[GTER] CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability
Lucimara Desiderá
lucimara at cert.br
Wed Jul 15 08:18:57 -03 2020
Vulnerabilidade crítica no DNS Microsoft requer update imediato.
----------------------------------------------------------------
"SIGRed (CVE-2020-1350) is a wormable, critical vulnerability (CVSS base
score of 10.0) in the Windows DNS server that affects Windows Server
versions 2003 to 2019, and can be triggered by a malicious DNS response.
As the service is running in elevated privileges (SYSTEM), if exploited
successfully, an attacker is granted Domain Administrator rights,
effectively compromising the entire corporate infrastructure."
Detalhes sobre a vulnerabilidade em:
------------------------------------
https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/
Detalhes sobre updates/workarounds em:
--------------------------------------
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/
CVE-2020-1350
--
Atenciosamente,
Lucimara Desiderá
More information about the gter
mailing list