CVE-2020-1350

Summary

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows Server2019affected
MicrosoftWindows Server2019 (Core installation)affected
MicrosoftWindows Server2016affected
MicrosoftWindows Server2016 (Core installation)affected
MicrosoftWindows Server2008 for 32-bit Systems Service Pack 2affected
MicrosoftWindows Server2008 for 32-bit Systems Service Pack 2 (Core installation)affected
MicrosoftWindows Server2008 for x64-based Systems Service Pack 2affected
MicrosoftWindows Server2008 for x64-based Systems Service Pack 2 (Core installation)affected
MicrosoftWindows Server2008 R2 for x64-based Systems Service Pack 1affected
MicrosoftWindows Server2008 R2 for x64-based Systems Service Pack 1 (Core installation)affected
MicrosoftWindows Server2012affected
MicrosoftWindows Server2012 (Core installation)affected
MicrosoftWindows Server2012 R2affected
MicrosoftWindows Server2012 R2 (Core installation)affected
MicrosoftWindows Server, version 1909 (Server Core installation)unspecifiedaffected
MicrosoftWindows Server, version 1903 (Server Core installation)unspecifiedaffected
MicrosoftWindows Server, version 2004 (Server Core installation)unspecifiedaffected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References