Advisories

Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact.

Subscribe to our updates above to be notified as soon as we publish an advisory.

11:15am, 15 July 2020

TLP Rating: Clear

Critical vulnerability in Microsoft Windows Server

A Remote Code Execution (RCE) vulnerability exists in Windows Domain Name System (DNS) servers. This allows an unauthenticated remote attacker to run arbitrary code in the Local System context.

This is a wormable vulnerability, meaning an attack on a single compromised machine can spread from one vulnerable computer to another without any human interaction.

What's happening

Systems affected

Windows servers running the DNS server on any of the following versions:

  • Windows Server 2003, 2008, 2012, 2016, 2019
  • Windows Server, versions 1903, 1909, 2004

Windows Servers with the DNS role, including Domain Controllers, are vulnerable until updates are applied. Due to the critical nature of these servers, we recommend you prioritise protecting them immediately.

What this means

This RCE vulnerability can be exploited by a remote unauthenticated attacker sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution.

This will enable the attacker to gain full control over the system.

What to look for

How to tell if you're at risk

Windows DNS servers that have not had the latest updates applied from Microsoft are at risk.

What to do

Prevention

Microsoft has issued a patch for this vulnerability. It is available via the Microsoft portal for Windows servers 2008 onwards.

The patch also includes security updates for a further 122 other vulnerabilities, with a total 18 flaws listed as critical, and 105 listed as important.

Note – Windows Servers 2003 is no longer supported and does not have a patch.

Mitigation

Microsoft has advised that mitigation can be achieved by editing registry keys on vulnerable servers. Details can be found on the Microsoft website at:

https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability External Link

More information

Microsoft Portal Link:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350 External Link

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ 

For media enquiries, email our media desk at media@mbie.govt.nz or call the MBIE media team on 027 442 2141.