Cloud Telecoms

Microsoft patches 17-year-old wormable bug in Windows DNS Server

DNS, which is often described as the “phonebook of the internet”, is a network protocol for translating human-friendly computer names into ones that the computer understands. Because it is such a core component of networks, there are many solutions and implementations of DNS servers out there, Microsoft DNS servers being one of them and extensively used in your typical network environment.

The bug has been deemed “wormable,” which means a single exploit could spread from one unpatched server to another.

Businesses running Windows Server for DNS resolution are being urged to apply a patch released as part of Microsoft’s July Patch Tuesday rollout. The patch resolves the DNS bug that has been around for 17 years but has been identified by Microsoft as critical following its recent discovery by cyber threat intelligence provider Check Point Research.

Listed on a Microsoft Security Advisory page, the flaw known as “CVE-2020-1350 Windows DNS Server Remote Code Execution Vulnerability,” (it just flows off the tongue, doesn’t it!) points to a problem with Microsoft’s implementation of DNS that can result in a server improperly handling domain name resolution (DNS) requests.

The flaw, which can be triggered by a malicious DNS response, was discovered by Check Point researchers, who reported it to Microsoft in May. According to their detailed write-up, an attacker who can exploit the vulnerability would gain Domain Administrator rights and seize control of the target’s entire IT infrastructure.

This could entail accessing and stealing documents and tampering with emails or network traffic. The likelihood of the vulnerability being exploited was deemed high.

If you have a Managed IT Services or Cloud Services contract with Radius then you do not have to worry about patching your server,  a patch update has already been carried out for you.

Those businesses that don’t have a managed service contract need to apply a patch update if their automatic updates are not enabled.

If you have any concerns we urge you to contact us straight away by phone 0818 592 500 or by email to sales@radius.ie

Call our sales team now on LoCall 0818 592500.

Alternatively, please send us a message via the form below and we’ll call you back.

Get in Touch

Certified Excellence

Radius maintain both ISO quality and Information Security certification. With GDPR regulations now in force, it’s critical that your IT partner handles your organisation’s sensitive data with the highest of standards.

ISO Quality and Information Security certification requires rigorous processes to be embedded at the heart of everything we do. Radius is proud to maintain this standard, awarded to only the very top tier of IT service providers.

Industry leading partnerships

Radius is a gold Microsoft partner for Datacenter and Cloud Solutions, a preferred HP and Cisco partner and a Retail Excellence Ireland gold partner. These partnerships give us unrivalled access to the best technology to support our clients’ IT and Telecoms needs.