The September 2020 Patch Tuesday addresses five important vulnerabilities for Domain Controllers running as DNS Servers

Windows Update

When looking at the September 2020 Patch Tuesday today, I noticed five updates that specifically address vulnerabilities in DNS. Two of these vulnerabilities are specific to Domain Controllers running DNS Server, so this sparked my interest in these updates.

DNS Server-related updates

For Active Directory Domain Controllers acting as DNS Servers, the following vulnerabilities are rated as Important in the September 2020 Patch Tuesday:

  1. Information Disclosure vulnerability in Active Directory
    (CVE-2020-0664)
    An
    information disclosure vulnerability exists when Active Directory-integrated DNS
    mishandles objects in memory. An authenticated attacker who
    successfully exploited this vulnerability would be able to read sensitive
    information about the target system. To exploit this condition, an authenticated
    attacker would need to send a specially crafted request to the Active Directory-integrated DNS service.
    Note that the information disclosure vulnerability by itself would not be
    sufficient for an attacker to compromise a system. However, an attacker could
    combine this vulnerability with additional vulnerabilities to further exploit
    the system. The update addresses the vulnerability by correcting how Active
    Directory-integrated DNS handles objects in memory.

  2. Remote Code Execution (RCE) vulnerability in Active Directory
    (CVE-2020-0718)
    A
    remote code execution vulnerability exists when Active Directory-integrated DNS mishandles objects in memory. An authenticated attacker who
    successfully exploited the vulnerability could run arbitrary code in the context
    of the Local System Account. To exploit the vulnerability, an authenticated
    attacker could send malicious requests to an Active Directory-integrated DNS server. The update addresses the vulnerability by correcting how Active
    Directory-integrated DNS handles objects in memory.

  3. Denial of Service (DoS) vulnerability in Windows DNS (CVE-2020-0836)
    An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive. To exploit the vulnerability, an authenticated attacker could send malicious DNS queries to a target, resulting in a denial of service. The update addresses the vulnerability by correcting how Windows DNS processes queries.
  4. Elevation of privilege vulnerability in dnsrslvr.dll (CVE-2020-0839)
    Dnsrslvr.dll is part of DNS Caching Resolver Service. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Dnsrslvr.dll properly handles objects in memory.
  5. Denial of Service (DoS) vulnerability in Windows DNS (CVE-2020-1228)
    An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive. To exploit the vulnerability, an authenticated attacker could send malicious DNS queries to a target, resulting in a denial of service. The update addresses the vulnerability by correcting how Windows DNS processes queries.

Applicable Operating Systems

The above vulnerabilities exist in all supported Windows and Windows Server Operating Systems. Although support for Windows Server 2008 and Windows Server 2008 R2 has ended, Microsoft has made updates available for these platforms.

The update addressing the Elevation of privilege vulnerability in dnsrslvr.dll (CVE-2020-0839) have been rolled out to down-level Windows and Windows Server versions as part of the August 2020 Patch Tuesday.

Mitigations

Microsoft has not identified any mitigating factors for these vulnerabilities.

Workarounds

Microsoft has not identified any workarounds for these vulnerabilities.

Call to Action

I urge you to install the necessary security updates on Windows Server installations, running as (Active Directory Domain Controllers and) DNS servers, in a test environment as soon as possible, assess the risk and possible impact on your production environment and then, roll out this update to Windows Server installations, running as (Active Directory Domain Controllers and) DNS Servers, in the production environment.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.