Windows DNS Wormable Vulnerability
A newly discovered vulnerability in the Windows Server OS could potentially allow hackers to intercept your emails and harvest your login credentials over the internet.
The flaw affects Windows-based Domain Name System (DNS) servers, which act as the web’s phonebook to translate your website look-ups and send you to the right destinations. But researchers at security firm Check Point found they could send specially crafted DNS queries to a target server and run any computer code they wanted, including malware—no authentication required.
“These servers are present in every organization, and if exploited, would give a hacker Domain Administrator rights over the server,” Check Point wrote in a Tuesday report. With such control, the hacker could reroute the network traffic to intercept user emails and shut down access to websites. The hijacked servers could also send the internet traffic to hacker-controlled domains designed to log your information, including passwords.
Making matters worse: the vulnerability is wormable; a hacker could unleash an automated attack on the internet designed to hijack one server and then another, resulting in numerous hijacked Windows DNS servers.
Fortunately, Microsoft released a patch, which is already rolling out to machines with automatic updates enabled. Still, the company has rated the flaw’s base severity with the highest possible 10.0 risk score, and says it affects all Windows server versions. Only machines used for DNS purposes are vulnerable, though.
“Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible,” the company wrote in a security advisory.
Check Point discovered the flaw in May, and reported it to Microsoft. However, the security firm warns it’s possible other groups may have uncovered details of the vulnerability. As a result, it’s urging corporations and IT administrators to install the patch as soon as possible.
“This vulnerability has been in Microsoft code for more than 17 years; so if we found it, it is not impossible to assume that someone else already found it as well,”