Microsoft has released a security update to address a remote code execution (RCE) vulnerability—CVE-2020-1350—in Windows DNS Server. A remote attacker could exploit this vulnerability to take control of an affected system. This is considered a “wormable” vulnerability that affects all Windows Server versions.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Security Advisory and [Blog](<https://msrc-blog.microsoft.com/2020/07/14/july-2020-security-update-cve-2020-1350-vulnerability-in-windows-domain-name-system-dns-server/ >) for more information, and apply the necessary update and workaround.
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
We recently updated our anonymous product survey; we’d welcome your feedback.