Remote Code Execution CVE-2020-1350 affecting Windows DNS Servers
Incident Report for Pulsant Service
Identified
On 14th July 2020 Microsoft disclosed a remote code execution vulnerability (CVE-2020-1350) affecting Windows Server releases configured as Domain Name System (DNS) servers. Successful exploitation of this vulnerability would allow an adversary to run arbitrary code in the context of the Local System Account.

Pulsant engineers are working to apply security updates to managed servers as soon as possible, and where this cannot be done quickly they will be implementing the technical mitigation workaround provided by Microsoft. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350.

Pulsant recommends that all customers who manage their own servers, follow the guidance detailed in the link above as soon as possible.
Posted Jul 15, 2020 - 09:47 BST