CVE-2020-1228 — Improper Input Validation in Microsoft Windows Server 2008 R2 Service Pack 1

CWE-20 — Improper Input Validation10 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

14.1%

top 5.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008 R2 Service Pack 1 Microsoft Windows Server 2008 Service Pack 2 Microsoft Windows Server 2012 +16 more

Timeline

PublishedSep 11

Latest updateMar 7

Description

A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive. To exploit the vulnerability, an authenticated attacker could send malicious DNS queries to a target, resulting in a denial of service. The update addresses the vulnerability by correcting how Windows DNS processes queries.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages19 packages

▶CVEListV5microsoft/windows_server_2008_service_pack_26.0.0 — publication

▶CVEListV5microsoft/windows_server_2008_r2_service_pack_16.1.0 — publication+1

▶msrcmsrc/windows_server_2008_for_32-bit_systems_service_pack_2

▶msrcmsrc/windows_server_2008_for_x64-based_systems_service_pack_2

▶msrcmsrc/windows_server_2008_r2_for_x64-based_systems_service_pack_1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-pf2q-6q6p-25p9: A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'↗2022-05-24

▶

GHSA

GHSA-h78g-2jmr-346w: A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'↗2022-05-24

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2023-1228↗2023-03-07

▶

Microsoft

Windows DNS Denial of Service Vulnerability↗2020-09-08

▶

🕵️Threat Intelligence

Trendmicro

September Patch Tuesday Updates Exchange, SharePoint↗2020-09-09

▶

Trendmicro

September Patch Tuesday Updates Exchange, SharePoint↗2020-09-09

▶

Trendmicro

September Patch Tuesday Updates Exchange, SharePoint↗2020-09-09

▶

Tenable

Microsoft’s September 2020 Patch Tuesday Addresses 129 CVEs↗2020-09-08

▶

💬Community

Bugzilla

CVE-2020-6851 openjpeg: Heap-based buffer overflow in opj_t1_clbl_decode_processor()↗2020-01-13

▶