Security News > 2020 > July > Old-school security hole perfect for worms and remote hijackings found lurking in Windows Server DNS code
Microsoft on Tuesday patched a wormable hole in its Windows Server software that can be exploited remotely to completely commandeer the machine without any authorization.
Some 18 of those CVE-listed security flaws are considered critical, meaning remote code execution is possible without user interaction.
They include CVE-2020-1350, aka SIGred, a wormable remote code execution flaw in the way Windows Server handles incoming DNS requests.
"The attack vector requires very large DNS packets, so attacks cannot be conducted over UDP. Considering Windows DNS servers are usually also Domain Controllers, definitely get this patched as soon as you can."
"RemoteFX vGPU has been deprecated in Windows Server 2019 and customers are advised to use Discrete Device Assignment instead of RemoteFX vGPU. DDA was introduced in Windows Server 2016," Microsoft noted.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/07/15/july_2020_patch_tuesday/
Related news
- Week in review: Windows Server 2025 gets hotpatching option, PoC for SolarWinds WHD flaw released (source)
- Windows 10 KB5044273 update released with 9 fixes, security updates (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Windows Server 2025 released—here are the new features (source)
- Increasing Awareness of DNS Hijacking: A Growing Cyber Threat (source)
- Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-14 | CVE-2020-1350 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'. | 10.0 |