Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2020-1350: Windows DNS Server Remote Code Execution Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2020-1350: Windows DNS Server Remote Code Execution Vulnerability

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

07/14/2020

Created

07/15/2020

Added

07/14/2020

Modified

05/03/2022

Description

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability. To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server. The update addresses the vulnerability by modifying how Windows DNS servers handle requests.

Solution(s)

msft-kb4558998-2ea0212a-a53c-4d0c-a139-eb30c18cddca
msft-kb4558998-68af4d94-88ce-4036-a1c5-8f0d7c2a76cb
msft-kb4558998-e138232a-fc42-458a-b9c5-0825d3c32cbb
msft-kb4565483-1005a8f3-10da-48b0-86e1-adebe1fd5dd3
msft-kb4565483-389b25fc-ee6e-4387-9694-36cf3d6fba53
msft-kb4565483-3953c76a-16d0-4028-977a-0a5108a8c373
msft-kb4565483-3d9c274a-fec8-44c8-b2f5-10ba9359d556
msft-kb4565483-b0c5cbda-81c1-4b37-82c2-ffc7cff33c57
msft-kb4565483-b3f51921-6afd-4c38-8092-51c1be956806
msft-kb4565503-197596bc-0893-4b83-a165-eac8b3a0ca9f
msft-kb4565503-77d8f96b-d56a-4f77-b492-0cca5e877ed3
msft-kb4565503-9f4ad806-f4a9-4868-b9a2-900b0a123d96
msft-kb4565511-51c72e01-8b82-457e-b308-29975f3bb759
msft-kb4565511-72f5c720-ee6c-48ae-904b-ec5449b9a560
msft-kb4565511-c59cd6f3-fff6-4368-9321-3a1275583276
msft-kb4565529-2643b825-7639-4dbf-9f76-dff9ca82a369
msft-kb4565529-9d4b07e2-a94f-44b7-a960-0e921abe0ef5
msft-kb4565539-029704b3-c051-4cf0-968c-2eeed32d0a5c
msft-kb4565539-07bff0f1-4e8e-4e22-991b-3c5089af193a
msft-kb4565539-2511b07e-3588-4bc8-9f9f-63e3c01c925b
msft-kb4565539-73777a31-4b9e-42fe-8876-2df56509d376
msft-kb4565539-fdb6011b-60c8-45b7-bbf7-66b5ca63b6de
msft-kb4565540-16d7b82b-31ae-4b66-82b4-10ecf2a2980d
msft-kb4565540-24c2efc2-a29c-4c0e-aa31-ec00d74ffdca
msft-kb4565540-84942b6a-22e3-45d8-952e-3476d7483b60

References

https://attackerkb.com/topics/cve-2020-1350
CVE - 2020-1350
4558998
4565483
4565503
4565511
4565524
4565529
4565535
4565536
4565537
4565539
4565540
4565541

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2020-1350: Windows DNS Server Remote Code Execution Vulnerability

Microsoft CVE-2020-1350: Windows DNS Server Remote Code Execution Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.