ABSTRACT

Emergency Directive 20-03: Mitigate Windows DNS Server Remote Code Execution Vulnerability from July 2020 Patch Tuesday, July 16, 2020   [open pdf - 424KB]

From the Background: "On July 14, 2020, Microsoft released a software update to mitigate a critical vulnerability in Windows Server operating systems (CVE-2020-1350). A remote code execution vulnerability exists in how Windows Server is configured to run the Domain Name System (DNS) Server role. If exploited, the vulnerability could allow an attacker to run arbitrary code in the context of the Local System Account. To exploit the vulnerability, an unauthenticated attacker sends malicious requests to a Windows DNS server. The Cybersecurity and Infrastructure Security Agency (CISA) is unaware of active exploitation of this vulnerability, but assesses that the underlying vulnerabilities can be quickly reverse engineered from a publicly available patch. Aside from removing affected endpoints from the network, there are two known technical mitigations to this vulnerability: 1. a software update, and 2. a registry modification. CISA has determined that this vulnerability poses unacceptable significant risk to the Federal Civilian Executive Branch and requires an immediate and emergency action. This determination is based on the likelihood of the vulnerability being exploited, the widespread use of the affected software across the Federal enterprise, the high potential for a compromise of agency information systems, and the grave impact of a successful compromise. CISA requires that agencies apply the security update to all endpoints running Windows Server operating system as soon as possible."

Report Number:
Cybersecurity and Infrastructure Security Agency Emergency Directive 20-03; CISA ED 20-03
Publisher:
Date:
2020-07-16
Series:
Copyright:
Public Domain
Retrieved From:
DHS Cybersecurity Directives: https://cyber.dhs.gov/
Format:
pdf
Media Type:
application/pdf
URL:
Help with citations