Skip to main content

Microsoft warns of critical Windows DNS Server vulnerability that’s ‘wormable’

Microsoft warns of critical Windows DNS Server vulnerability that’s ‘wormable’

/

System admins need to patch servers as quickly as possible

Share this story

A stock image of the Microsoft logo.
Image by Alex Castro / The Verge

Microsoft is warning of a 17-year-old critical Windows DNS Server vulnerability that the company has classified as “wormable.” Such a flaw could allow attackers to create special malware that remotely executes code on Windows servers and creates malicious DNS queries that could even eventually lead to a company’s infrastructure being breached.

“Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction,” explains Mechele Gruhn,  a principal security program manager at Microsoft. “Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.”

Researchers at Check Point discovered the security flaw in Windows DNS and reported it to Microsoft back in May. If left unpatched, it leaves Windows servers vulnerable to attacks, although Microsoft notes that it hasn’t found evidence that this flaw is being exploited yet.

Servers at a Microsoft datacenter.
Servers at a Microsoft datacenter.
Image: Microsoft

A patch is available for all supported versions of Windows server today

A patch to fix the exploit is available across all supported versions of Windows Server today, but the race is on for system administrators to patch servers as quickly as possible before malicious actors create malware based on the flaw.

“A DNS server breach is a very serious thing,” warns Omri Herscovici, Check Point’s vulnerability research team leader. “There are only a handful of these vulnerability types ever released. Every organization, big or small using Microsoft infrastructure is at major security risk, if left unpatched. The risk would be a complete breach of the entire corporate network. This vulnerability has been in Microsoft code for more than 17 years; so if we found it, it is not impossible to assume that someone else already found it as well.”

Windows 10 and other client versions of Windows are not affected by the flaw, as it only affects Microsoft’s Windows DNS Server implementation. Microsoft is also releasing a registry-based workaround to protect against the flaw if admins are unable to patch servers quickly.

Microsoft has assigned the highest risk score of 10 on the Common Vulnerability Scoring System (CVSS), underlining how serious the problem is. For comparison, the vulnerabilities that the WannaCry attack used were rated at 8.5 on CVSS. Microsoft has warned of WannaCry-like exploits in Windows before, but researchers are urging admins to heed the latest calls to install Microsoft’s latest updates as soon as possible.