Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-38689: Are the Centrify products affected by the Windows DNS Server Remote Code Execution Vulnerability CVE-2020-1350

7 August,20 at 04:29 PM

Question:

Are the Centrify products affected by CVE-2020-1350 which is for a Windows DNS Server Remote Code Execution Vulnerability?

External link to CVE documentation:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=ALAS-2020-1350
https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability

Answer: 

This CVE names the Windows DNS server as attack surface. Centrify is a DNS client so we are NOT exposed to this issue.

We do strongly recommend that our customer's follow Microsoft's suggestion to fix this issue.

Additional information:
One note on the following information from the recommended fix from Microsoft:

"After the workaround is implemented, a Windows DNS server will be unable to resolve DNS names for its clients if the DNS response from the upstream server is larger than 65,280 bytes."

A DNS response that large is unheard of (even for a SRV query), but not impossible if it was crafted by malicious upstream DNS server.
As far as we are aware, there is no known legitimate response that big.