Microsoft urge users to patch against critical vulnerability • Blisstech Solutions

Microsoft is warning of a recently discovered critical Windows DNS Server vulnerability that is described as “wormable”. DNS (Domain Name Services) is used by computers all over the world to find each other. The Internet could not work without it. Microsoft DNS is specifically used inside businesses all over the world and allows Windows systems to locate computers and services within the business network. If a business is running Windows desktops and servers, they are almost certainly using Microsoft DNS.

Such a flaw could allow attackers to create special malware that remotely executes a code on Windows servers and creates malicious DNS queries that could even eventually lead to a company’s entire network being compromised.

“Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction,” “Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.” explained Mechele Gruhn,  a principal security program manager at Microsoft.

This vulnerability is as bad as it gets

If you want more detail of what a worm is, remember WannaCry?  This took advantage of the wormable EternalBlue exploit in Windows’ Server Message Block (SMB).   The Common Vulnerability Scoring System (CVSS), gave EternalBlue an 8.5/10 score for severity. If you want a comparison, this new DNS vulnerability has been allocated a severity score of 10/10.

In a blog post published Tuesday, Check Point described in detail how the bug works, and have named the flaw SIGRed, and also said it believes there’s a high chance of this vulnerability being exploited.

“Every organization, big or small using Microsoft infrastructure is at major security risk, if left unpatched. The risk would be a complete breach of the entire corporate network. This vulnerability has been in Microsoft code for more than 17 years; so if we found it, it is not impossible to assume that someone else already found it as well.”

Hard disks in an array lit by blue light

Patch as soon as possible

If you are a home user you needn’t worry as Windows 10 and other DNS client systems are not affected; this only affects Windows servers running DNS.  If you have Active Directory in your organisation, you will be running Microsoft DNS.

Microsoft has released a patch, and affected systems should have this applied as soon as possible.  If applying the update quickly is not practical, a registry-based workaround is available that does not require restarting the server. The update and the workaround are both detailed in CVE-2020-1350.

If you are not sure how this affects you, please get in touch with us. We can help.

More Content

Templates and Slide Masters in PowerPoint title

Tech Tip: How to use Templates and Slide Masters in PowerPoint

This Tech Tip will show you how to use templates and Slide Masters in PowerPoint to give your presentations a professional and consistent look. I've been using PowerPoint for over 25 years and have created a lot of presentations. Previously, I would work from a...
Man with magnifying glass

Cyber Essentials: A Guide to CE and its Benefits

Many people have heard of Cyber Essentials (CE), but do you know what it is and what benefits it can bring to your business? This article will discuss what cyber essentials is and how it can help your business and the role that a Cyber Essentials assessor plays in...
How to use footnotes and endnotes in Word

Tech Tip: How to use footnotes and endnotes in Word

This Tech Tip is another tip for Microsoft Word. If you use Word to write documentation, contracts or any other type of detailed document, then this tip is for you. Usually, when you write such a document, you may need to expand on certain sentences without making the...

Tech Tip: How to create a scheduling poll using Outlook

Welcome to a new Tuesday tech tip video where we will be exploring how to create a scheduling poll using Outlook. You know what it's like when you are trying to get everyone together for a meeting. Trying to find a time that suits everyone can be a real pain! There...

What is the Microsoft Modern Workplace?

Microsoft has been hard at work over the past few years to create a new "modern" workplace. Sounds great right, but what is this, and what are its benefits? The Microsoft Modern Workplace is designed to make it easier for employees to collaborate online, and to help...

Can your business go green by switching to the cloud?

Cloud computing has quickly become a popular option for businesses that want to streamline their operations, reduce costs, and become more flexible. But are you swayed by the idea that cloud services are automatically better for the environment? Could the need to do your bit ‘cloud’ your decision-making? Sorry. Bad pun. It’s true that cloud services have environmental benefits compared …
Read More

Microsoft Remove Delay Windows 10 Updates in version 2004

We recently wrote an article on how to delay Windows 10 updates so that you can wait until issues are resolved before you install new updates.  However, in the Windows 10 2004 update, Microsoft has removed the ability to delay Feature Updates for up to 365 days in the...
Laptop on a desk with a picture of a hand holding a globe

Get on top of this now if any of your staff are hybrid working

People are increasingly doing their work remotely and hybrid working has become the new norm. Despite the fact that it has been more than two years since many of us were forced to work from home, too many organisations still do not have the appropriate cyber security...

Windows 11 optional update: Why it’s better to wait  

Microsoft has just announced an option for people to trial new features before their general release in Windows 11.  This isn’t about fixes to security flaws – everyone gets those at the same time.   This is an opportunity for businesses to jump the queue to receive new features and updates first.  Sound exciting?   Yes!   Worth the risk?   Not quite.  Our …
Read More

Are you ready for next-gen email security? (YES!)

Are you ready for next-gen email security? (YES!)

Sick of spam emails? We have details of a cool new tool to help keep us better protected.

Share This
Contact
Love Lane
Cleobury Mortimer
Shropshire DY14 8PE

01299 382 321
[email protected]
Copyright © 2023 Blisstech Solution Ltd
Registered No: 08125391 VAT No : 307 5490 05