Critical Microsoft DNS Vulnerability

A vulnerability exists in Microsoft Windows DNS server. It is a remote code execution vulnerability that is considered to be wormable, meaning that it can propagate itself automatically to vulnerable systems on the network without user interaction.  It has been assigned the maximum CVSS severity score of 10.

A patch for this vulnerability has been released by Microsoft as part of the July 2020 patch Tuesday release.  It is recommended that the patch be applied as soon as possible, as this vulnerability is considered to be highly exploitable.  At the time of the release of the patches, no exploits have been observed in the wild, although this may change as this vulnerability is now widely publicized.

Additional information on this vulnerability can be found on the Microsoft advisory portal at, including a method to mitigate this vulnerability until the patch can be applied.

Published on  and maintained in Cascade.