Microsoft Windows DNS Server Remote Code Execution Vulnerability - SIGRed (CVE-2020-1350)

    Follow

    Overview:

    Microsoft had released a security update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions.CVE-2020-1350 lets an attacker force DNS servers running Windows Server to execute malicious code remotely.

    CVEs assigned:

    CVE-2020-1350

    Affected Softwares:

    Microsoft Windows Server 2008 Service Pack 2
    Microsoft Windows Server 2008 R2 Service Pack 2
    Microsoft Windows Server 2012
    Microsoft Windows Server 2012 R2
    Microsoft Windows Server 2016
    Microsoft Windows Server 2016 1903
    Microsoft Windows Server 2016 1909
    Microsoft Windows Server 2016 2004
    Microsoft Windows Server 2019

    Solution:

    To address this vulnerability, Microsoft has released patches. For more information, please refer to our blog:

    Use SanerNow platform to apply this critical patch quickly across the organization as shown below.

    SanerNow:

    Vulnerability detection and patching of ZoomClient:

    1. Login to SanerNow platform.
    2. Switch to the account/site specific view and Go to 'VM tool'.
    3. If your Operating system is vulnerable, Saner lists the above CVEs in 'Top Vulnerabilities or 'Recently Discovered Vulnerabilities' as shown in the below diagram:

    pic_1.png

    4. Search for this vulnerability in the VM tool. If you are affected, apply the patch through PM -> Missing Patches.
    5. Select 'Groups/Devices' in the 'Asset Source' section and click 'Apply'.
    6. Select Microsoft Windows server from the 'Asset' section as shown in the below image:

    pic_2_1_.PNG
    pic_2_2_.PNG

    7. Select ‘Apply Selected Patches’ at the rightmost corner. This will prompt for ‘Creating Patch Task’. Fill in ‘Task Name’ and ‘Remediation Schedule' as per your preference and click on ‘Apply Selected Patches' as shown below:

    pic_3.PNG

    8. A remediation job will be created, which will fix the vulnerability by upgrading the Operating system to the latest build version. Once remediation is done, the Saner agent automatically scans again and uploads the result to SanerNow as shown below:

    pic_4.PNG

     Workaround:
    In case a user is not able to patch his/her system due to miscellaneous issues, they can use the following workaround suggested by Microsoft.

    Automate Workaround with SanerNow:

    1. Download the CVE-2020-1350_workaround_fix.bat.zip which is attached.

    2. Login to SanerNow

    3. Switch to the account/site specific view

    4. Use the 'EM tool' to create an Action

    5. Select 'Software Deployment' feature

    6. Click on Upload, which is on the upper right corner.

    7. Click on the 'Open the file Browser', upload 'CVE-2020-1350_workaround_fix.bat.zip' file and Click on Close.

    8. Once the uploaded package is visible, Click on 'exclamation mark' as shown in the below diagram.

    pic6.png

    9. Click on edit in the newly opened window and set the Extract Location option and Run File option i.e, the name of the file inside zip(CVE-2020-1350_workaround_fix.bat) and then click on 'Update Details' as sown in the below diagram.

    pic7.png

    10. Select the uploaded package and click on install, which is in the upper right corner.

    11. Select 'Group' for which we need to apply the workaround and click 'next'

    12. Enter the required details and click on the 'Create Installation task' as shown in the below diagram.

    pic8.png

    References:
    https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1350

    Was this article helpful?
    0 out of 0 found this helpful

    Comments