CVE-2020-0718 : Security Advisory and Response
Published by Microsoft on September 11, 2020, CVE-2020-0718 discloses a remote code execution flaw in Active Directory integrated DNS (ADIDNS) impacting Windows Server versions, potentially allowing attackers to execute arbitrary code.
On September 11, 2020, Microsoft published a CVE for an Active Directory Remote Code Execution Vulnerability affecting various Windows Server versions.
Understanding CVE-2020-0718
What is CVE-2020-0718?
A remote code execution vulnerability in Active Directory integrated DNS (ADIDNS) allows attackers to execute arbitrary code in the context of the Local System Account.
The Impact of CVE-2020-0718
Exploiting the vulnerability involves sending malicious requests to an ADIDNS server, potentially leading to system compromise.
Technical Details of CVE-2020-0718
Vulnerability Description
- Vulnerability in ADIDNS mishandles objects in memory
- Authenticated attacker exploitation risk
Affected Systems and Versions
- Windows Server 2008 to 2019 (various versions)
- x64-based systems
Exploitation Mechanism
- Attackers send malicious requests to ADIDNS servers
Mitigation and Prevention
Immediate Steps to Take
- Apply the update addressing ADIDNS memory handling
- Monitor for any signs of exploitation
Long-Term Security Practices
- Ensure regular security updates and patches
Patching and Updates
- Keep systems up-to-date with security patches