Application Security Security Bloggers Network 
SBN

Imperva Shields Against Windows DNS Server RCE Vulnerability (CVE-2020-1350)

by Hemmy Yona on July 21, 2020

Recently, Check Point researchers found a 17-year-old high-profile flaw, SIGRed (CVE-2020-1350). The flaw is a wormable, critical vulnerability in the Windows DNS server, and can be triggered by a malicious DNS response.

On a zero to 10 scale, this vulnerability has received a CVSS base score of 10 in terms of how easy it is to exploit and how damaging it can be. Successful exploitation could lead to a critical RCE on Windows DNS servers due to the improper handling of DNS requests – effectively compromising the entire corporate infrastructure.

Fortunately, Imperva DDoS Protection for Domain Name Servers (DNS) can shield against this vulnerability and ensure the attack is not forwarded to the origin name server. Customers using our protected DNS service are safe provided that their DNS server accepts incoming requests from Imperva’s proxies only (this configuration should be done in the onboarding process); thus, they should block incoming requests from other IPs and block requests that are not for this domain.

How do we protect against this vulnerability? 

The Imperva service checks the requested DNS name and forwards the request to the origin (authoritative DNS server) only if the name matches the authoritative domain name.

For example: If our protected DNS customer protects a DNS domain, d1.com, so that only DNS queries that match: *.d1.com will be forwarded to the origin server; any other domain name will not be forwarded. 

In an attempt to exploit this vulnerability, an attacker would send a malicious DNS query with a domain name that is under the attacker’s control (Ex: *.attacker.com). However, this query will not be forwarded to the origin because it doesn’t match *.d1.com.

If you have further questions about this vulnerability or need additional information on how Imperva can offer you top-notch, edge to end protection, contact us today. 

The post Imperva Shields Against Windows DNS Server RCE Vulnerability (CVE-2020-1350) appeared first on Blog.

*** This is a Security Bloggers Network syndicated blog from Blog authored by Hemmy Yona. Read the original post at: https://www.imperva.com/blog/imperva-shields-against-windows-dns-server-rce-vulnerability-cve-2020-1350/

Hemmy Yona ,