Anyone doing anything re: CVE-2020-1350 https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability
Applying the workaround on all Windows DCs and DNS servers. No issues so far…
To work around this vulnerability, make the following registry change to restrict the size of the largest inbound
TCP-based DNS response packet allowed:
Value = 0xFF00
Note You must restart the DNS Service for the registry change to take effect.
• The Default (also max) Value = 0xFFFF
• The Recommended Value = 0xFF00 (255 bytes less than the max)
After the workaround is implemented, a Windows DNS server will be unable to resolve DNS names for its clients when the DNS response from the upstream server is larger than 65280 bytes.
We posted an Agent Procedure on our home page (https://www.mspbuilder.com) that performs this update. No login required.
There wil be agent procedure on exchange.
Glenn great procedure and we have deployed it globally.
Anyone have a report to run to verify the status (pass\fail) of the Agent Procedure. I'm sure its easy but I'm missing something in the formatting and clients have been asking all day.
Thanks - simple but effective. The procedure was set to fail if any part of the process failed. I won't assume creating a custom field for tracking - I hate that, especially for temporary stuff like this, but you could easily end the procedure with a command to update the status in a CF and run a report from that. One trick, since this will terminate on any failure, is to write the CF with an "unknown" status at the start, and then update it at the end with "Fix applied".