Microsoft urge users to patch against critical vulnerability • Blisstech Solutions

Microsoft is warning of a recently discovered critical Windows DNS Server vulnerability that is described as “wormable”. DNS (Domain Name Services) is used by computers all over the world to find each other. The Internet could not work without it. Microsoft DNS is specifically used inside businesses all over the world and allows Windows systems to locate computers and services within the business network. If a business is running Windows desktops and servers, they are almost certainly using Microsoft DNS.

Such a flaw could allow attackers to create special malware that remotely executes a code on Windows servers and creates malicious DNS queries that could even eventually lead to a company’s entire network being compromised.

“Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction,” “Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.” explained Mechele Gruhn,  a principal security program manager at Microsoft.

This vulnerability is as bad as it gets

If you want more detail of what a worm is, remember WannaCry?  This took advantage of the wormable EternalBlue exploit in Windows’ Server Message Block (SMB).   The Common Vulnerability Scoring System (CVSS), gave EternalBlue an 8.5/10 score for severity. If you want a comparison, this new DNS vulnerability has been allocated a severity score of 10/10.

In a blog post published Tuesday, Check Point described in detail how the bug works, and have named the flaw SIGRed, and also said it believes there’s a high chance of this vulnerability being exploited.

“Every organization, big or small using Microsoft infrastructure is at major security risk, if left unpatched. The risk would be a complete breach of the entire corporate network. This vulnerability has been in Microsoft code for more than 17 years; so if we found it, it is not impossible to assume that someone else already found it as well.”

Hard disks in an array lit by blue light

Patch as soon as possible

If you are a home user you needn’t worry as Windows 10 and other DNS client systems are not affected; this only affects Windows servers running DNS.  If you have Active Directory in your organisation, you will be running Microsoft DNS.

Microsoft has released a patch, and affected systems should have this applied as soon as possible.  If applying the update quickly is not practical, a registry-based workaround is available that does not require restarting the server. The update and the workaround are both detailed in CVE-2020-1350.

If you are not sure how this affects you, please get in touch with us. We can help.

More Content

Can your business go green by switching to the cloud?

Cloud computing has quickly become a popular option for businesses that want to streamline their operations, reduce costs, and become more flexible. But are you swayed by the idea that cloud services are automatically better for the environment? Could the need to do your bit ‘cloud’ your decision-making? Sorry. Bad pun. It’s true that cloud services have environmental benefits compared …
Read More

Is Your Business Ready for Coronavirus Lockdown?

With the COVID-19 coronavirus continuing to spread in the UK, and Italy and China placing lockdowns on their towns and cities, it seems likely that the UK will follow suit if the outbreak continues apace.  Experts have stated today that the spread of the virus in the...

Tech Tip: Understanding Microsoft work and personal accounts

Welcome to another Blisstech Solutions Tuesday Tech Tip! Have you set up both a personal and work Microsoft account and are now running into problems when you are trying to work as you can't work out which account you are logged in with?  You are not alone and we see...
Copilot could soon auto-open in Microsoft Edge

Copilot could soon auto-open in Microsoft Edge

Is Edge your business’s browser of choice? Microsoft’s thinking of automatically opening Copilot when you use it. It could boost productivity, but there are privacy concerns to be aware of…

Cut the Jargon! The top 3 things you should discuss with your IT partner

IT support involves technical tasks, and the language used in this field can be quite technical at times. Therefore, we have created a plain language guide that focuses on the three key areas you should discuss with your technology partner. Contact us if you want to...
Could automation save you from spreadsheet headaches?

Could automation save you from spreadsheet hell?

Spreadsheets slow us down and are too easy to mess up. So, what if I told you there’s a better way to handle data in your business?

Now Copilot’s going to make your team work better together

Now Copilot’s going to make your team work better together

Microsoft isn’t happy just boosting individual productivity. Now it’s set its sights on helping your team work better together. We’ll tell you how.

Why the Cloud is not backup

Cloud computing has revolutionised the way businesses work.  Companies that utilise the cloud will have coped the best with COVID-19 imposed restrictions.  Whether forced to by circumstance or not, businesses are moving from the traditional server in the office to...
How to use Browser Profiles thumbnail

Tech Tip: How to use browser profiles

This Tech Tip is on how to use web browser profiles. If you are a freelancer, virtual assistant, or just wear many hats in your job role, you probably have multiple different logins for the same application. As so many applications are web-based, we have to login to...

Tech Tip: How to add an email alias as FROM address in Outlook

You've been using Microsoft Outlook for a while now and you're comfortable with the interface. But there's one thing you still haven't figured out how to do- send an email from an alias address. Microsoft 365 has made it possible to easily add a new FROM address in...
Share This
Contact
Love Lane
Cleobury Mortimer
Shropshire DY14 8PE

01299 382 321
[email protected]
Copyright © Blisstech Solution Ltd
Registered No: 08125391 VAT No : 307 5490 05