Call us today on: +44 (0)203 88 020 88
SecureTeamSecureTeamSecureTeamSecureTeam
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Build Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us

News

Home  >  News  >  Vulnerabilities  >  Critical Microsoft DNS RCE Vulnerability
NextPrevious

Critical Microsoft DNS RCE Vulnerability

News, Vulnerabilities | 16 July, 2020 | 0

Microsoft has released a patch to resolve a critical remote code execution vulnerability that has lived in the DNS server code for 17 years.

A blog post from the Microsoft Security Response Centre states:

Today we released an update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are not affected.

Since DNS servers are, necessarily, exposed to the Internet this vulnerability deserves urgent attention to install the patch or follow the mitigation steps published by Microsoft.

The flaw is described as ‘wormable,’ this means a single compromised DNS server could be leveraged to then attack and compromise other servers on the same network without user interaction.

The vulnerability lies in the Microsoft DNS server code and is not a problem with the DNS protocol itself.  Only the DNS Server software is affected, client Windows 10 PC are not vulnerable.

With the severity of the flaw, Microsoft has issued patches for all versions of its server software back to Server 2004.

 

Subscribe to our monthly cybersecurity newsletter
Stay up-to-date with the very latest cybersecurity news & technical articles delivered straight to your inbox
We hate spam as much as you do. We will never give your email address out to any third-party.
DNS, microsoft, patching

Related Post

  • Visual Studio RCE Vulnerability Patched

    By Mark Faithfull

    Microsoft has patched a Remote Code Execution vulnerability in Visual Studio which could be exploited by creating a code repository – such as for a popular open source tool – and convincing a developer toRead more

  • October Patch Tuesday includes critical Windows TCP/IP vulnerability

    By Mark Faithfull

    October’s security patch bundle from Microsoft resolves 87 vulnerabilities, 12 rated as critical.  One of these is a flaw in the Windows TCP/IP stack which can result in a server crash or remote code executionRead more

  • Microsoft Defender now updates OS image files

    By Mark Faithfull

    Whenever a new Windows device is booted from an image, there is a period of time when the machine is live and on the network, but it is missing operating system security patches and MicrosoftRead more

  • Critical Domain Controller Flaw Requires Urgent Patching

    By Mark Faithfull

    A critical vulnerability in Microsoft Netlogon was patched in the August patch cycle – but was so dangerous that details were not made public until September when (hopefully) many systems would have been patched.  IfRead more

  • September patch Tuesday fixes 23 Critical Microsoft Vulnerabilities

    By Mark Faithfull

    The September 2020 patch Tuesday contain fixes for 23 Critical vulnerabilities in Microsoft products and 129 fixes in total – including a Microsoft Exchange vulnerability that can allow remote code execution simply by sending aRead more

NextPrevious

Recent Posts

  • WordPress force updates a million sites to fix SQLi flaw
  • Google Patches Chrome Zero-Day Vulnerability
  • Visual Studio RCE Vulnerability Patched
  • Sonicwall critical Firewall RCE vulnerability
  • What is a Network Access Seller?

Tags

Android blockchain Bluetooth Chrome Cisco credential stuffing cyber crime cyber essentials cyber security cyber security news Data Protection DNS Ethereum Exchange Server exim fileless formjacking GDPR Intel IoT Linux MacOS Meltdown microsoft patching penetration testing phishing ransomware RDP Row Hammer security breach Security operations security testing SIEM Spectre supply chain attacks Sysinternals Tomcat TPM UK Law VNC vulnerability management web applications web browsers wireless

Archives

  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • July 2018
  • June 2018
  • April 2018
  • January 2018
  • October 2017
BCS Cyber Essentials Cyber Essentials Cyber Essentials PLUS ISO 9001 ISO 27001
information. secured.
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Build Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us
SecureTeam
SecureTeam use cookies on this website to ensure that we give you the best experience possible. If you continue to use our site we will assume that you are happy with cookies being used.OkRead more