service is required to take effect.
    • To remove the workaround patch:
      • The admin can remove the value TcpReceivePacketSize and its corresponding data so that everything else under the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters remains as before.
      • Additional workaround implementation details can be found here.


Ingalls recommends the following actions:

  • Ingalls recommends that any organization with DNS services in Microsoft Windows environments to install the security update(s) as soon as possible. However, if you are unable to apply the patch right away, Ingalls recommends that you use the workaround as soon as possible to protect your environment in the time before you install the updates.
Subscribe to Network Security News