The July 2020 security updates released by Microsoft addressed a vulnerability (CVE-2020-1350) in Microsoft DNS server. The vulnerability affects all Windows Server since Windows Server 2008. Successful exploitation of the vulnerability could allow an unauthenticated attacker to execute arbitrary code in the context of the Local System Account on a targeted Windows Server. Users are advised to apply the latest security update on the affected systems immediately to mitigate the elevated risk of cyber attacks.
Microsoft Internet Explorer 9, 11
Microsoft Edge (EdgeHTML-based)
Microsoft Windows 7, 8.1, RT 8.1, 10
Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
Microsoft Windows Server, version 1903, version 1909, version 2004
Microsoft 365 Apps for Enterprise
Microsoft Office 2010, 2016 for Mac, 2019, 2019 for Mac
Microsoft System Center Endpoint Protection, 2012, 2012 R2
Skype for Business Server 2015, 2019
Visual Studio Code
Depending on the vulnerability exploited, a successful attack could lead to remote code execution, elevation of privilege, tampering, denial of service, information disclosure and spoofing.
Patches for affected products are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
Microsoft also provides a registry-based workaround to limit the length of the DNS response from the upstream server to 65280 bytes. Details of the workaround could be found at the following URL: