Security researchers have found vulnerability, in Microsoft Windows Up to Server 2019, Active Directory Integrated DNS privilege escalation.
A vulnerability was found in Microsoft Windows (Operating System). It has been declared as critical.
This vulnerability affects an unknown code of the component Active Directory integrated DNS. The manipulation with an unknown input leads to a privilege escalation vulnerability. The CWE definition for the vulnerability is CWE-269 . As an impact it is known to affect confidentiality, integrity, and availability.
As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was shared 09/08/2020 as confirmed security update guide (Website). The advisory is shared for download at portal.msrc.microsoft.com .
The vendor cooperated in the coordination of the public release. This vulnerability was named CVE-2020-0761 . The attack can be initiated remotely. A single authentication is needed for exploitation. There are neither technical details nor an exploit publicly available. The advisory points out:
A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account
Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.