[GTER] CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability

Lucimara Desiderá lucimara at cert.br
Wed Jul 15 08:18:57 -03 2020


Vulnerabilidade crítica no DNS Microsoft requer update imediato.
----------------------------------------------------------------

"SIGRed (CVE-2020-1350) is a wormable, critical vulnerability (CVSS base
score of 10.0) in the Windows DNS server that affects Windows Server
versions 2003 to 2019, and can be triggered by a malicious DNS response.
As the service is running in elevated privileges (SYSTEM), if exploited
successfully, an attacker is granted Domain Administrator rights,
effectively compromising the entire corporate infrastructure."

Detalhes sobre a vulnerabilidade em:
------------------------------------
https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/


Detalhes sobre updates/workarounds em:
--------------------------------------
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/
CVE-2020-1350



-- 
Atenciosamente,

Lucimara Desiderá


More information about the gter mailing list