Hi,
Got this from a friend of mine, I can’t verify. Any comments?
So this is an interesting one: Updated info yesterday from Microsoft regarding a DNS protocol (?) vulnerability in dns resolvers - with no CVE reference. First released on Dec 8,2020, last updated Aug 28 2025. No CVE. No PoC or known exploitation. A dns cache poisoning caused by IP fragmentation (!), and the suggested (temporary?) workaround is to reduce the Maximum UDP packet size to 1221 bytes, so that larger requests will switch to TCP.
I've seen some weird issues & workarounds throughout my years. This is absolutely one of those cases!
https://msrc.microsoft.com/update-guide/vulnerability/ADV200013
/amel
________________________
Anne-Marie Eklund Löwinder
Amelsec AB
Hägervägen 27, 122 39 Enskede
+46 734315310
@amelsec.bsky.social
DNS-dagen
Välkommen till en heldag som enbart handlar om DNS
Du anmäler dig till DNS-dagen via följande länk:
https://registryt.wufoo.com/forms/dns-dagen/
Bekräftade talare:
Jakob Schlyter
Mikael Kullberg
Torbjörn Eklöv
Jonathan Magnusson
Ulrich Wisser
Pamela Davidsson
Mats Dufberg
Johan Stenstam
Kristian Ørmen
10 september 2025 kl. 10:00 - 19:30 på Internetstiftelsen
Internetstiftelsen
Hammarby Kaj 10D
120 07 Stockholm
Agenda:
10:00 – 12:00 Talks
12:00 – 13:00 Lunch
13:00 – 15:00 Talks
15:30 – 15:30 Fika
16:00 – 17:30 Talks
17:30 – 19:30 AW
Dela gärna inbjudan, även med personer som inte finns med på ns.se-listan.
Välkommen!
Med vänliga hälsningar,
Kristian Ørmen
Internetstiftelsen
