Microsoft DNS Server Vulnerability Highlights Importance of Patching

July 22nd, 2020 by James Talbot

Microsoft recently released their monthly patches for Microsoft Windows, and this months release includes fixes for 123 security flaws across 13 products. Amongst these fixes, there is a patch for Microsoft DNS Server. The patch addresses a remote code execution vulnerability, detailed under CVE-2020-1350.

This remote code execution flaw has been scored a maximum 10/10 on the CVSS scoring matrix due to its ability to be executed unauthenticated with no user interaction, and has the potential to be turned into an automated or “wormable” exploit. It also runs under the highest possible privileges as SYSTEM, meaning it has full access to the targeted machine.

The Microsoft DNS service is mainly used to support Microsoft Active Directory environments, and is routinely installed on Active Directory Domain Controllers. As this is a critical part of the core infrastructure that performs authentication and authorisation mechanisms to control access to all Domain joined systems, it is imperative that these servers are protected. A threat actor could potentially exploit a Domain Controller running DNS, elevate their rights to become a Domain Administrator, then laterally move to every other system in the network that is Domain joined or uses Active Directory as a trusted authentication source. This can include SaaS based applications (such as Office 365), Linux servers integrated with Samba, network devices via RADIUS, amongst others.

Security fixes such as these are a regular occurrence. The WannaCry outbreak is a good example of threat actors exploiting unpatched systems when a fix is available. While Microsoft had released patches previously to close the exploit, much of WannaCry’s spread was from organisations that had not applied these, or were using older Windows systems that were past their end-of-life. The attack was estimated to have affected more than 200,000 computers across 150 countries, with total damages ranging from hundreds of millions to billions of pounds; all because they were not patched.

Why Patching is Important

Businesses rely on their information technology infrastructure to operate their business effectively, save money, and increase profitability. However, the growing threat of malicious virus and ransomware attacks in recent years has forced businesses to re-evaluate their security posture.

Microsoft produce regular security patches for their system vulnerabilities and research has shown that the most efficient way to be protected against attacks is to ensure that every machine in the environment has the latest patches installed. If just one computer in the environment is not patched, it can threaten the stability of the entire environment and possibly inhibit normal functionality.

For maximum protection you need a solution that manages patches for Microsoft operating systems and applications in an automated, yet stringently controlled process.

Patching is a key part of the Government’s security guidance as part of Cyber Essentials, for more information visit www.cyberessentials.ncsc.gov.uk.

Patch Management as a Service

Some Managed Service Providers, including BrightCloud, have designed patch management services to remove the burden of managing patching cycles for virtual or physical server estates. Benefits of a patch management service include:

• No need to resource time-consuming patching operations
• Allows you to act quickly when new vulnerabilities are discovered
• Servers can be patched remotely
• Patching can happen on a schedule that suits you

Share

• Tweet