Microsoft urge users to patch against critical vulnerability • Blisstech Solutions

Microsoft is warning of a recently discovered critical Windows DNS Server vulnerability that is described as “wormable”. DNS (Domain Name Services) is used by computers all over the world to find each other. The Internet could not work without it. Microsoft DNS is specifically used inside businesses all over the world and allows Windows systems to locate computers and services within the business network. If a business is running Windows desktops and servers, they are almost certainly using Microsoft DNS.

Such a flaw could allow attackers to create special malware that remotely executes a code on Windows servers and creates malicious DNS queries that could even eventually lead to a company’s entire network being compromised.

“Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction,” “Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.” explained Mechele Gruhn,  a principal security program manager at Microsoft.

This vulnerability is as bad as it gets

If you want more detail of what a worm is, remember WannaCry?  This took advantage of the wormable EternalBlue exploit in Windows’ Server Message Block (SMB).   The Common Vulnerability Scoring System (CVSS), gave EternalBlue an 8.5/10 score for severity. If you want a comparison, this new DNS vulnerability has been allocated a severity score of 10/10.

In a blog post published Tuesday, Check Point described in detail how the bug works, and have named the flaw SIGRed, and also said it believes there’s a high chance of this vulnerability being exploited.

“Every organization, big or small using Microsoft infrastructure is at major security risk, if left unpatched. The risk would be a complete breach of the entire corporate network. This vulnerability has been in Microsoft code for more than 17 years; so if we found it, it is not impossible to assume that someone else already found it as well.”

Hard disks in an array lit by blue light

Patch as soon as possible

If you are a home user you needn’t worry as Windows 10 and other DNS client systems are not affected; this only affects Windows servers running DNS.  If you have Active Directory in your organisation, you will be running Microsoft DNS.

Microsoft has released a patch, and affected systems should have this applied as soon as possible.  If applying the update quickly is not practical, a registry-based workaround is available that does not require restarting the server. The update and the workaround are both detailed in CVE-2020-1350.

If you are not sure how this affects you, please get in touch with us. We can help.

More Content

You’re not imagining it, video calls ARE stressful

You’re not imagining it, video calls ARE stressful

Video calls stressing you out? You’re not alone. Scientists have warned about the negative effects of too much camera time. We have the solution for your team.

Pirated software thumbnail

Don’t walk the plank with pirated software

A huge number of small and medium-sized businesses would consider using pirated software to try and save money. Don’t do it.

Windows 12 is coming… here’s what we know so far

While Windows 11 is only just celebrating its first birthday, we’re already hearing our first rumours about what Windows 12 will have in store. There’s no rush for the time being – we won’t see this new operating system until the back end of 2024 – but we love to be ready for what’s coming next, so here’s what we know …

Logos for Microsoft 365

Migrate to Microsoft 365 manually using PST files

When you are migrating to Microsoft 365 from an existing email provider, you'll want to migrate the emails, contacts and calendar from your users existing mailboxes to their shiny new Microsoft 365 mailboxes.  The best-case scenario is your provider will migrate you...

Tech Tip: How to add your availability to an Outlook Email

Today's Tuesday Two Minute Tech Tip will save you time when arranging meetings. Are you wasting time when trying to book meetings by constantly going back and forth with people trying to find a suitable time? There is a better way to find time for a meeting by using...

Tech Tip: How to use Windows shortcut keys

Good morning everyone and welcome to your Tuesday Two Minute Tech Tip. 👉 Tired of dragging the mouse around the screen to access the things you use all of the time? 👉 Want to hear about some handy shortcuts Windows that you never know existed? Today's tip will help...

When can you finally forget your password?

Passkeys are set to take over from traditional passwords to give us a safer, more secure way of logging into our online accounts.

Stop! And think, before you act on that email

Don’t fall victim to cyber criminals. We explain what a BEC attack is and how to protect your business.

How to choose the correct hardware for your business

Do you know how to choose the correct hardware for business? Slow isn’t often a word you want to associate with your business. But when your hardware isn’t performing, you’ll hear it a lot. Complaints about PCs, your internet connection, even your network. Not only is...
Copilot could soon auto-open in Microsoft Edge

Copilot could soon auto-open in Microsoft Edge

Is Edge your business’s browser of choice? Microsoft’s thinking of automatically opening Copilot when you use it. It could boost productivity, but there are privacy concerns to be aware of…

Share This
Contact
Love Lane
Cleobury Mortimer
Shropshire DY14 8PE

01299 382 321
[email protected]
Copyright © 2024 Blisstech Solution Ltd
Registered No: 08125391 VAT No : 307 5490 05