Hello, welcome to the Wednesday, July 15th, 2020 edition of the Sandtonet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Well, the big news, of course, today is Microsoft's patch Tuesday for July, well, we got 123 vulnerabilities being addressed,

17 of which are critical and two were previously disclosed. But these numbers don't tell

the full story this time. There's one vulnerability that really sticks out this month,

and that's CVE 2020-1350,

a remote code execution vulnerability in Windows DNS server.

This vulnerability has a CVSS score of 10, so a perfect 10 CVSS score, and course as a result a code being executed using this

vulnerability will run as system.

So the real question here is how soon should we expect an exploit for this vulnerability

currently no exploit has been released.

Checkpoint who has discovered this vulnerability believes that this vulnerability will likely be exploited soon.

Checkpoint has held back on a detailed blog post about this vulnerability to give people more time to patch.

Of course, there is not a lot we know at this point about this vulnerability.

The workaround that Microsoft published gives us a little hint in that it restricts the size

of TCP DNS responses.

The default maximum DNS response size is 65,535,

so full 64 kilobytes or FFF in hexadecimal.

Now Microsoft suggests that you adjust the registry setting for the maximum DNS response

size via TCP to FF00 in hexadecimal, so just 255 bytes less.

So according to this, it looks like in order to exploit this vulnerability, an attacker will

trick your DNS server into sending a request to a malicious DNS server.

...