Microsoft DNS servers are affected by critical security vulnerability. There is remote code execution vulnerability exists in all DNS servers used in Windows Server 2008 and higher operating system. Microsoft has released an update for Windows Server 2012, Windows Server 2012 R2, Windows server 2016 and Windows server 2019. They have released an update for end of life operating system Window Server 2008 R2 but it looks like it is available to those users who have opted their paid addon to continue use Windows Server 2008 R2.

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.

For more information, refer CVE-2020-1350 Windows DNS Server Remote Code Execution Vulnerability.

- Kailash