Patch all your Windows DNS servers - CVE-2020-1350 - CVSS score of 10

Nic

There's a wormable exploit that has a patch out:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

Until you patch, hackers can send a malformed packet to your DNS server and exploit that to run a remote code execution.

pmoncho

Just wondering - Is anyone seeing a patch for 2019 with a reference to the KB article?
Checked yesterday, last night and this morning. No update that I can see.

Currently performing the workaround.

Grey

Is there a test/app to validate whether a server is vulnerable?

dbeato

@pmoncho said in Patch all your Windows DNS servers - CVE-2020-1350 - CVSS score of 10:

Just wondering - Is anyone seeing a patch for 2019 with a reference to the KB article?
Checked yesterday, last night and this morning. No update that I can see.

Currently performing the workaround.

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4558998

pmoncho

@dbeato said in Patch all your Windows DNS servers - CVE-2020-1350 - CVSS score of 10:

@pmoncho said in Patch all your Windows DNS servers - CVE-2020-1350 - CVSS score of 10:

Just wondering - Is anyone seeing a patch for 2019 with a reference to the KB article?
Checked yesterday, last night and this morning. No update that I can see.

Currently performing the workaround.

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4558998

Thanks. Forgot about the update catalog.