ALL ABOUT CVE-2020-1350 Microsoft DNS Vulnerability and How to Fix it

CVE-2020-1350 which also known as SIGRED is a Microsoft Windows DNS vulnerability with CVSS rating 10 and published on 14th July 2020.

In this video, I'll explain completely regarding this vulnerability, how the attacker exploits the vulnerable host, how to fix it, and mitigate it.

This integer overflow leading to Heap-Based buffer overflow which makes the attacker have the ability to send Remote Command Execution (RCE) to gain additional privileges over your DNS Server.

List of Windows Server version affected by Vulnerability:
Windows Server, version 2004 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1803 (Server Core Installation)
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2

How to mitigate this vulnerability:
As recommended by Microsoft you need to make the following registry change to restrict the size of the largest inbound TCP-based DNS response packet that's allowed.

Open the command prompt with the administrator account
Type bellow command:
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v "TcpReceivePacketSize" /t REG_DWORD /d 0xFF00 /f
net stop DNS && net start DNS