Microsoft DNS Remote Code Execution and work-around

15th July 2020

KB4569509: Guidance for DNS Server Vulnerability CVE-2020-1350 by Microsoft gives the Registry entry to modify here

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
TcpReceivePacketSize
Value = 0xFF00 (DWORD)

Then restart the DNS service.

What our friends at M$ don’t tell us anywhere in the article is what format the registry entry is supposed to be in.

Rapid7 confirms that it is in fact a DWORD value here

To confirm, Regedit will show the decimal equivalent of FF00 to the right which is 65280.