Microsoft urge users to patch against critical vulnerability • Blisstech Solutions

Microsoft is warning of a recently discovered critical Windows DNS Server vulnerability that is described as “wormable”. DNS (Domain Name Services) is used by computers all over the world to find each other. The Internet could not work without it. Microsoft DNS is specifically used inside businesses all over the world and allows Windows systems to locate computers and services within the business network. If a business is running Windows desktops and servers, they are almost certainly using Microsoft DNS.

Such a flaw could allow attackers to create special malware that remotely executes a code on Windows servers and creates malicious DNS queries that could even eventually lead to a company’s entire network being compromised.

“Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction,” “Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.” explained Mechele Gruhn,  a principal security program manager at Microsoft.

This vulnerability is as bad as it gets

If you want more detail of what a worm is, remember WannaCry?  This took advantage of the wormable EternalBlue exploit in Windows’ Server Message Block (SMB).   The Common Vulnerability Scoring System (CVSS), gave EternalBlue an 8.5/10 score for severity. If you want a comparison, this new DNS vulnerability has been allocated a severity score of 10/10.

In a blog post published Tuesday, Check Point described in detail how the bug works, and have named the flaw SIGRed, and also said it believes there’s a high chance of this vulnerability being exploited.

“Every organization, big or small using Microsoft infrastructure is at major security risk, if left unpatched. The risk would be a complete breach of the entire corporate network. This vulnerability has been in Microsoft code for more than 17 years; so if we found it, it is not impossible to assume that someone else already found it as well.”

Hard disks in an array lit by blue light

Patch as soon as possible

If you are a home user you needn’t worry as Windows 10 and other DNS client systems are not affected; this only affects Windows servers running DNS.  If you have Active Directory in your organisation, you will be running Microsoft DNS.

Microsoft has released a patch, and affected systems should have this applied as soon as possible.  If applying the update quickly is not practical, a registry-based workaround is available that does not require restarting the server. The update and the workaround are both detailed in CVE-2020-1350.

If you are not sure how this affects you, please get in touch with us. We can help.

More Content

Phishing – If you’re under pressure to take urgent action – stop and think

Phishing scams are one of the biggest security threats to your business right now and cybercriminals are always coming up with new phishing techniques. A massive 83% of organisations said they suffered successful attacks last year. And with just under a third of...

It’s nearing the end for Windows 10 – Are you ready?

It’s time to say goodbye to Windows 10 Next year, we’ll say a final farewell to Windows 10 as it reaches the end of its life. Microsoft is stopping support. This means no new tools or features and no more security updates. If you’re still using Windows 10 in your...

Tech Tip: Master Your Multitasking – Switching Apps and Desktops Like a Pro

Welcome to a new Tuesday tech tip video where I will show you how to switch between applications and desktops in Windows quickly. Sick of losing track of what you're doing because you have too many windows open? Let's face it: we've all been there. Well, this video is...
And the award for most common phishing scam goes to…

And the award for most common phishing scam goes to…

Which phishing scam are you and your employees most at risk from? We tell you about the most common phishing emails and the easy way to stay safe.

If it ain’t broke… Windows update makes signing out simple again

Windows update makes is easy to sign out of Windows 11 again

Having trouble finding the sign out button in Windows 11? You’re not the only one! Luckily, Microsoft have listened… find out more here.

Data loss? Save yourself a mighty headache

What would you do if all of your business data were lost? You might panic or stare at the screen in disbelief. However, if you're prepared, you'll have a safety net in place in the form of reliable and tested data backup. This means you can quickly restore your data...

Tech Tip: How to Follow Sites in SharePoint

Hello, Happy New Year and welcome to today's Tuesday Two Minute Tech Tip which is about how to find the data you want to access in SharePoint and OneDrive. If you are working with files in Teams and on SharePoint sites, you might wonder why you do not see the sites...
Pirated software thumbnail

Don’t walk the plank with pirated software

A huge number of small and medium-sized businesses would consider using pirated software to try and save money. Don’t do it.

The little things that make a big difference

The little things that make a big difference

Microsoft’s made another update to Windows 11, and while it’s a small one, it could make a big impact. We have all the details of what’s changing.

Tech Tip: How to use a Password Manager

This Tech Tip is a tip on how to manage your passwords. It's a long tip this week, but that's because there is a lot to tell! With so many things being done online now, passwords are needed constantly.  But with the advice that every password should be unique and not...
Share This
Contact
Love Lane
Cleobury Mortimer
Shropshire DY14 8PE

01299 382 321
[email protected]
Copyright © 2024 Blisstech Solution Ltd
Registered No: 08125391 VAT No : 307 5490 05