Microsoft’s September Patch Tuesday edition is offering relief from 23 critical security vulnerabilities, including flaws in Active Directory integrated DNS (ADIDNS). The update was released yesterday.
The vulnerability, CVE-2020-0761 in ADIDNS creates a Remote Code Execution (RCE) risk for unpatched systems. “An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account,” Microsoft explains.
The flaw was uncovered by Cyber Security researcher Dirk-jan Mollema working at FoxIT who warned on Twitter the vulnerability, which arises from memory corruption issues, meant an authenticated user could gain system privileges on a domain controller.
This patch Tuesday brings patches for some memory corruptions I found in AD integrated DNS which could lead to RCE from Authenticated Users to SYSTEM on a Domain Controller… CVEs assigned are CVE-2020-0644, CVE-2020-761 and CVE-2020-0718. https://t.co/rVZCS6FeCO
— Dirk-jan (@_dirkjan) September 8, 2020
Updates to Windows Server 2008 and above address the vulnerability by resolving how ADIDNS handles DNS related objects in memory.