A blog posted by Microsoft Security Response Center last week had many IT and Network engineers very worried. They announced the release of an update to fix a major vulnerability (probably an understatement!) in Windows DNS Server. The patch addresses a remote code execution vulnerability, detailed under CVE-2020-1350.

This remote code execution flaw has been scored a maximum 10/10 on the CVSS scoring matrix and is classed as “wormable”, meaning it has the potential to spread via malware between vulnerable computers without user interaction. Windows DNS Server is a core networking component.

It’s not yet known if this vulnerability has been used in an active attack, however the updates released are considered essential. This only affects Windows DNS servers, so Linux wins here!

A colleague of mine pointed out the potential impact the exploit could have when he sent me an article published by Rapid7. The article shares the findings of Project Sonar, an open source scanning system and dataset made available to security researchers. In early July Project Sonar found just under 50,000 Microsoft DNS servers in UDP and TCP DNS scans with the vulnerability. They also discovered that 20 companies in the Fortune 500 had 250 at-risk servers exposed to the outside world. Scary!

When we heard about the vulnerability the BrightCloud support team worked around the clock to patch every server under a managed service to address this issue so that none of our customers were exposed.

Having worked in the IT industry for over 15 years, I have seen first-hand the devastating effect of malware attacks on a company. Specialising in backup and disaster recovery for most of my career, I have recovered a lot of data for customers. They fortunately saw the value of protecting their data and had a backup in the cloud. However, I have also seen customers lose years’ worth of data because they didn’t have a working backup, such as one customer that when trying to restore data found out their tape backup hadn’t been working properly for years!

It’s important to remember that whilst perimeter security and patching are vitally important, Backup and Disaster Recovery are the ultimate insurance policy against exploits, ransomware and malware attacks. You have the peace of mind that your data is always recoverable if the worst happens. Sadly backups are now being targeted by malware and 3-2-1 backup has become an ineffective defence. That is why BrightCloud Backup scans the data as it is backed up to check for both malware and infected files. This alerts you to any previously undetected infections as well as safeguarding your back-ups by quarantining infected files.