Windows DNS Server RCE (CVE-2020-1350)

critical Nessus Plugin ID 138600

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability:

- A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability. (CVE-2020-1350)

Note: Tenable is testing for the presence of updates which address this issue, as well as Microsoft's recommended mitigation/workaround.

The registry key being checked for the mitigation is:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\TcpReceivePacketSize and it is being checked for Microsoft's recommended value of 0xFF00.

Once in place, the DNS Service must be restarted for the change to take effect.

For more information, refer to the Microsoft advisory for CVE-2020-1350.

Solution

Apply the appropriate security update or mitigation as described in the Microsoft advisory.

See Also

http://www.nessus.org/u?6a916fa9

http://www.nessus.org/u?f3307e60

Plugin Details

Severity: Critical

ID: 138600

File Name: smb_nt_ms20_jul_dns_check.nasl

Version: 1.10

Type: local

Agent: windows

Published: 7/17/2020

Updated: 3/8/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 10.0

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2020-1350

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 9.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible, SMB/WMI/Available

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/14/2020

Vulnerability Publication Date: 7/14/2020

CISA Known Exploited Vulnerability Due Dates: 7/24/2020

Exploitable With

Core Impact

Reference Information

CVE: CVE-2020-1350

IAVA: 2020-A-0299

MSFT: MS20-4558998, MS20-4565483, MS20-4565503, MS20-4565511, MS20-4565524, MS20-4565529, MS20-4565535, MS20-4565536, MS20-4565537, MS20-4565539, MS20-4565540, MS20-4565541

MSKB: 4558998, 4565483, 4565503, 4565511, 4565524, 4565529, 4565535, 4565536, 4565537, 4565539, 4565540, 4565541