Be on the lookout for my typical Patch Tuesday blog tomorrow but one particularly stands out that we wanted to let you know about ASAP.
As you may have already seen, on July 14, Microsoft disclosed a vulnerability for those running Microsoft DNS servers and/or Active Directory environments, and issued a patch.
An unauthenticated attacker could send a packet to the DNS server and gain Local System access. Microsoft has listed this vulnerability as “Exploitation More Likely” and assigned it a rare CVSS score of 10. Microsoft stated in the disclosure that they consider this a “Wormable” vulnerability, since DNS servers are available to most of the systems within a network. If you or your customers are running Microsoft DNS server, it is recommended that you either deploy the patch as soon as possible or implement the registry workaround listed in the disclosure.
More information can be found here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350.
If you cannot patch immediately and wish to apply the workaround, you can use these AMP files within either SolarWinds® N-central® or RMM on your DNS servers: https://success.solarwindsmsp.com/kb/solarwinds_n-central/Microsoft-DNS-Server-CVE-2020-1350-Workaround
Stay safe out there!
Gill Langston is head security nerd for SolarWinds MSP. You can follow Gill on Twitter at @cybersec_nerd