Microsoft urge users to patch against critical vulnerability • Blisstech Solutions

Microsoft is warning of a recently discovered critical Windows DNS Server vulnerability that is described as “wormable”. DNS (Domain Name Services) is used by computers all over the world to find each other. The Internet could not work without it. Microsoft DNS is specifically used inside businesses all over the world and allows Windows systems to locate computers and services within the business network. If a business is running Windows desktops and servers, they are almost certainly using Microsoft DNS.

Such a flaw could allow attackers to create special malware that remotely executes a code on Windows servers and creates malicious DNS queries that could even eventually lead to a company’s entire network being compromised.

“Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction,” “Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.” explained Mechele Gruhn,  a principal security program manager at Microsoft.

This vulnerability is as bad as it gets

If you want more detail of what a worm is, remember WannaCry?  This took advantage of the wormable EternalBlue exploit in Windows’ Server Message Block (SMB).   The Common Vulnerability Scoring System (CVSS), gave EternalBlue an 8.5/10 score for severity. If you want a comparison, this new DNS vulnerability has been allocated a severity score of 10/10.

In a blog post published Tuesday, Check Point described in detail how the bug works, and have named the flaw SIGRed, and also said it believes there’s a high chance of this vulnerability being exploited.

“Every organization, big or small using Microsoft infrastructure is at major security risk, if left unpatched. The risk would be a complete breach of the entire corporate network. This vulnerability has been in Microsoft code for more than 17 years; so if we found it, it is not impossible to assume that someone else already found it as well.”

Hard disks in an array lit by blue light

Patch as soon as possible

If you are a home user you needn’t worry as Windows 10 and other DNS client systems are not affected; this only affects Windows servers running DNS.  If you have Active Directory in your organisation, you will be running Microsoft DNS.

Microsoft has released a patch, and affected systems should have this applied as soon as possible.  If applying the update quickly is not practical, a registry-based workaround is available that does not require restarting the server. The update and the workaround are both detailed in CVE-2020-1350.

If you are not sure how this affects you, please get in touch with us. We can help.

More Content

Are you using Teams to share sensitive data?

Microsoft Teams has fast become one of THE most useful business tools for the way we work today. No matter where your people work from, they can communicate and collaborate quickly and reliably. But this remote way of working can also open the door to some MAJOR security issues. New research shows that nearly HALF of employees frequently share confidential …

Tech Tip: How to add a mailbox to Outlook

Welcome to our latest tech tip blog post! In this article, we will be discussing how to add a mailbox to Outlook, a widely used email client that allows users to manage multiple email accounts in one place. Whether you're new to Outlook or just need a refresher, this...

Facebook Meta: A New Reality?

Facebook Meta: A New Reality? Facebook has been a part of our lives for the past decade and Facebook Meta is Facebook's next step into the future. Facebook Meta is an augmented reality system that will allow users to play games, purchase items, meet friends, and more...

Get ready for another game-changer from Teams

Microsoft is working hard to lead the AI revolution and its latest update to Teams will certainly make it a front-runner. We think the potential is unlimited, here we’ll tell you why.

LinkedIn takes action to tackle fake accounts

LinkedIn is introducing new verification features over the coming months to help tackle fake accounts. The business-focused social platform is a fantastic place to connect with like-minded businesspeople, and to find new employees, jobs and opportunities. But thanks to this popularity, we’re seeing an increase in fake profiles, created by scammers for more sinister purposes. Bot-like accounts have been cropping …
Read More

Reverse image search makes purchasing and marketing easier

Bing Visual Search makes purchasing and marketing easier

Think the Windows 11 Photo app has little use in your business? Visual Search with Bing is about to change that, with some very useful new functionality… Find out more here.

Blisstech - Top M365 Tools - Blog image

Unlock the Hidden Productivity Gems within Microsoft 365

Microsoft 365 is a cornerstone for many businesses, but its vast potential often remains untapped. While applications like Word, Excel, PowerPoint, and Teams are widely used, there's a treasure trove of productivity-enhancing tools waiting to be discovered. Embark on...
Here’s what’s in store for the last ever Windows ‘Moments’ update

Here’s what’s in store for the last ever Windows ‘Moments’ update

Microsoft will start to roll out its last Windows 11 ‘Moments’ update in a few weeks. After that it’s back to annual updates. We have all the details of the ‘Moments 5’ features you won’t want to miss. .

Why now is a great time to start your own business

"I can accept failure, but I can't accept not trying." - Michael Jordan We are living in unprecedented times.  People are being prevented from leaving their homes and the average worker has been sent to work from home, put on reduced hours, or worse.  It is...

Why setting up Facebook Wi-Fi for your business is a good idea

Setting up Facebook Wi-Fi for your business is a great way to increase customer engagement and loyalty. When customers connect to your guest Wi-Fi they can check in to your business on Facebook to gain access rather than entering a WiFi code. This allows them to stay...
Share This
Contact
Love Lane
Cleobury Mortimer
Shropshire DY14 8PE

01299 382 321
[email protected]
Copyright © 2024 Blisstech Solution Ltd
Registered No: 08125391 VAT No : 307 5490 05