Microsoft Corporation on Patch Tuesday addressed 123 vulnerabilities -- 18 of them critical -- including a "wormable" flaw in Windows DNS Service that could be leveraged to execute remote code in the context of the Local System Account and then spread malware across various network devices.
Officially designated CVE-2020-1350, the wormable flaw is caused by the improper handling of requests, and therefore can be exploited via malicious requests to a Windows servers configured as DNS servers.
"DNS is a foundational networking component and commonly installed on Domain Controllers, so a compromise could lead to significant service interruptions and the compromise of high level domain accounts," Microsoft warns in an advisory. "The vulnerability stems from a flaw in Microsoft’s DNS server implementation and is not the result of a protocol level flaw, so it does not affect any other non-Microsoft DNS server implementations."
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.