Threat Response: UPDATE – Critical Vulnerability in Microsoft Server 2003-2019
Previously we notified you about CVE-2020-1350, a serious vulnerability in Microsoft Windows DNS Service. Since the publication of this vulnerability, the Northwave SOC has investigated options for detection so that when abuse starts occurring in the wild, our IDRS customers are protected.
For our SOC customers we implemented several detections. Below you find the measures we took based on our various services and detection components. Of course detection is only possible when the systems in question fall within scope of our monitoring.
– IDRS with a Network Intrusion Detection (NIDS) component: Northwave detects DNS queries directed at your servers that indicate exploitation (exploitation attempts).
– IDRS with process activity events of the DNS servers: Northwave detects suspicious behaviour by the DNS process (dns.exe) that might indicate successful exploitation.
– EDRS: Northwave detects suspicious behaviour by the DNS process (dns.exe) that might indicate successful exploitation.
If you want to know more about how we implemented detection for your organisation, please contact your SOC Security Officer.
We continue to closely monitor the developments around this vulnerability, and improve our detection when new indicators of attack come to light.
The recommendation to immediately patch affected systems still stands.
Northwave will monitor any developments regarding this vulnerability. If new critical information about this threat arises, we will reach out to you. If you need additional information you can call us by phone or send us an email.
E-mail: [email protected]
Do you have an incident right now? Call our CERT number: +31 (0)85-0437 909 or 0800-1744 (alleen vanuit Nederland)
Disclaimer applies, see below.
Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.