This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Question about KB4569509: Guidance for DNS Server Vulnerability CVE-2020-1350

Question
0

Sign in to vote

The article shows a workaround to protect unpatched systems against the SIGRed vulnerability using a registy entry

Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
Value: TcpReceivePacketSize
Type: DWORD
Value data: 0xFF00

Now my question is: are there any minimum requirements (min. patch level, i.e. January 2020 updates, etc.) for Windows Server 2008 R2, or does this workaround works on every 2008 R2 SP1 (before the ESU program started) ?

The KB is very unclear about these min. requirements, just mentioning 2008 R2 SP1.

Monday, July 20, 2020 6:04 PM

All replies

0

Sign in to vote
Hello,

The patch can be done manually or from Windows updates. It's not necessary to do both. If you have up to date patches (as in from last Tuesday) you are good to go. According to this KB, Windows Server 2K8 is included.

If you have older systems that are not able to receive patch updates, then you will need to use the manual option and edit the registry. The only requirement for the registry patch is having a Windows server running the DNS role.

Your questions are all answered here:

https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability

Miguel Fra
Falcon IT Services
https://www.falconitservices.com
- Edited by Miguel Fra Monday, July 20, 2020 9:48 PM
Monday, July 20, 2020 9:29 PM
0

Sign in to vote
Hi,

Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

This "Security" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

Best Regards,
Cherry

"Security" forum will be migrating to a new home on Microsoft Q&A!

We invite you to post new questions in the "Security" forum's new home on Microsoft Q&A!

For more information, please refer to the sticky post.
- Edited by CherryZhang2020Microsoft contingent staff Friday, July 24, 2020 7:34 AM
Friday, July 24, 2020 7:34 AM
0

Sign in to vote

Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

Hi,

would be nice to have some official statement from MS support staff to confirm that this registry modification (setting TcpReceivePacketSize to 0xFF00) DOES WORK on Windows Server 2008 R2, if the Server is NOT on ESU program and has received its last updates in January 2020 (just before the support ended and ESU started). Just want to know if this scenario is covered by the registry patch, to be safe against this DNS bug?

Friday, July 24, 2020 8:03 AM
0

Sign in to vote
Hi,

Please refer this official article to find the registry modification on Windows Server 2008 R2.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
If you concern the risk of modifying regedit, please backup regedit before you change it.
This "Security" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

Best Regards,
Cherry

"Security" forum will be migrating to a new home on Microsoft Q&A!

We invite you to post new questions in the "Security" forum's new home on Microsoft Q&A!

For more information, please refer to the sticky post.
- Edited by CherryZhang2020Microsoft contingent staff Friday, July 24, 2020 8:40 AM
Friday, July 24, 2020 8:37 AM
0

Sign in to vote

Hi,

Please refer this official article to find the registry modification on Windows Server 2008 R2.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
If you concern the risk of modifying regedit, please backup regedit before you change it.
This "Security" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

Best Regards,
Cherry

"Security" forum will be migrating to a new home on Microsoft Q&A!

We invite you to post new questions in the "Security" forum's new home on Microsoft Q&A!

For more information, please refer to the sticky post.

Hi,

did you read my posting?

I am referring to this article ASKING if this works on every Win 2K8 R2 server, even if this server is NOT on the ESU program? To be clear: does this registry setting works on an Win 2K8 R2 server which has received its latest updates in January 2020? ...or is a higher patch level (post January 2020) required to get this registry patch working?

Friday, July 24, 2020 9:00 AM
0

Sign in to vote
Hi，

If the server has ESU, install the patch directly then restart.

If the patch can't be installed, then change the regedit.

Please refer this post:

https://social.technet.microsoft.com/Forums/windowsserver/en-US/eda78a91-0eef-44d5-976b-86ae7d337c84/guidance-for-remote-code-execution-vulnerability-in-microsoft-dns-server-tracked-by-cve20201350?forum=winserveripamdhcpdns

This "Security" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

Best Regards,
Cherry

"Security" forum will be migrating to a new home on Microsoft Q&A!

We invite you to post new questions in the "Security" forum's new home on Microsoft Q&A!

For more information, please refer to the sticky post.
- Edited by CherryZhang2020Microsoft contingent staff Friday, July 24, 2020 9:33 AM
- Proposed as answer by CherryZhang2020Microsoft contingent staff Wednesday, August 5, 2020 1:21 AM
Friday, July 24, 2020 9:33 AM
0

Sign in to vote
Hi,

Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

This "Security" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

Best Regards,
Cherry

"Security" forum will be migrating to a new home on Microsoft Q&A!

We invite you to post new questions in the "Security" forum's new home on Microsoft Q&A!

For more information, please refer to the sticky post.
- Edited by CherryZhang2020Microsoft contingent staff Monday, July 27, 2020 7:28 AM
Monday, July 27, 2020 7:28 AM
0

Sign in to vote
Hi，

As this thread has been quiet for a while, we will mark it as ‘Answered’ as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.

This "Security" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

Best Regards,
Cherry

"Security" forum will be migrating to a new home on Microsoft Q&A!

We invite you to post new questions in the "Security" forum's new home on Microsoft Q&A!

For more information, please refer to the sticky post.
- Edited by CherryZhang2020Microsoft contingent staff Wednesday, August 5, 2020 1:21 AM
Wednesday, August 5, 2020 1:21 AM