CVE-2020-1350, also known as the Windows DNS Server Remote Code Execution Vulnerability, is a critical security flaw affecting the Windows Domain Name System (DNS) Server. In this blog post, we will discuss this vulnerability in detail, including how to test for it and how to mitigate it.
What is CVE-2020-1350?
CVE-2020-1350 is a vulnerability in the Windows DNS Server that allows a remote attacker to execute arbitrary code on a vulnerable system. This vulnerability affects Windows Server 2008, 2012, 2016, and 2019, and can be exploited remotely without authentication.
Testing for CVE-2020-1350
Testing for CVE-2020-1350 involves checking the version of the Windows DNS Server installed on the system and verifying that it is vulnerable to the exploit. Use the following commands to test for the vulnerability:
- To check the DNS Server version:
dnscmd /info /version - To verify the vulnerability using the nslookup command:
nslookup -type=txt -debug target.vulnerable.domain.com <dns-server-ip>. If the server is vulnerable, the response will contain a "status: SERVFAIL" message.Mitigations for CVE-2020-1350
Microsoft released a patch for the CVE-2020-1350 vulnerability in July 2020. It is highly recommended to install the latest security update to address this vulnerability. Additionally, the following mitigations can also help reduce the risk of exploitation:
- Disable recursion: Disabling recursion on the DNS Server can prevent the server from being exploited by this vulnerability. Recursion can be disabled by removing the checkmark from the “Enable Recursion” option in the DNS Server properties.
- Enable DNS Response Rate Limiting (RRL): DNS Response Rate Limiting can help prevent DNS amplification attacks, which can be used in conjunction with CVE-2020-1350 to increase the severity of an attack. To enable RRL, use the following command:
`dnscmd /config /enableednsprobes 0`Conclusion
CVE-2020-1350 is a critical vulnerability in the Windows DNS Server that can allow an attacker to execute remote code on a vulnerable system. Protect your system from potential attacks by installing the latest security updates and taking necessary mitigations, such as disabling recursion and enabling DNS Response Rate Limiting. Testing for the vulnerability using the commands mentioned above can help identify if the server is vulnerable to this exploit. By staying vigilant and taking necessary precautions, organizations can protect their systems against potential attacks.