CVE-2020-1350 is a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server and is classified as a ‘wormable’ vulnerability with a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are not affected.
There is a patch available today here and through Windows Update and hence Automox.
An alternative workaround for this solution is the following registry key change. If you aren’t able to deploy the patch today we highly recommend making use of this workaround until such time as you can patch all your Microsoft DNS servers.
Worklet for remediation:
Evaluation code:
Exit 1
Remediation code:
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\DNS\Parameters" TcpReceivePacketSize -Type DWORD -Value 0xFF00 -Force
Restart-Service -Name DNS