CISA Releases Emergency Directive on Critical Microsoft Vulnerability

["US-CERT" <US-CERT () ncas us-cert gov>]

Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:



CISA Releases Emergency Directive on Critical Microsoft Vulnerability [ 
https://us-cert.cisa.gov/ncas/current-activity/2020/07/16/cisa-releases-emergency-directive-critical-microsoft-vulnerability
 ] 07/16/2020 03:28 PM EDT 
Original release date: July 16, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive 20-03 addressing a 
critical vulnerabilityCVE-2020-1350affecting all versions of Windows Server with the Domain Name System (DNS) role 
enabled. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability 
is considered wormable because malware exploiting it on a system could, without user interaction, propagate to other 
vulnerable systems.

Although Emergency Directive 20-03 applies only to certain Executive Branch departments and agencies, CISA strongly 
recommends state and local governments, the private sector, and others patch this critical vulnerability as soon as 
possible. Review the following resources for more information:


  * CISA Emergency Directive 20-03: Mitigate Windows DNS Server Remote Code Execution Vulnerability from July 2020 
Patch Tuesday [ https://cyber.dhs.gov/ed/20-03/ ] 
  * CISA Blog on Emergency Directive (ED 20-03) Windows DNS Server Vulnerability [ 
https://www.cisa.gov/blog/2020/07/16/emergency-directive-ed-20-03-windows-dns-server-vulnerability ] 
  * Microsoft Security Vulnerability Information for CVE-2020-1350 [ 
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350 ] 
  * Microsoft Security Blog Post: CVE-2020-1350 Vulnerability in Windows DNS Server [ 
https://msrc-blog.microsoft.com/2020/07/14/july-2020-security-update-cve-2020-1350-vulnerability-in-windows-domain-name-system-dns-server/
 ] 

This product is provided subject to this Notification [ https://us-cert.cisa.gov/privacy/notification ] and this 
Privacy & Use [ https://www.dhs.gov/privacy-policy ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]