#12325: Infoblox NIOS & BloxOne DDI products are not vulnerable to SIGRed Windows DNS Vulnerability
#12325: Infoblox NIOS and BloxOne DDI products are not vulnerable CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server
Published 07/16/2020 | Updated 07/16/2020 10:02 PM
Infoblox NIOS and BloxOne DDI products are not vulnerable CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server.
On July 14, 2020, CVE-2020-1350 was disclosed. | Windows DNS Server Remote Code Execution Vulnerability.
CVE-2020-1350: Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are not affected. A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability. To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server.
Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction. Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.
Affected NIOS Versions
There isn’t an Infoblox mitigation at this time for downstream Windows DNS servers, the workaround is only for Windows servers since NIOS is not Vulnerable. If applying the update quickly is not practical, a registry-based workaround is available that does not require restarting the server. The update and the workaround are both detailed in CVE-2020-1350. The following registry modification has been identified as a workaround for this vulnerability.
DWORD = TcpReceivePacketSize
Value = 0xFF00
Note: A restart of the DNS Service is required to take effect.
Neither NIOS, nor BloxOne DDI is affected. No actions needed on the NIOS side but remediation is listed above for Windows DNS server.