homepage
Open menu
Contact Sales

What You Need to Know About the Windows DNS Vulnerability - CVE-2020-1350

  • Wednesday, 15 Jul 2020 12:00PM EDT (15 Jul 2020 16:00 UTC)
  • Speaker: Jorge Orchilles

Microsoft just released a patch for a critical risk vulnerability in their server implementation of DNS, known as Windows DNS Server: CVE-2020-1350.The vulnerability, known as SIGRed, allows an unauthenticated user to execute code with SYSTEM level privileges on the vulnerable server. As many organizations run the Windows DNS Server on their Active Directory Domain Controllers, this vulnerability can have significant collateral impact on your internal systems. Microsoft Windows Server 2008 through 2019 are vulnerable.

DNS is a fundamental network protocol used on a daily basis by all internet users. It is often called the \phone book of the internet", translating domain names to IP addresses. There are many DNS server implementations available and the one one we will discuss today is the Microsoft Windows DNS server which has a critical vulnerability: CVE-2020-1350. Other DNS Server implementations are not vulnerable. There is a workaround that does not require a reboot to implement.

References:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability

https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/

Login to Register

Related Content

Blog
N2C_blog_image.png
Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, Artificial Intelligence (AI)
A Visual Summary of SANS New2Cyber Summit 2024
Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024
370x370-person-placeholder.png
Alison Kim
read more
Blog
cti_blog.png
Cyber Defense, Digital Forensics, Incident Response & Threat Hunting, Industrial Control Systems Security, Penetration Testing and Red Teaming
A Visual Summary of SANS CTI Summit 2024
Check out these graphic recordings created in real-time throughout the event for SANS CTI Summit 2024
370x370-person-placeholder.png
Alison Kim
read more
Blog
Top_10_SANS_Summits_Talks_of_2021.png
Cybersecurity Insights, Digital Forensics, Incident Response & Threat Hunting, Cyber Defense, Cloud Security, Open-Source Intelligence (OSINT), Cybersecurity Leadership, Security Awareness, Artificial Intelligence (AI)
Top 15 SANS Summit Talks of 2023
This year, SANS hosted 16 Summits with 209 talks. Here were the top-rated talks of the year.
370x370-person-placeholder.png
Alison Kim
read more