New Delhi, July 15 (IANS) Microsoft has released a patch after researchers from cybersecurity firm Check Point identified a critical security flaw in Windows DNS, the implementation of domain name system (DNS) services provided by Microsoft in Windows operating systems.
Check Point researchers said that the vulnerability had been in Microsoft code for more than 17 years.
Microsoft on Tuesday warned all customers to apply Windows updates to address this vulnerability as soon as possible.
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More This is because the vulnerability in Windows DNS Server has been classified as a "wormable" vulnerability which has the potential to spread via malware between vulnerable computers without user interaction.
"Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible," Mechele?Gruhn,?Principal Security PM Manager,? Microsoft Security Response Center,? said in a blog post.
"Today we released an update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a 'wormable' vulnerability and has a CVSS base score of 10.0," Gruhn said, adding that non-Microsoft DNS Servers are not affected.
Sagi Tzaik, a vulnerability researcher at Check Point, discovered a security flaw that would enable a hacker to craft malicious DNS queries to the Windows DNS server, and achieve arbitrary code execution that could lead to the breach of the entire infrastructure.
The critical vulnerability, named SigRed by Check Point researchers, affects Windows server versions from 2003-2019.
DNS, often referred to as the "phonebook of the Internet", is part of the global Internet infrastructure that translates the familiar website names that we all use, into the strings of numbers that computers need in order to find that website, or send an email.
It's the "address book" of the internet.
On May 19, Check Point Research responsibly disclosed its findings to Microsoft.
Microsoft acknowledged the security flaw issued a patch (CVE-2020-1350) on Tuesday.
"A DNS server breach is a very serious thing. Most of the time, it puts the attacker just one inch away from breaching the entire organization. There are only a handful of these vulnerability types ever released," Omri Herscovici, Check Point's Vulnerability Research Team Leader, said in a statement.
"Every organization, big or small using Microsoft infrastructure is at major security risk, if left unpatched. The risk would be a complete breach of the entire corporate network," Herscovici said.
"This vulnerability has been in Microsoft code for more than 17 years; so if we found it, it is not impossible to assume that someone else already found it as well," Herscovici added.
--IANS
gb/na
Next Story
I quit McKinsey after 1.5 years. I was making over $200k but my mental health was shattered.
Some Tesla factory workers realized they were laid off when security scanned their badges and sent them back on shuttles, sources say
I tutor the children of some of Dubai's richest people. One of them paid me $3,000 to do his homework.
Why are so many elite coaches moving to Western countries?
Global GDP to face a 19% decline by 2050 due to climate change, study projects
5 things to keep in mind before taking a personal loan
Markets face heavy fluctuations; settle lower taking downtrend to 4th day
Move over Bollywood, audio shows are starting to enter the coveted ‘100 Crores Club’
