Microsoft’s July 2020 Patch Tuesday release has fixes for over 120 security vulnerabilities found in a dozen of its software products. This is typically the case with Patch Tuesday releases, but there is one vulnerability in particular that you should pay close attention to.
Microsoft has announced that it released an update for Critical Remote Code Execution vulnerability in Windows DNS server. The vulnerability is known as CVE-2020-1350 and is classified as a wormable vulnerability with a CVSS base score of 10.0. A CVSS base score of 7.0 to 10.0 is considered high severity. Microsoft has a security update available to mitigate the vulnerability.
Microsoft says that the security update it has published addresses the vulnerability by modifying how Windows DNS servers handle requests. Anyone who operates a Windows DNS server should download the security update appropriate to their Windows Server build immediately. Workable vulnerabilities such as this have the potential to spread between vulnerable computers without any user interaction.
Microsoft says that the vulnerability isn’t known to be used in active attacks. However, Microsoft is clear that all customers should apply the update to address the vulnerability as soon as possible. Those with automatic updates turned on will have the update applied automatically. Anyone in an environment who is unable to apply the security update right away can use a Microsoft supplied workaround until they can apply the update. The workaround involves a registry modification:
Microsoft has already been informed of this issue and the software maker acknowledged that the flaw can allow hackers to take over multiple machines. Hence, it has the ability to cause significant damage.
This is especially dangerous for corporate customers that run their own platforms since the exploit is fairly simple to use. One of Check Point’s researchers Omri Herscovici has said that: DNS server breach may be a very serious thing since it puts the attacker only one inch faraway from breathing the whole organization.
He added that the fact that this flaw has persisted for more than 17 years means that attackers have most likely discovered it already and have possibly used it to their advantage. Fortunately, Microsoft has already issued a patch for this vulnerability on the Tuesday update. They are urging everyone to download the update immediately and we would recommend the same.