New Search

Windows DNS Server Remote Code Execution Vulnerability - CVE-2020-1350

oval:org.cisecurity:def:8030

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability. To exploit the vulnerability an unauthenticated attacker could send malicious requests to a Windows DNS server. The update addresses the vulnerability by modifying how Windows DNS servers handle requests.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2019
Class:
vulnerability
Reference(s):
  • CVE-2020-1350
  • MSRC-CVE-2020-1350
  • KB4565539
  • KB4565529
  • KB4565535
  • KB4565540
  • KB4565511
  • KB4558998
Product(s):