Workaround
The following registry modification has been identified as a workaround for this vulnerability. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters DWORD = TcpReceivePacketSize Value = 0xFF00 Note: A restart of the DNS Service is required to take effect. Please see 4569509 for more information. To remove the workaround: After applying the patch, the admin can remove the value TcpReceivePacketSize and its corresponding data so that everything else under the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters remains as before.
FAQ
This vulnerability has a CVSS Base score of 10. How bad is this? We consider this to be a wormable vulnerability, meaning that it has the potential to spread via malware between vulnerable computers without user interaction. DNS is a foundational networking component and commonly installed on Domain Controllers, so a compromise could lead to significant service interruptions and the compromise of high level domain accounts. Are any other non-Microsoft DNS server implementations impacted by this vulnerability? The vulnerability stems from a flaw in Microsoft’s DNS server implementation and is not the result of a protocol level flaw, so it does not affect any other non-Microsoft DNS server implementations. Under what circumstances would I consider using the registry key workaround? Microsoft recommends everyone who runs DNS servers to install the security update as soon as possible. However, if you are unable to apply the patch right away, Microsoft recommends that you use the workaround as soon as possible to protect your environment in the time before you install the updates. Is the Windows DNS client affected by this vulnerability? No, the vulnerability only affects Microsoft's W...