• Home
  • Microsoft DNS Server RCE Vulnerability
blog-1

Microsoft DNS Server RCE Vulnerability

CVE 2020-1350 : Microsoft DNS Server RCE Vulnerability on Windows Server 2003 and above (SIGRed).

As part of the Monthly Patch Tuesday release on 14th July, Microsoft released details of a new vulnerability in Windows DNS Server. It has been named SIGRed, discovered by Check Point security researchers.

This vulnerability has been classified by Microsoft as “Wormable” meaning that it has the potential to spread via malware between vulnerable computers without user interaction. DNS is key to network functionality, and is typically installed on all Domain Controllers within an AD environment.

The risk associated with this vulnerability means it has been given a CVSS Base score of 10 which is the highest level it can be given. To put that into context, there were only 6 vulnerabilities in the whole of 2019 from Microsoft with a rating of 10, so they don’t give this rating without need.

What Operating Systems Are Impacted?

Windows Server 2003
Windows Server 2008 and 2008 R2 both 32 and 64 bit
Windows Server 2012 and 2012 R2
Windows Server 2016 (Including Server Core)
Windows Server 2019 (Including Server Core)
Running the DNS Server role. Note that DNS Clients are NOT impacted.

What Are My Options?

1 - Patch

Microsoft have released the patches already for all Operating systems from 2008 and above and is available via WSUS or for download, more details in the below link to the Microsoft website

2 - Workaround

There is a workaround that involves deploying the following registry key, and then restarting the DNS Service on the server -

To work around this vulnerability, make the following registry change to restrict the size of the largest inbound TCP-based DNS response packet allowed:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
TcpReceivePacketSize
Value = 0xFF00

Note:
You must restart the DNS Service for the registry change to take effect.

3 - Mitigation

Many next generation firewalls/IPS devices will include mitigations to help protect against this, but we advise deploying to your Windows DNS Servers at the earliest opportunity.

More Details & Patch Download

More details on the vulnerability is available from the following resources –

Microsoft Workaround - Click Here

Microsoft Vulnerability details – Click Here (This Includes Patch download details)

Microsoft Blog Article - Click Here

Check Point advisory - Click Here

Ultima can provide support/assistance for any customers if required. If you have a Microsoft telephone support contract you may contact us, or please contact your account manager for any other queries.

chris blog

Written by Chris Watkins, Head of Security

Related Resources