Min menu


Microsoft warns of 17-year-old dangerous vulnerability in Windows DNS Server

Microsoft on Tuesday cited a critical security vulnerability that has existed in the Windows DNS Server system 17 years ago, and has classified it as wormable, which means that single exploitation of the vulnerability can cause a chain reaction that allows the attacker to spread from one weak computer to another, without having to Any interaction from the victims.

“Windows DNS Server is a key component for networks,” Mechele Gruhn, director of Microsoft Security Program, explained in a post. Although it is not currently known if this security vulnerability was used in active attacks, it is necessary for customers to update Windows to address this vulnerability as soon as possible. ”

Researchers at Check Point discovered the security vulnerability in the Windows DNS Server and reported it to Microsoft in May. Left unchecked, it leaves Windows servers vulnerable to attack, however, Microsoft has confirmed that it has found no evidence that anyone has exploited the vulnerability.

Microsoft launched a patch fix patch across all supported versions of Windows Server today, but it is now the responsibility of systems administrators who have to update servers as quickly as possible before cybercriminals build malware based on the vulnerability.

Omri Herscovici - Check Point vulnerability research team leader warns that "DNS server hacking is very dangerous." He added: “Never before have there been so few such loopholes. Every large or small organization that uses Microsoft’s infrastructure is exposed to significant security risks; If left unchecked. The risk would be a complete breach of the entire corporate network. This vulnerability has been in Microsoft code for more than 17 years. So finding it means that it's only natural to assume that someone else has already found it too. ”

Note that the regular Windows 10 operating system and other client versions are not affected by the vulnerability. It only affects Microsoft DNS Server implementation. Microsoft has launched a solution based on the Windows Registry system to protect against the vulnerability, in the event that officials are not able to update servers quickly.