DNS, which is often described as the “phonebook of the internet”, is a network protocol for translating human-friendly computer names into ones that the computer understands. Because it is such a core component of networks, there are many solutions and implementations of DNS servers out there, Microsoft DNS servers being one of them and extensively used in your typical network environment.
The bug has been deemed “wormable,” which means a single exploit could spread from one unpatched server to another.
Businesses running Windows Server for DNS resolution are being urged to apply a patch released as part of Microsoft’s July Patch Tuesday rollout. The patch resolves the DNS bug that has been around for 17 years but has been identified by Microsoft as critical following its recent discovery by cyber threat intelligence provider Check Point Research.
Listed on a Microsoft Security Advisory page, the flaw known as “CVE-2020-1350 Windows DNS Server Remote Code Execution Vulnerability,” (it just flows off the tongue, doesn’t it!) points to a problem with Microsoft’s implementation of DNS that can result in a server improperly handling domain name resolution (DNS) requests.
The flaw, which can be triggered by a malicious DNS response, was discovered by Check Point researchers, who reported it to Microsoft in May. According to their detailed write-up, an attacker who can exploit the vulnerability would gain Domain Administrator rights and seize control of the target’s entire IT infrastructure.
This could entail accessing and stealing documents and tampering with emails or network traffic. The likelihood of the vulnerability being exploited was deemed high.
If you have a Managed IT Services or Cloud Services contract with Radius then you do not have to worry about patching your server, a patch update has already been carried out for you.
Those businesses that don’t have a managed service contract need to apply a patch update if their automatic updates are not enabled. If you have any concerns we urge you to contact us straight away by phone 0818 592 500 or by email to email@example.com