DNS Bug Allows Infrastructure to be Hijacked

Walden Systems Geeks Corner News DNS Bug Allows Infrastructure to be Hijacked Rutherford NJ New Jersey NYC New York City North Bergen County
Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.

A Microsoft Windows Server bug opens networks to hackers, allowing them to take control of IT infrastructures. Microsoft issued a patch for the bug on Tuesday as part of its July Patch Tuesday roundup. The flaw is 17 years old and affects Windows Server versions from 2003-2019. The received a severity warning of 10 out of 10. The bug was found by researchers at Check Point. The bug is wormable, meaning a single exploit can trigger a chain reaction that allows attacks to spread from one computer to another.

The flaw would enable a hacker to create malicious DNS queries to the Windows DNS server, and execute arbitrary cod that could lead to the breach of the entire infrastructure. Microsoft released a patch for the vulnerability, CVE-2020-1350, and is urging customers to update their systems. A hacker can gain Domain Administrator rights over the server, enabling the hacker to intercept and manipulate users' emails and network traffic. The hacker could take complete control of a company's IT.


The flaw is an integer-overflow bug that can trigger a heap-based buffer overflow attack tied to the DNS module called dns.exe, which is responsible for answering DNS queries on Windows Servers. By abusing the dns.exe module, two bugs were created by researchers, a bug in the way the DNS server parses an incoming query and a bug in the way the DNS server parses a response for a forwarded query.

The attack requires hackers to first force a Windows DNS Server to parse responses from a malicious DNS NameServer. This employs the dns.exe module, which parses all supported response types. Researchers created a request that exceeded the maximum size request of 65,535 bytes, and caused the overflow. By using compressed data, researcher were able to create a successful crash.

Microsoft released a patch for the vulnerability, CVE-2020-1350, and urged customers to update their systems. If applying the update quickly is not practical, a registry-based workaround is available that does not require restarting the server.