When looking at the September 2020 Patch Tuesday today, I noticed five updates that specifically address vulnerabilities in DNS. Two of these vulnerabilities are specific to Domain Controllers running DNS Server, so this sparked my interest in these updates.
DNS Server-related updates
For Active Directory Domain Controllers acting as DNS Servers, the following vulnerabilities are rated as Important in the September 2020 Patch Tuesday:
- Information Disclosure vulnerability in Active Directory
(CVE-2020-0664)
An
information disclosure vulnerability exists when Active Directory-integrated DNS
mishandles objects in memory. An authenticated attacker who
successfully exploited this vulnerability would be able to read sensitive
information about the target system. To exploit this condition, an authenticated
attacker would need to send a specially crafted request to the Active Directory-integrated DNS service.
Note that the information disclosure vulnerability by itself would not be
sufficient for an attacker to compromise a system. However, an attacker could
combine this vulnerability with additional vulnerabilities to further exploit
the system. The update addresses the vulnerability by correcting how Active
Directory-integrated DNS handles objects in memory. - Remote Code Execution (RCE) vulnerability in Active Directory
(CVE-2020-0718)
A
remote code execution vulnerability exists when Active Directory-integrated DNS mishandles objects in memory. An authenticated attacker who
successfully exploited the vulnerability could run arbitrary code in the context
of the Local System Account. To exploit the vulnerability, an authenticated
attacker could send malicious requests to an Active Directory-integrated DNS server. The update addresses the vulnerability by correcting how Active
Directory-integrated DNS handles objects in memory. - Denial of Service (DoS) vulnerability in Windows DNS (CVE-2020-0836)
An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive. To exploit the vulnerability, an authenticated attacker could send malicious DNS queries to a target, resulting in a denial of service. The update addresses the vulnerability by correcting how Windows DNS processes queries. - Elevation of privilege vulnerability in dnsrslvr.dll (CVE-2020-0839)
Dnsrslvr.dll is part of DNS Caching Resolver Service. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Dnsrslvr.dll properly handles objects in memory. - Denial of Service (DoS) vulnerability in Windows DNS (CVE-2020-1228)
An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive. To exploit the vulnerability, an authenticated attacker could send malicious DNS queries to a target, resulting in a denial of service. The update addresses the vulnerability by correcting how Windows DNS processes queries.
Applicable Operating Systems
The above vulnerabilities exist in all supported Windows and Windows Server Operating Systems. Although support for Windows Server 2008 and Windows Server 2008 R2 has ended, Microsoft has made updates available for these platforms.
The update addressing the Elevation of privilege vulnerability in dnsrslvr.dll (CVE-2020-0839) have been rolled out to down-level Windows and Windows Server versions as part of the August 2020 Patch Tuesday.
Mitigations
Microsoft has not identified any mitigating factors for these vulnerabilities.
Workarounds
Microsoft has not identified any workarounds for these vulnerabilities.
Call to Action
I urge you to install the necessary security updates on Windows Server installations, running as (Active Directory Domain Controllers and) DNS servers, in a test environment as soon as possible, assess the risk and possible impact on your production environment and then, roll out this update to Windows Server installations, running as (Active Directory Domain Controllers and) DNS Servers, in the production environment.
Login