Report a cybercrime, cyber security incident or vulnerability.
Report

What are you looking for?

You can search for keywords to find pages that can help you e.g. scam
First published: 15 Jul 2020
Last updated: 15 Jul 2020

Content written for

Small & medium business
Large organisations & infrastructure
Government

Attachments

The CVE-2020-1350 vulnerability - Critical

This vulnerability is being tracked as CVE-2020-1350 and has been assigned a CVSS base score of 10. The vulnerability is considered ‘wormable’ meaning it has the potential to spread between vulnerable devices without user interaction. As DNS is commonly installed on Domain Controllers, exploitation of this vulnerability could have a significant impact on organisational networks and services.

Microsoft has advised there are no mitigations available for this vulnerability, other than applying the security patch. For organisations that are unable to immediately apply the patch, Microsoft has supplied a registry modification workaround. Further information is available at Microsoft KB4569509: Guidance for DNS Server Vulnerability CVE-2020-1350.

If these options are unavailable or the workaround actions cannot be completed immediately, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recommends closely monitoring your Windows DNS server and logs for any unusual activity.

Affected products and versions

The vulnerability, affecting the SigWireRead function, is known to be present in Windows DNS server versions 2003 to 2019. The full list of affected versions and the associated Microsoft Knowledge Bulletins can be found at Microsoft Support CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability.

What do I need to do?

The ASD’s ACSC strongly recommends organisations review KB4569509: Guidance for DNS Server Vulnerability CVE-2020-1350 for more information and apply the supplied critical security patch as soon as possible.

The ASD’s ACSC recommends prioritising the security patch over implementation of individual mitigations. When applying security patches, the ASD’s ACSC recommends prioritising external-facing systems, followed by internal systems.

Patched versions of the affected components are available at Microsoft Support CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability.

Further information

 

Remote code execution vulnerability in Windows DNS (CVE-2020-1350)
Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it