What You Need to Know About the Windows DNS Vulnerability - CVE-2020-1350
34Microsoft just released a patch for a critical risk vulnerability in their server implementation of DNS, known as Windows DNS Server: CVE-2020-1350. The vulnerability, known as SIGRed, allows an unauthenticated user to execute code with SYSTEM level privileges on the vulnerable server. As many organizations run the Windows DNS Server on their Active Directory Domain Controllers, this vulnerability can have a significant collateral impact on your internal systems. Microsoft Windows Server 2008 through 2019 are vulnerable.
DNS is a fundamental network protocol used on a daily basis by all internet users. It is often called the "phonebook of the internet", translating domain names to IP addresses. There are many DNS server implementations available and the one we will discuss today is the Microsoft Windows DNS server which has a critical vulnerability: CVE-2020-1350. Other DNS Server implementations are not vulnerable. There is a workaround that does not require a reboot to implement.
References:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability
https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/
Speaker: Jorge Orchilles @jorgeorchilles
Jorge Orchilles has been involved in Information Technology since 2001. He began his career as a network and system administrator for a small private high school. Realizing his passion for IT, he founded The Business Strategy Partners in 2002 providing consulting services to residential, small, and medium businesses. While gaining work experience, he was a very involved, full-time student in Florida International University (FIU). He founded the FIU MIS Club and was later contracted to work on the University's Active Directory Migration Project. After successful and on time completion of the project, he was employed by Terremark in 2007, a datacenter and cloud service provider acquired by Verizon. Jorge helped build and secure Terremark's Infrastructure as a Service (IaaS) solution first called Collocation 2.0 and then "The Enterprise Cloud" in 2008.
SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.
SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.