REVIEWED by Sophos
As the title says, Microsoft recently advised a of a nasty bug within MS DNS servers.
NakedSecurity has a great write up with suggested actions, PATCH NOW. Or implement a work around.
Have you patched yet? Have you patched ALL your DNS servers... what about the ones you DON'T know about?
It's happened, and with this query you can question all of your Windows systems that _may_ have the DNS role installed and whether or not it's patched and/or has the work around applied.
Verify your security posture!
| WITH vulnerable AS ( SELECT 'CVE-2020-1350' AS CVEid, CASE WHEN count(*) > 0 THEN 'TRUE' ELSE 'FALSE' END OS_Vulnerable FROM os_version WHERE major >= 6 AND codename LIKE '%Server%' ), installed AS ( SELECT 'CVE-2020-1350' AS CVEid, CASE WHEN count(*) > 0 THEN 'TRUE' ELSE 'FALSE' END DNS_Role_Present FROM services WHERE name = 'DNS' ), workaround AS ( SELECT 'CVE-2020-1350' AS CVEid, CASE WHEN count(*) > 0 THEN 'TRUE' ELSE 'FALSE' END Workaround_Deployed FROM registry WHERE key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters' AND name = 'TcpReceivePacketSize' AND CAST(data AS int) <= 65280 ), patched AS ( SELECT 'CVE-2020-1350' AS CVEid, CASE WHEN count(*) > 0 THEN 'TRUE' ELSE 'FALSE' END MS_Patch_Deployed FROM patches WHERE hotfix_id IN ( 'KB4558998', 'KB4565483', 'KB4565503', 'KB4565511','KB4565524', 'KB4565529', 'KB4565535', 'KB4565536', 'KB4565537', 'KB4565539', 'KB4565540', 'KB4565541' ) ) SELECT * FROM vulnerable JOIN installed USING (CVEid), workaround USING (CVEid), patched USING (CVEid) |
