17-Year-Old Windows DNS Server Bug Fixed: What, When, Why

The July 2020 cumulative updates resolve a security bug in Windows Server which Microsoft describes as “wormable,” meaning attackers may use exploit kits that would eventually allow them to enter systems and compromise the DNS Server.

First of all, it’s vital that you know this can be a bug in the Windows Server DNS, also it was discovered by security point Check Point.

This can be a 17-year-old security flaw, also it has no effect on Windows clients, only Windows Server.

The following systems are impacted:

Windows Server 2008 Service Pack 2
Windows Server 2008 Service Pack 1
Windows Server 2012
Windows Server 2012 R2
Windows server 2016
Windows Server 2019
Windows Server version 1903
Windows Server version 1909
Windows Server version 2004

Microsoft has rated the flaw having a critical security label, and while the organization explains that it’s unaware of any attacks happening within the wild, it does admit that exploitation is more likely.

“A remote code execution vulnerability exists in Windows Website name System servers when they neglect to properly handle requests. An assailant who successfully exploited the vulnerability could run arbitrary code in the context of the neighborhood System Account. Windows servers that are configured as DNS servers are at risk out of this vulnerability. To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server,” Microsoft explains in CVE-2020-1350.

CSS Base score of 10.

Mechele Gruhn, Principal Security PM Manager, MSRC, recommends systems admins to turn to a registry-based workaround if patching isn’t possible at this time.

Worth knowing is that the flaw has been given a CSS Base score of 10, which is the maximum rating for any security vulnerability. This emphasizes precisely how important patching is really this time, and Microsoft warns that leaving a system without the security fixes could pretty much be a wide open invitation for malicious actors to break right into a computer.

Especially since the vulnerability gains more attention, that’s.

“We think about this to be a wormable vulnerability, meaning that it has the potential to spread via malware between vulnerable computers without user interaction. DNS is a foundational networking component and commonly placed on Domain Controllers, so an agreement could lead to significant service interruptions and also the compromise of high level domain accounts,” the organization says.

Check Point, the organization that discovered the vulnerability, reported it to Microsoft in May this season, therefore the company needed only two months to resolve it.

The safety vendor, however, warns that there’s a good chance cybercriminals would start looking into methods to exploit the flaw and explains that the probability of someone else also to be aware of the DNS Server bug is pretty high.

Exploitation is much more likely.

“We think that the likelihood of this vulnerability being exploited is high, as we internally found all of the primitives required to exploit this bug, meaning a determined hacker may also find the same resources. Additionally, some Isps (ISPs) may even have setup their public DNS servers as WinDNS,” they say.

Certainly, patching should be a priority for all system admins, even though it is obvious that this isn’t necessarily the simplest move to make, especially these days when some are still working from home due to the global health crisis. However, if patching isn’t possible, make sure that you check out the registry workaround linked to above, as this is the easiest and fastest method to prevent a possible exploit aimed at this flaw.

For the time being, Microsoft says it’s not aware of any attacks, however it is obvious that this could all change starting at this time, as cybercriminals might start looking in to the whole thing to find away out to break into Windows Server systems.