If you already had plans to test and roll out the various Microsoft Windows and Server updates that came out today as a part of Microsoft’s Patch Tuesday, you probably want to move a bit quicker. Among the various bug fixes are a series of patches for a critical “wormable” vulnerability in Windows DNS Server, affecting all Windows Server versions dating back to Server 2003 (though patches are only available for 2008 and later).
Tagged as CVE-2020-1350 or SIGRed by the researchers at CheckPoint who discovered it, this vulnerability could enable an unauthenticated attacker to run gain code execution on a vulnerable server simply by tricking it into resolving a malicious DNS request. Because the DNS sevice runs with elevated privileges, a successful exploit gives the attacker full reign over the entire domain infrastructure. Because of this, and the ease of exploitation, the vulnerability was given a Common Vulnerability Scoring System (CVSS) score of 10.0, which is as bad as it gets.
If you have any version of Windows Server acting as a DNS resolver, you should install the security update as soon as possible. CheckPoint also provided a mitigation technique in the form of a registry entry that modifies the maximum length of a DNS message for those who can’t install the update straight away.
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v "TcpReceivePacketSize" /t REG_DWORD /d 0xFF00 /f net stop DNS && net start DNS