Knowledge Base

CVE-2020-1350 in Microsoft DNS Server: SIGRed : A remote unauthenticated attacker can run arbitrary code on behalf of SYSTEM on Windows servers

Situation

There is a critical vulnerability in Windows DNS Server.

Windows DNS server is a component provided by the Windows Operating system and the fix has already been delivered by Microsoft.

Impact

A remote unauthenticated attacker who successfully exploited the vulnerability can run arbitrary code on behalf of SYSTEM on a Windows Server. Plesk for Windows installations with installed Windows DNS Server are affected.

Affected Operating Systems

Windows Server 2019, 2016, 2012 R2, 2012. These versions are all supported by Plesk.

Call to action

Install windows updates in Windows > Start and search for Windows Updates.

As a workaround this can be applied:

Workaround #1

Connect to the server via RDP
Start CMD
Set the maximum length of a DNS message (over TCP) to 0xFF00:

C:> reg add “HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDNSParameters” /v “TcpReceivePacketSize” /t REG_DWORD /d 0xFF00 /f
Restart the DNS Service:

C:> net stop DNS && net start DNS
After Windows updates are installed, remove the workaround:

C:> reg delete “HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDNSParameters” /v “TcpReceivePacketSize”

Workaround #2

Install and use BIND DNS Server instead of Microsoft DNS Server:

Log into Plesk.
Go to Tools & Settings > Updates > Add/Remove Components, select BIND DNS Server, and click Continue.
Go to Tools & Settings > Server Components > DNS Server, select BIND DNS Server, and click OK.