A vulnerability has been discovered in Windows DNS servers that allows an attacker to execute critical code from the local system account. The vulnerability in Windows DNS servers is a remote code execution named CVE-2020-1350 that impacts all versions of Windows Server between 2003 and 2019. Microsoft has issued a patch that fixes the vulnerability.
Microsoft has indicated that the vulnerability is highly critical, because it allows an attacker to remotely execute code from the local system account. It is also wormable, meaning it can be distributed via malware from server to server without user interference. Even when the DNS is not publicly available, it can still be targeted through, for example, a phishing message. For this reason, the vulnerability has received a CVSS score of 10.0. The CVSS score is used to indicate the important characteristics and possible impact of a vulnerability. A 10.0 is the highest possible score. In their own post, Microsoft emphasises that it is essential that Windows Server users update their servers as soon as possible.
For users who cannot update their servers in the foreseeable future, a temporary workaround has also been published. However, Microsoft stresses that this is not a long-term solution and that the patch should still be installed as soon as possible. You can read more about protecting your VPS from this vulnerability in this article in our Knowledge Base. There, you can also find information on how to apply the workaround on your Windows Server environment.
If you have any questions regarding this vulnerability or need help applying the patch, please contact us through your control panel. We’re happy to help.