Microsoft urge users to patch against critical vulnerability • Blisstech Solutions

Microsoft is warning of a recently discovered critical Windows DNS Server vulnerability that is described as “wormable”. DNS (Domain Name Services) is used by computers all over the world to find each other. The Internet could not work without it. Microsoft DNS is specifically used inside businesses all over the world and allows Windows systems to locate computers and services within the business network. If a business is running Windows desktops and servers, they are almost certainly using Microsoft DNS.

Such a flaw could allow attackers to create special malware that remotely executes a code on Windows servers and creates malicious DNS queries that could even eventually lead to a company’s entire network being compromised.

“Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction,” “Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.” explained Mechele Gruhn,  a principal security program manager at Microsoft.

This vulnerability is as bad as it gets

If you want more detail of what a worm is, remember WannaCry?  This took advantage of the wormable EternalBlue exploit in Windows’ Server Message Block (SMB).   The Common Vulnerability Scoring System (CVSS), gave EternalBlue an 8.5/10 score for severity. If you want a comparison, this new DNS vulnerability has been allocated a severity score of 10/10.

In a blog post published Tuesday, Check Point described in detail how the bug works, and have named the flaw SIGRed, and also said it believes there’s a high chance of this vulnerability being exploited.

“Every organization, big or small using Microsoft infrastructure is at major security risk, if left unpatched. The risk would be a complete breach of the entire corporate network. This vulnerability has been in Microsoft code for more than 17 years; so if we found it, it is not impossible to assume that someone else already found it as well.”

Hard disks in an array lit by blue light

Patch as soon as possible

If you are a home user you needn’t worry as Windows 10 and other DNS client systems are not affected; this only affects Windows servers running DNS.  If you have Active Directory in your organisation, you will be running Microsoft DNS.

Microsoft has released a patch, and affected systems should have this applied as soon as possible.  If applying the update quickly is not practical, a registry-based workaround is available that does not require restarting the server. The update and the workaround are both detailed in CVE-2020-1350.

If you are not sure how this affects you, please get in touch with us. We can help.

More Content

How To Secure Your Business When Remote Working

The global COVID-19 crisis means that more people are remote working than ever before.  Businesses rushed to enable their employees to work from anywhere very quickly, which may include access to sensitive company data.  In the rush to stay operational during the...

Tech Tip: How to find the tools you need in Microsoft Office

Welcome to a new Tuesday tech tip video, and it's another speedy, but useful one Are you struggling to find the tools you need in Office applications? Me too! Since Microsoft introduced the ribbon in Office applications, it has become harder to find tools that you...

Some bosses think their people do less when working from home

Microsoft has become the leader of productivity over many decades. Can you imagine doing your day to day work without their software? So it’s no surprise the tech giant recently conducted a major new survey into productivity in the workplace – and some of the results might surprise you. Researchers surveyed 20,000 people working for […]

Learn how to talk tech with our Jargon Buster

Do you find IT terminology difficult to comprehend? To ensure effective communication with our clients, we strive to avoid using technical jargon. However, having a basic understanding of some IT terminologies may prove advantageous in seeking IT assistance in the...
HRMC Crown

The tax relief few businesses know about

A quick summary: When you buy certain new equipment (including computers) you can claim 130% capital allowance What that means: If you spend £1,000 on computer equipment, it'll reduce your corporation tax bill as if you had spent £1,300 How long does it last? It will...

What is Proactive Monitoring and how can it protect your business?

How proactive monitoring will help your business weather any storm. You are the captain of your business's ship. You have a loyal and skilled team behind you. You are ready for any challenge! Or so you thought. Then, one day, without warning, a vast digital monster...
Here’s what’s in store for the last ever Windows ‘Moments’ update

Here’s what’s in store for the last ever Windows ‘Moments’ update

Microsoft will start to roll out its last Windows 11 ‘Moments’ update in a few weeks. After that it’s back to annual updates. We have all the details of the ‘Moments 5’ features you won’t want to miss. .

A mailbox with NO SPAM written on it

Spam emails are losing your business hundreds of hours every year

Spam emails: Very annoying and everyone hates them! They take up your time and make it hard for you to get other work done! A recent study found that each one of our employees could be losing 80 hours per year due the hassle associated with managing spam. That’s a LOT...

Tech Tip: How to use Windows Clipboard History

Welcome to a new Tuesday tech tip video where I will show you a really cool Windows feature called Clipboard History. Do you ever find yourself copying and pasting the same text or images over and over again? If so, you're not alone. But there's a better way! Windows...
Overconfident employees: Your hidden cyber security threat?

Overconfident employees: Your hidden cyber security threat?

Your team are smart, right? They’d never fall for a scam email or click a suspicious link. At least, that’s what they think. Here’s why overconfidence could spell disaster for your business’s security.

Share This
Contact
Love Lane
Cleobury Mortimer
Shropshire DY14 8PE

01299 382 321
[email protected]
Copyright © 2024 Blisstech Solution Ltd
Registered No: 08125391 VAT No : 307 5490 05