Dowst.Dev

A patch has been released for the security vulnerability CVE-2020-1350, which has a 10 out of 10 on the CVSS scale and affects all Windows DNS servers from 2003 to 2019. However, since not everyone can patch systems right away, Microsoft has provided a workaround. The workaround restricts the size of DNS response packets, which only requires a restart of the DNS service and not the entire server. I recommend reading the knowledge base article to understand all the risks, prior to implementing in your environment.

The script below will apply the recommended registry setting and restart the DNS service on a remote computer.

$Computer = 'YourComputer'
Invoke-Command -computername $Computer -ScriptBlock {
    New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\DNS\Parameters" -Name "TcpReceivePacketSize" -Value "0xFF00" -PropertyType "DWord" -Force
    Restart-Service -Name DNS -Force
}

# Open the specified Registry Hive on a remote machine specified. LocalMachine = HKLM / CurrentUser = HKCU
$computer = 'localhost'
$w32reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine',$computer)

# Open the specific registry key (exclude hive from path)
$keypath = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI'
$SubKey = $w32reg.OpenSubKey($keypath)

# Return data for a specific value
$SubKey.GetValue('LastLoggedOnUser')

# List all values
$SubKey.GetValueNames()

# Return data for all values to hashtable
$AllValues = @{}
$SubKey.GetValueNames() | ForEach-Object{
    $AllValues.Add($_,$SubKey.GetValue($_))
}
$AllValues

$ShellFolders = Get-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
$ShellFolders.Desktop