Checkpoint recently disclosed a remote code execution vulnerability in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the Local System Account.
This vulnerability has a base CVSS score of 10.0 and is classified as “wormable” meaning the exploit could be weaponized such that it can spread from computer to computer.
The Masergy Threat Intelligence team is currently not aware of exploitation of this vulnerability occurring in-the-wild. Although there are no proof-of-concept exploits publicly available at this time, we assess with moderate confidence that attackers will pursue the development of exploits for this vulnerability.
- CVE-2020-1350 – Remote code execution vulnerability in Windows Domain Name System servers that fails to properly handle requests. Successful exploitation can lead to arbitrary code in the context of the Local System account..
- Windows servers configured as DNS servers
- Windows Server 2008
- Windows Server 2012
- Windows Server 2016
- Windows Server 2019
- Windows Server
- Version 1903
- Version 1909
- Version 2004
We recommend the following actions be taken:
- Apply the July 2020 security update after appropriate testing.
- If updating is not possible, perform the registry-based workaround provided by Microsoft here.