Windows DNS Server

This is really a major issues for Active Directory Domain Controllers.

We can see there are 2,133 servers on Shodan that are exposed however this exploit doesn’t rely on exposure, a client request from inside the network to a malicious DNS server could be used to exploit the domain controller.

So basically, any Windows DNS server is vulnerable if it can forward requests to internet facing DNS services. There’s a workaround as well as deploying the patch (the workaround does not require a reboot but does require a DNS server service restart)

Given this is an RCE which likely affects domain controllers, mitigation or patching ASAP is advisable. The good news is there is currently no public exploit. The attackers also requires DNS infrastructure however that is hardly a barrier to entry for ransomare gangs and nation state actors.

And don’t forget this affects all version of Windows listed as 2003-2019 but you never know win2k might also be affected.

The workaround for this is as follows:


The following registry modification has been identified as a workaround for this vulnerability.

  DWORD = TcpReceivePacketSize 
  Value = 0xFF00

Note: A restart of the DNS Service is required to take effect.

I’ve made a quick local workaround set of scripts, one is a batch file (why?) and one is PowerShell with a bit of detection logic. Use at own risk etc. (ideally patch)

Fore more info on the vulnerability please see:

Hyper-V RemoteFX vGPU

It’s my understanding these require specific configurations to be vulnerable.
CVE-2020-1040 :
CVE-2020-1042 :
CVE-2020-1043 :
CVE-2020-1032 :
CVE-2020-1036 :
CVE-2020-1041 :

.NET Framework, SharePoint Server, and Visual Studio

CVE-2020-1147 :


CVE-2020-1409 :

Windows Address Book

CVE-2020-1410 :

PerformancePoint Services

CVE-2020-1439 :

Microsoft Outlook

CVE-2020-1349 :

Remote Desktop Client

CVE-2020-1374 :


CVE-2020-1421 :


CVE-2020-1435 :

Windows Font Library

CVE-2020-1436 :


CVE-2020-1403 :


Microsoft Guidance for Enabling Request Smuggling Filter on IIS Servers :


Another month, another set of patches, it’s key to stay on top of patching as well as ensuring that your estate operates current and supported operating systems.

Leave a Reply