Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Trending KB Articles

ThinkstockPhotos-511475207.jpg

#12325: Infoblox NIOS & BloxOne® DDI products are not vulnerable to SIGRed Windows DNS Vulnerability

#12325: Infoblox NIOS and BloxOne DDI products are not vulnerable  CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server


Published 07/16/2020 | Updated 07/16/2020 10:02 PM


Summary

Infoblox NIOS and BloxOne DDI products are not vulnerable  CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server.

 

Overview

On July 14, 2020, CVE-2020-1350 was disclosed. | Windows DNS Server Remote Code Execution Vulnerability.

 

Description

CVE-2020-1350: Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are not affected. A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability. To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server.

 

Impact

Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction. Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.


Affected NIOS Versions

None.

 

Workaround

https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerabil...

 

There isn’t an Infoblox mitigation at this time for downstream Windows DNS servers, the workaround is only for Windows servers since NIOS is not Vulnerable. If applying the update quickly is not practical, a registry-based workaround is available that does not require restarting the server. The update and the workaround are both detailed in CVE-2020-1350. The following registry modification has been identified as a workaround for this vulnerability.

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
DWORD = TcpReceivePacketSize
Value = 0xFF00

 

 Note: A restart of the DNS Service is required to take effect.

 

Resolution

Neither NIOS, nor BloxOne DDI is affected. No actions needed on the NIOS side but remediation is listed above for Windows DNS server.

Showing results for 
Search instead for 
Did you mean: