Microsoft – DNS – “Windows DNS Server Remote Code Execution Vulnerability” – CVE-2020-1350 – Remediation – Configuration – Registry

Background

In the last week or so, Microsoft released an advisory relating to a security vulnerability within its DNS Server.

 

Security Vulnerability

Remote Code Execution Vulnerability

What is

What is a “Remote Code Execution Vulnerability“?

Most applications have an interface that accepts input ( command and data ) from the end-user.

If the end-user is able to present data and commands that bypasses the application’s in-built security, the requester may be able to get the application to execute code in unintended ways.

Usual Protection

  1. Reduce the size of input buffer
  2. Sanitize accepted code
  3. Augment better protection around code modules

Remediation

Outline

Here are the remediation Microsoft is asking its customers to put in place:-

  1. Configuration
    • Registry
      • Reduce the maximum size of accepted input
  2. Software Upgrade

Configuration

Registry

Disclaimer

For the sake of brevity, we will only cover the configuration/registry change in this post.

We will have a follow-up for the software upgrade.

Processing

GUI

On the machines running Microsoft implementation of DNS Server

  1. Access Microsoft Windows Registry ( Regedit )
    • Subkey
      • Access the DNS Parameters subkey ( HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters )
    • Item
      • Add a new item TcpReceivePacketSize, if it does not yet exist
      • Set the item’s type and value to D-WORD and 0xFF00
  2. Access Microsoft Windows Command Line Console
    • Run cmd.exe ( in administrator mode )
    • Restart DNS Server Service
      • net stop dns
      • net start dns
Images

Image – Registry – Before Change

registry_01_20200718_0225PM.png

Image – Registry – Adding TcpReceivePacketSize

registry_entry_TCPReceivePacketSize_01_20200718_0227PM.png

Image – Registry – Post Change

registry_02_20200718_0229PM

Image – DNS Service – Stop And Start

netStopDNS_And_netStarrtDNS_01_20200719_0238PM.png

References

  1. Microsoft
    • Support
      • KB4569509: Guidance for DNS Server Vulnerability CVE-2020-1350
        Link

One thought on “Microsoft – DNS – “Windows DNS Server Remote Code Execution Vulnerability” – CVE-2020-1350 – Remediation – Configuration – Registry

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s