Microsoft is warning about a 17-year-old crucial Windows DNS server bug that the company has identified as "wormable." Such a weakness could allow attackers to build unique malware that remotely executes code on Windows servers and produces malicious DNS queries that could ultimately lead to a company's network becoming breached.
Wormable vulnerabilities have the ability to spread across compromised computers without user intervention via malware, explains Mechele Gruhn, Microsoft 's key security program manager.
Windows DNS Server is a central network component. While this vulnerability is not currently known to be used in active attacks, it is important that clients submit Windows patches to fix this vulnerability as quickly as possible.
Check Point researchers found a security bug in Windows DNS and sent it back to Microsoft in May. If left unpatched, it makes Windows servers vulnerable to attacks, but Microsoft states that there is no proof that this vulnerability is currently being used.
A patch to repair the bug is now available in all existing versions of Windows Server, so the battle is for network administrators to patch servers as soon as possible before malicious players build ransomware based on the vulnerability.
A breach of a DNS server is a very serious problem, says Omri Herscovici, head of the security testing department at Check Point. Only a handful of these vulnerabilities have ever been released. Any company that uses Microsoft technology, big or tiny, is at significant security risk if left unpatched. The effect will be a complete breach of the whole corporate network.
This bug has been in Microsoft code for more than 17 years; even if we've discovered it, it's not difficult to believe that anyone else has already discovered it.
Windows 10 and other Windows application versions are not affected by the bug, since it just affects the Windows DNS Server implementation of Microsoft. Microsoft is now introducing a registry-based solution to defend against bugs if administrators are unable to easily repair servers.
Microsoft has awarded the maximum risk score of 10 to the Standard Vulnerability Scoring System (CVSS), underlining how severe the issue is. For contrast, the vulnerabilities used in the WannaCry attack were scored at 8.5 on the CVSS. Microsoft has warned of WannaCry-like vulnerabilities in Windows previously, but experts advise administrators to follow the recent calls to patch Microsoft's new patches as soon as practicable.