Login

Register

Login

Register

#microsoft | #microsoftsecurity | Microsoft warns of critical Windows DNS Server vulnerability that’s ‘wormable’ – | #cybersecurity | #informationsecurity

[ad_1]

Microsoft is warning of a 17-year-old critical Windows DNS Server vulnerability that the company has classified as “wormable.” Such a flaw could allow attackers to create special malware that remotely executes code on Windows servers and creates malicious DNS queries that could even eventually lead to a company’s infrastructure being breached.

“Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction,” explains Mechele Gruhn,  a principal security program manager at Microsoft. “Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.”

Researchers at Check Point discovered the security flaw in Windows DNS and reported it to Microsoft back in May. If left unpatched, it leaves Windows servers vulnerable to attacks, although Microsoft notes that it hasn’t found evidence that this flaw is being exploited yet.

Servers at a Microsoft datacenter.
Image: Microsoft

A patch to fix the exploit is available across all supported versions of Windows Server today, but the race is on for system administrators to patch servers as quickly as possible before malicious actors create malware based on the flaw.

“A DNS server breach is a very serious thing,” warns Omri Herscovici, Check Point’s vulnerability research team leader. “There are only a handful of these vulnerability types ever released. Every organization, big or small using Microsoft infrastructure is at major security risk, if left unpatched. The risk would be a complete breach of the entire corporate network. This vulnerability has been in Microsoft code for more than 17 years; so if we found it, it is not impossible to assume that someone else already found it as well.”

Windows 10 and other client versions of Windows are not affected by the flaw, as it only affects Microsoft’s Windows DNS Server implementation. Microsoft is also releasing a registry-based workaround to protect against the flaw if admins are unable to patch servers quickly.

Microsoft has assigned the highest risk score of 10 on the Common Vulnerability Scoring System (CVSS), underlining how serious the problem is. For comparison, the vulnerabilities that the WannaCry attack used were rated at 8.5 on CVSS. Microsoft has warned of WannaCry-like exploits in Windows before, but researchers are urging admins to heed the latest calls to install Microsoft’s latest updates as soon as possible.

Source link

______________________________________________________________________________________________

Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .



[ad_2]

Source link
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW