Microsoft warns of a 17-year-old critical Windows DNS Server vulnerability that the company has classified as “wormable”. Such a bug could allow attackers to create special malware that remotely executes code on Windows servers and creates malicious DNS queries that can ultimately result in an organization’s infrastructure being compromised.
“Wormable vulnerabilities can spread through malware between vulnerable computers without user interaction,” explains Mechele Gruhn, Principal Security Program Manager at Microsoft. “Windows DNS Server is a central network component. Although it is not currently known that this vulnerability is being used in active attacks, it is important that customers apply Windows updates to resolve this vulnerability as soon as possible. “
Check point researchers discovered the vulnerability in Windows DNS and reported it to Microsoft back in May. If left unpatched, Windows servers are vulnerable to attack, although Microsoft notes that no evidence has been found to exploit this bug.
A patch to fix the exploit is available today for all supported versions of Windows Server. However, it is time for system administrators to patch servers as quickly as possible before malicious actors create malware due to the bug.
“A DNS server violation is a very serious thing,” warns Omri Herscovici, head of the Checkpoint vulnerability research team at Check Point. “There are only a handful of these vulnerability types that have ever been released. Any company, large or small, that uses Microsoft infrastructure is at great risk of security if it is not patched. The risk would be a complete violation of the entire corporate network. This vulnerability has been in Microsoft code for more than 17 years. So if we found it, it is not impossible to assume that someone else has already found it. “
Windows 10 and other client versions of Windows are not affected by the bug as it only affects Microsoft’s Windows DNS Server implementation. Microsoft also publishes a registry-based workaround to protect itself from the error when administrators cannot quickly patch servers.
Microsoft has awarded the highest risk rating of 10 for the Common Vulnerability Scoring System (CVSS) to underline how serious the problem is. For comparison, the vulnerabilities that the WannaCry attack used were rated 8.5 in CVSS. Microsoft has already warned of WannaCry-like exploits in Windows, but researchers are asking administrators to pay attention to the latest calls to install the latest updates from Microsoft as soon as possible.