On July 14th, 2020, security researchers announced the discovery of a new vulnerability in the Windows DNS service in all Windows Server versions dating back to at least Server 2003. The vulnerability is considered to be a wormable, meaning that there is the potential to spread between vulnerable computers without user interaction via malware.
Immediate action should be taken to mitigate this vulnerability.
At this time, there is both a workaround and patch released by Microsoft to secure systems against this threat. The workaround will prevent exploitation until you can install the patch and does not require a restart of the server. Visit the Microsoft Security Update Guide for information and instructions.
This vulnerability, named CVE-2020-1350, has been rated at 10 (out of 10) on the Common Vulnerability Scoring System (CVSS). This scoring system is designed to provide a quantitative value to the severity of vulnerabilities.
DNS is a foundational networking component and commonly installed on Domain Controllers, so a compromise could lead to significant service interruptions and the compromise of high-level domain accounts. The Domain Name System, DNS, is a key component in how the internet and other services work. You could view it as a phonebook to keep track of addresses your computer needs to access. This system constantly updates each time you try to navigate to a new website or service.
Contact us right away if you need assistance implementing the patch or workaround, or if you have questions about this vulnerability.