Patch CVE-2020-1350 with Ansible

Assuming you are using ansible to manage your Windows infra, here’s a quick and dirty task to fix CVE-2020-1350.

- name: Mitigate CVE-2020-1350
  hosts: platform_windows
  tasks:
    - name: Gather info on DNS service
      win_service:
        name: DNS
      register: dns_info

    - name: Fix registry key to mitigate CVE-2020-1350
      win_regedit:
        path: HKLM:\SYSTEM\CurrentControlSet\Services\DNS\Parameters
        name: TcpReceivePacketSize
        data: 0xFF00
        type: dword
      when: dns_info["exists"]

    - name: Restart DNS service if it was running
      win_service:
        name: DNS
        state: restarted
      when: dns_info["state"] == "running"

References:

https://twitter.com/NotMedic/status/1283085721771933700
https://thehackernews.com/2020/07/windows-dns-server-hacking.html
https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin:-exploiting-a-17-year-old-bug-in-windows-dns-servers/

Patch CVE-2020-1350 with Ansible

2020/07/14