14 DAY TRIAL // The July 2020 cumulative updates resolve a security bug in Windows Server which Microsoft describes as “wormable,” which means that attackers can use exploit kits that would eventually allow them to break into systems and compromise the DNS Server.
First of all, it’s important to know this is a bug in the Windows Server DNS, and it was discovered by security point Check Point.
This is a 17-year-old security flaw, and it does not affect Windows clients, but only Windows Server.
The following systems are impacted:
- Windows Server 2008 Service Pack 2
- Windows Server 2008 Service Pack 1
- Windows Server 2012
- Windows Server 2012 R2
- Windows server 2016
- Windows Server 2019
- Windows Server version 1903
- Windows Server version 1909
- Windows Server version 2004
Microsoft has rated the flaw with a critical security label, and while the company explains that it’s not aware of any attacks happening in the wild, it does admit that exploitation is more likely.
“A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability. To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server,” Microsoft explains in CVE-2020-1350.
“CSS Base score of 10.”
Mechele Gruhn, Principal Security PM Manager, MSRC, recommends systems admins to turn to a registry-based workaround if patching isn’t possible right now.
Worth knowing is that the flaw has been given a CSS Base score of 10, which is the maximum rating for a security vulnerability. This emphasizes just how important patching really is this time, and Microsoft warns that leaving a system without the security fixes could pretty much be an open invitation for malicious actors to break into a computer.
Especially now that the vulnerability gains more attention, that is.
“We consider this to be a wormable vulnerability, meaning that it has the potential to spread via malware between vulnerable computers without user interaction. DNS is a foundational networking component and commonly installed on Domain Controllers, so a compromise could lead to significant service interruptions and the compromise of high level domain accounts,” the company says.
Check Point, the company that discovered the vulnerability, reported it to Microsoft in May this year, so the company needed only two months to resolve it.
The security vendor, however, warns that there’s a good chance cybercriminals would begin looking into ways to exploit the flaw and explains that the likelihood of someone else to also be aware of the DNS Server bug is pretty high.
“Exploitation is more likely.”
“We believe that the likelihood of this vulnerability being exploited is high, as we internally found all of the primitives required to exploit this bug, which means a determined hacker could also find the same resources. In addition, some Internet Service Providers (ISPs) may even have set up their public DNS servers as WinDNS,” they say.
Without a doubt, patching should be a priority for all system admins, although it goes without saying that this isn’t necessarily the easiest thing to do, especially these days when some are still working from home due to the global health crisis. However, if patching isn’t possible, make sure that you try out the registry workaround linked to above, as this is the easiest and fastest way to prevent a possible exploit aimed at this flaw.
For now, Microsoft says it’s not aware of any attacks, but it goes without saying that this could all change starting right now, as cybercriminals might begin looking into the whole thing to find a way to break into Windows Server systems.