Critical Wormable Vulnerability Affecting Windows DNS Servers

On July 14, 2020 Microsoft publicly disclosed a critical vulnerability affecting Windows DNS Server.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

As a reminder DNS (Domain Naming System) servers are used primarily to resolve IP addresses. DNS is used for locating and identifying computer services and devices on the internet, such as email servers, websites, cloud applications, etc. By providing a worldwide, distributed directory service, the Domain Name System has been an essential component of the functionality of the Internet since 1985.

Per Microsoft, this is a “wormable vulnerability, meaning that it has the potential to spread via malware between vulnerable computers without user interaction.” Microsoft also stated, “a compromise could lead to significant service disruptions and the compromise of high-level domain accounts.” Simply put this vulnerability could allow a remote attacker to take over an entire network that is using Microsoft DNS Server.

The vulnerability is rated a 10/10 on the CVSS scale. Microsoft released an update on July 14, 2020 and recommends that the update be installed as soon as possible. If updating is not possible at this time, there is a registry modification that can be used as a temporary workaround.

The following registry modification has been identified as a workaround for this vulnerability.

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters 
  DWORD = TcpReceivePacketSize 
  Value = 0xFF00

This vulnerability affects Windows Server 2008 through Windows Server 2019.