{"id":14559,"date":"2020-05-24T11:19:01","date_gmt":"2020-05-24T09:19:01","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=14559"},"modified":"2022-01-05T15:29:37","modified_gmt":"2022-01-05T14:29:37","slug":"windows-dns-server-denial-of-service-schwachstelle","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/05\/24\/windows-dns-server-denial-of-service-schwachstelle\/","title":{"rendered":"Windows DNS Server Denial of Service vulnerability"},"content":{"rendered":"

[German<\/a>]Another addendum from last week. Microsoft has issued a security advisory regarding a DNS Server Denial of Service vulnerability in Windows. <\/p>\n

<\/p>\n

\"\"The whole thing kind of stuck with me because it was flushed into my mailbox on 5\/20\/20\/20. Here is the notification.<\/p>\n

*********************************************************************
Title: Microsoft Security Advisory Notification
Issued: May 19, 2020
*********************************************************************<\/p>\n

Security Advisories Released or Updated on May 19, 2020
=======================================================<\/p>\n

* Microsoft Security Advisory ADV200009<\/p>\n

ADV200009<\/a> | Windows DNS Server Denial of Service Vulnerability
– Reason for Revision: Information published.
– Originally posted: May 19, 2020
– Updated: N\/A
– Version: 1.0<\/p>\n

The background is explained by Microsoft in ADV200009<\/a>.Microsoft is aware of a vulnerability related to packet forwarding in DNS resolution for Windows servers. An attacker could exploit this vulnerability for DoS attacks, causing the DNS server service to stop responding.<\/p>\n

The vulnerability from Microsoft's perspective<\/h2>\n

To exploit this vulnerability, an attacker would have to have access to at least one client and one domain that responds with a large set of reference records without glue records that point to external victim subdomains. When resolving a name from the attacker's client, the resolver contacts the victim's domain for each reference record found. This action can generate a large number of communications between the recursive resolver and the victim's authoritative DNS server to trigger a Distributed Denial of Service (DDoS) attack.<\/p>\n

The NXNSAttack <\/h2>\n

If I haven't got it wrong, this should be the NXNSAttack problem (amplification attacks on the name servers) linked in the above tweet<\/p>\n

\n

#NXNSAttack<\/a> can abuse #DNS<\/a> servers for amplifying #DoS<\/a> attacks. Please patch #BIND<\/a> (CVE-2020-8616), #Unbound<\/a> (CVE-2020-12662), #Knot<\/a> (CVE-2020-12667) und #PowerDNS<\/a> (CVE-2020-10995) etc. – https:\/\/t.co\/hFr0Tsp8SV<\/a> pic.twitter.com\/Ho4gilqbpk<\/a><\/p>\n

\u2014 CERT-Bund (@certbund) May 21, 2020<\/a><\/p><\/blockquote>\n