CVE-2020-1350 vulnerability and Azure PaaS resources

John Batzer 1 Reputation point
2020-07-21T13:51:35.57+00:00

I've got a customer needing documentation regarding the CVE-2020-1350 vulnerability and its impact on Azure Public and Government clouds especially PaaS and SaaS resources? I've looked around the Azure Security Center along with several other places and not seeing anything regarding the topic.

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
691 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,509 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. GitaraniSharma-MSFT 49,586 Reputation points Microsoft Employee
    2020-07-22T09:23:42.803+00:00

    Hello @John Batzer ,

    Recently, Microsoft released a security update for the issue that is described in CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability. This advisory describes a Critical Remote Code Execution (RCE) vulnerability that affects Windows servers that are configured to run the DNS Server role. The only impacted product is Microsoft Windows DNS servers. And Windows servers that are configured as DNS servers are at risk from this vulnerability.

    Please refer to the below article for Guidance for DNS Server Vulnerability CVE-2020-1350:
    https://support.microsoft.com/en-in/help/4569509/windows-dns-server-remote-code-execution-vulnerability

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please don’t forget to "Accept the answer" wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments

  2. John Batzer 1 Reputation point
    2020-07-22T12:46:13.497+00:00

    @GitaraniSharma-MSFT ,

    Thank you for the response. I had looked at both links you included in your response prior to submitting this question, but these articles seem to only identify the Windows server product line. These articles do not address Azure cloud infrastructure that utilize DNS services behind the scenes like PaaS and SaaS Azure resources.

    If answering the question directly reveals propriety information or presents a security risk, I understand. If that is the case, please point me to documentation that discusses the overall Microsoft Azure security response process to CVEs. That should be sufficient for my customer's needs.

    Again, thank you in advance!

    JB


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.