7 August,20 at 04:29 PM
This CVE names the Windows DNS server as attack surface. Centrify is a DNS client so we are NOT exposed to this issue.
We do strongly recommend that our customer's follow Microsoft's suggestion to fix this issue.
Additional information:
One note on the following information from the recommended fix from Microsoft:
"After the workaround is implemented, a Windows DNS server will be unable to resolve DNS names for its clients if the DNS response from the upstream server is larger than 65,280 bytes."
A DNS response that large is unheard of (even for a SRV query), but not impossible if it was crafted by malicious upstream DNS server.
As far as we are aware, there is no known legitimate response that big.