[lacnog] CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability

Nicolas Antoniello nantoniello en gmail.com
Mar Jul 14 18:06:27 GMT+3 2020


Hola estimad en s,

Por si alguien administra servidores DNS Windows:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350


CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability

Security Vulnerability

Published: 07/14/2020
MITRE CVE-2020-1350
A remote code execution vulnerability exists in Windows Domain Name System
servers when they fail to properly handle requests. An attacker who
successfully exploited the vulnerability could run arbitrary code in the
context of the Local System Account. Windows servers that are configured as
DNS servers are at risk from this vulnerability.

To exploit the vulnerability, an unauthenticated attacker could send
malicious requests to a Windows DNS server.

The update addresses the vulnerability by modifying how Windows DNS servers
handle requests.

Saludos,
Nico
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20200714/2c51c721/attachment.html>


Más información sobre la lista de distribución LACNOG