Microsoft urge users to patch against critical vulnerability • Blisstech Solutions

Microsoft is warning of a recently discovered critical Windows DNS Server vulnerability that is described as “wormable”. DNS (Domain Name Services) is used by computers all over the world to find each other. The Internet could not work without it. Microsoft DNS is specifically used inside businesses all over the world and allows Windows systems to locate computers and services within the business network. If a business is running Windows desktops and servers, they are almost certainly using Microsoft DNS.

Such a flaw could allow attackers to create special malware that remotely executes a code on Windows servers and creates malicious DNS queries that could even eventually lead to a company’s entire network being compromised.

“Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction,” “Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.” explained Mechele Gruhn,  a principal security program manager at Microsoft.

This vulnerability is as bad as it gets

If you want more detail of what a worm is, remember WannaCry?  This took advantage of the wormable EternalBlue exploit in Windows’ Server Message Block (SMB).   The Common Vulnerability Scoring System (CVSS), gave EternalBlue an 8.5/10 score for severity. If you want a comparison, this new DNS vulnerability has been allocated a severity score of 10/10.

In a blog post published Tuesday, Check Point described in detail how the bug works, and have named the flaw SIGRed, and also said it believes there’s a high chance of this vulnerability being exploited.

“Every organization, big or small using Microsoft infrastructure is at major security risk, if left unpatched. The risk would be a complete breach of the entire corporate network. This vulnerability has been in Microsoft code for more than 17 years; so if we found it, it is not impossible to assume that someone else already found it as well.”

Hard disks in an array lit by blue light

Patch as soon as possible

If you are a home user you needn’t worry as Windows 10 and other DNS client systems are not affected; this only affects Windows servers running DNS.  If you have Active Directory in your organisation, you will be running Microsoft DNS.

Microsoft has released a patch, and affected systems should have this applied as soon as possible.  If applying the update quickly is not practical, a registry-based workaround is available that does not require restarting the server. The update and the workaround are both detailed in CVE-2020-1350.

If you are not sure how this affects you, please get in touch with us. We can help.

More Content

Data loss? Save yourself a mighty headache

What would you do if all of your business data were lost? You might panic or stare at the screen in disbelief. However, if you're prepared, you'll have a safety net in place in the form of reliable and tested data backup. This means you can quickly restore your data...
A laptop and tablet taking a backup

Two simple steps to protect your business data

Data is the lifeblood of most modern businesses.  From important proposals and presentations to a simple one-line email that is proof of something happening that you might need months later.  However, many small businesses are not taking the necessary steps and...
The two big threats of doing business on public Wi-Fi

The two big threats of doing business on public Wi-Fi

Public Wi-Fi can be a lifesaver when you must send an urgent email while out of the office. But did you know it can also put your business data at risk? These are the two big threats you and your team need to be aware of…

90% of cyber attacks start with a simple email. Why?

All it takes is one email... Did you know it can just take one email to bring your entire business to its knees? Why? Because a surprising 90% of cyber attacks begin with an email. And if you and your whole team are reliant on email every day, your chances of falling...
Beware that “support call” – it could be a ransomware scam

Beware that “support call” – it could be a ransomware scam

Would your employees give an unknown caller access to your business devices? But what if they got a Teams chat from someone posing as Microsoft support? Here we tell you all about a new ransomware scam

Man with magnifying glass

Cyber Essentials: A Guide to CE and its Benefits

Many people have heard of Cyber Essentials (CE), but do you know what it is and what benefits it can bring to your business? This article will discuss what cyber essentials is and how it can help your business and the role that a Cyber Essentials assessor plays in...
A woman looking at her phone while working from home

Office 365 and Windows RDS: Maximum Remote Working Flexibility

Windows Remote Desktop Services (RDS) has been around for years. I was using it over 20 years ago and was a fan.  It was an excellent solution for flexible working over slow connections, which is all we had back then!  However, back then, you needed something else to...
Blisstech - Top M365 Tools - Blog image

Unlock the Hidden Productivity Gems within Microsoft 365

Microsoft 365 is a cornerstone for many businesses, but its vast potential often remains untapped. While applications like Word, Excel, PowerPoint, and Teams are widely used, there's a treasure trove of productivity-enhancing tools waiting to be discovered. Embark on...
Be more productive with these Microsoft Edge features

Be more productive with these Microsoft Edge features

In the never-ending mission to be more productive, the latest Microsoft Edge browser could be a powerful ally. We’re telling you about 5 of its best productivity features.

BEC attacks illustrated. Image of a hacker standing behind a computer looking menacing

Business Email Compromise (BEC) attacks are rising

Business Email Compromise (BEC) has emerged as a significant threat to businesses worldwide in recent years. As of March 2025, there has been a staggering 30% increase in BEC attacks. In late February 2025, Microsoft Defender identified nearly 2 million phishing...
Share This
Contact
Love Lane
Cleobury Mortimer
Shropshire DY14 8PE

01299 382 321
[email protected]
Copyright © 2024 Blisstech Solution Ltd
Registered No: 08125391 VAT No : 307 5490 05