Security News > 2020 > July > Old-school security hole perfect for worms and remote hijackings found lurking in Windows Server DNS code

Old-school security hole perfect for worms and remote hijackings found lurking in Windows Server DNS code
2020-07-15 00:40

Microsoft on Tuesday patched a wormable hole in its Windows Server software that can be exploited remotely to completely commandeer the machine without any authorization.

Some 18 of those CVE-listed security flaws are considered critical, meaning remote code execution is possible without user interaction.

They include CVE-2020-1350, aka SIGred, a wormable remote code execution flaw in the way Windows Server handles incoming DNS requests.

"The attack vector requires very large DNS packets, so attacks cannot be conducted over UDP. Considering Windows DNS servers are usually also Domain Controllers, definitely get this patched as soon as you can."

"RemoteFX vGPU has been deprecated in Windows Server 2019 and customers are advised to use Discrete Device Assignment instead of RemoteFX vGPU. DDA was introduced in Windows Server 2016," Microsoft noted.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/07/15/july_2020_patch_tuesday/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-07-14 CVE-2020-1350 Unspecified vulnerability in Microsoft products
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.
network
low complexity
microsoft
critical
 10.0
10