Microsoft DNS Server Vulnerability

RRAdministrator Blog

As a leading technology solutions and managed services provider, Red River takes security vulnerabilities seriously and works quickly to address any known issues. Please see our action plan and resolution to the announced Microsoft DNS server vulnerability:

In response to the Microsoft DNS server vulnerability (CVE-2020-1350; Critical Remote Code Execution) released July 14, 2020, at 5:30 pm EDT, Red River took decisive action to implement the recommended workaround to Windows DNS Servers, which was in place before 10:30 pm EDT (less than 5 hours after public disclosure). Red River then implemented an emergency unscheduled patch of Windows 2008 – 2019 DNS Servers and those mitigations were in place and verified by 10:30 am EDT. The action was prompted by the CVSS score of 10.0 (critical), or the highest level of severity, which according to Microsoft would have allowed full remote system compromise without any authentication and that the exploit could have spread without user interaction (wormable)