Microsoft warns of a critical 17-year Windows DNS Server vulnerability that the company has classified as “wormable”. Such a flaw could allow attackers to create special malware that remotely executes code on Windows servers and creates malicious DNS queries that could even lead to violation of a company’s infrastructure.
“Problematic vulnerabilities have the potential to spread through malware among vulnerable computers without user interaction,” explains Mechele Gruhn, senior manager of the Microsoft security program. Windows DNS Server is a core network component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible. “
Check Point investigators discovered the security flaw in Windows DNS and reported it to Microsoft in May. If left unpatched, it leaves Windows servers vulnerable to attack, although Microsoft notes that it has yet to find evidence that this flaw is being exploited.
:format(webp):no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/20083370/MSC17_dataCenter_050_1600x1066.jpg)
A patch to fix the exploit is available on all supported versions of Windows Server today, but the race is on for system administrators to patch servers as quickly as possible before malicious actors create malware based on the bug.
“A DNS server violation is a very serious thing,” says Omri Herscovici, leader of Check Point’s vulnerability research team. “Only a few of these types of vulnerability have been released. Any organization, large or small, that uses Microsoft infrastructure is at increased security risk, if not patched. The risk would be a complete violation of the entire corporate network. This vulnerability has been in Microsoft code for over 17 years; so if we find it, it’s not impossible to assume that someone else already found it. “
Windows 10 and other versions of Windows client are not affected by the failure, as it only affects Microsoft’s Windows DNS server implementation. Microsoft is also rolling out a registry-based workaround to protect against failure if administrators can’t patch servers quickly.
Microsoft has assigned the highest risk rating of 10 in the Common Vulnerability Scoring System (CVSS), underscoring the severity of the problem. For comparison, the vulnerabilities used by the WannaCry attack were rated 8.5 on CVSS. Microsoft has warned about WannaCry-like vulnerabilities in Windows previously, but researchers are urging administrators to pay attention to the latest calls to install the latest updates from Microsoft as soon as possible.
