Vulnerabilities SAP Microsoft DNS – What is important to know about the two critical vulnerabilities of SAP and MicrosoftDNS published on July 14?
The 2020 gives us no respite, in addition to everything that is happening, continue to arrive news of attacks “hackers” and Data Breach to bodies of primary importance and companies of every order and degree.
Along with this news there is a lot of excitement also regarding new serious vulnerabilities that are discovered and published. After Citrix and MS Exchange, it’s time for SAP and Microsoft’s DNS service.
We suggest you spend two minutes to read these few lines.
SIGRED – MICROSOFT DNS SERVICE VULNERABILITY
Vulnerability coded as: CVE-2020-1350 (CVSS 10, critical)
Microsoft DNS is a service present in almost all organizations, because it is a founding element of the Active Directory architecture.
By exploiting this vulnerability present in all Windows Server systems since 2003 to date, on which the DNS service is active, you can get an administrator access to the system itself.
The reasons that make this vulnerability critical are as follows:
- The DNS service is almost certainly present on the network.
- The vulnerability is “wormable”, meaning it can be exploited by malware, so it does not require a physical presence on the network.
If the DNS service is exposed on the Internet, the problem becomes even more critical.
Note: A DNS service should NEVER be exposed unless adequately protected by specific systems as it is susceptible to attacks of various types including the “DNS amplification attack” which, if exploited, can cause interruption of service to you and to third parties by your unwitting through.
Microsoft has already released the patch for the CVE-2020-1350 vulnerability:
For further details:
If it is not possible to update the system in a short time we recommend these two possible mitigations:
- Change the following registry key in the affected systems:
– reg add “HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services DNS Parameters” /v “TcpReceivePacketSize” /t REG_DWORD /d 0xFF00 /f
– net stop DNS && net start DNS - In a properly segregated network, you can activate the corresponding IPS signature to block the ability to exploit the network-wide vulnerability.
RECON – SAP NETWEAVER APPLICATION SERVER (AS) JAVA VULNERABILITY Vulnerability coded as: CVE-2020-6287 (CVSS 10, critical)
The following vulnerability, present in the LM Configuration Wizard Remote component of SAP netweaver Application Server (AS) Java, allows an attacker to compromise the SAP system by obtaining unauthorized access, read and modify the data as well as making the service unavailable.
The component, when present, is typically exposed on the Internet via an https interface, which makes it particularly vulnerable as accessible by anyone.
Below is a non-exhaustive list of potentially vulnerable systems:
- Enterprise Resource Planning SAP,
- Product Lifecycle Management,
- Customer Relationship Management,
- Supply Chain Management,
- Supplier Relationship Management,
- NetWeaver Business Warehouse,
- Business Intelligence,
- NetWeaver Mobile Infrastructure,
- Enterprise Portal,
- Process Orchestration/Process Integration),
- Solution Manager,
- NetWeaver Development Infrastructure,
- Central Process Scheduling,
- NetWeaver Composition Environment,
- Landscape Manager
SAP recommends installing the Patch immediately or disabling the component if it is not possible to upgrade in a short time.
For further details:
To request this check you can write to:
- security-alert@intuity.it indicating the URL or IP address of the exposed SAP system.
- Or call 049 817 0850.
- Contact us here
In both cases you will receive an e-mail communication in response with the test result.
If you want to have a more in-depth analysis of the impact that both vulnerabilities may have, also in relation to your specific configuration, please call the number indicated to evaluate a specialist intervention.