July 2020 Security Update
Earlier this week, a “critical ‘wormable’ vulnerability” was reported by Microsoft within Windows DNS Server. This vulnerability only impacts Microsoft DNS servers. thinkCSC customers who receive automatic updates do not need to be concerned; patches will be deployed as part of their regular maintenance.
What Is a “Wormable” Vulnerability?
A “wormable” vulnerability is a threat that can spread malware from one vulnerable machine to another without any human action. Current thinkCSC managed IT clients have already had this threat resolved; however, if you have an internal IT department for your organization, we urge you to apply the update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server, as quickly as possible. The vulnerability has a CVSS base score of 10.0 – the highest possible threat rating.
If you are unable to immediately apply the patch to your environment, a registry-based mitigation can be applied. This mitigation does not require you to restart your server, so it can be applied without delay. You can find details of both the vulnerability and the registry mitigation in Microsoft’s CVE-2020-1350 update.
The threat is caused by a misconfiguration is Microsoft’s DNS server role and impacts all versions of Windows Server, allowing unauthenticated hackers to gain Domain Admin privileges on servers. While the threat is critical, it can only be exploited when the system is operating in DNS server mode. This means that the number of vulnerable computers is likely low.
If you have any questions or concerns, please contact your vCIO. If you have not partnered with thinkCSC for your Managed IT needs, please get in touch.