critical patch impacting
all Windows Server Operating System Versions with the DNS role installed. The
included affected operating systems are: 2003 – 2019.
This patch has a significant risk of being exploited, and if an attacker
successfully exploited the vulnerability, they could run arbitrary code in the
context of the Local System Account. As most organizations install the DNS
Server role on their Domain Controller, the attacker would gain full control of
a Domain Controller. Once the attacker has full control of the domain
controller, lateral movement to any Domain joined system is possible.
https://msrc-blog.microsoft.com/2020/07/14/july-2020-security-update-cve-2020-1350-vulnerability-in-windows-domain-name-system-dns-server/
There are no known uses in the wild of this. It is highly recommended you patch
all windows DNS servers (internal and external) that you may own as soon as
possible.
WHAT YOU NEED TO DO
In order to secure your environment as soon as possible, you should complete
the following steps as soon as possible.
- IDENTIFY – ALL WINDOWS DNS
servers in your environment – both internal and external. – You can use
PowerShell to help - TEST – The applicable monthly
servicing stack, and cumulative update for the server operating system. - DEPLOY – The applicable patch to all DNS
servers in your environment as soon as possible.