Summary

Security Advisory ID : BSA-2020-1051

Component : Windows DNS

Revision : 1.0: Final

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.

To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server.

The update addresses the vulnerability by modifying how Windows DNS servers handle requests. The Vulnerability is also known as 'wormable' vulnerability more at: https://msrc-blog.microsoft.com/2020/07/14/july-2020-security-update-cve-2020-1350-vulnerability-in-windows-domain-name-system-dns-server/

Affected Products

No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.

Note

Brocade Manageability products are not vulnerable to Windows DNS Server Vulnerability. However, since the environment that runs the products is not under Brocade's control, Brocade recommends Customers to apply recommendation from the vendors.

Revision History