Watch this one come around to bite people in a few months.
Pretty much every server needs to be patched. The EXTERNAL risk might be quite low if you have correctly configured firewalls and networks. Unfortunately, the INTERNAL risk is immense unless you apply the work around below immediately.
This critical vulnerability is as bad as the Petya virus that went around a few years ago, and could be just as costly for your business if you don’t take action.
Any of your staff members could hack into your servers at will right now. I hope you don’t have any disaffected members on your team who know a bit about IT.
There’s a patch to apply but in the meantime you can apply this work around in PowerShell and restart the DNS service without interrupting anything.
Try {
$current_val = (Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\DNS\Parameters -Name TCPReceivePacketSize -ErrorAction SilentlyContinue).TCPReceivePacketSize
If ($current_val) {
Write-Host "Current Value of the registry key: $current_val"
} Else {
Write-Host "Reg Key doesn't exist."
}
If (Test-Path "C:\yourlocationhere") {
$backup = "C:\yourlocationhere\TCPReceivePacketSize_Edit.reg"
} Else {
$backup = "C:\TCPReceivePacketSize_Edit.reg"
}
Reg Export HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters $backup
Write-Host "Backup created."
New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\DNS\Parameters" -PropertyType DWORD -Name TcpReceivePacketSize -Value '0xFF00' -Force -ErrorAction Stop
Write-Host "Registry Value changed successfully."
} Catch {
Throw $_
}
Try {
Restart-Service "DNS Server" -Force -ErrorAction Stop
Write-Host "Service Restarted successfully."
} Catch {
Throw $_
}
