1 min read

Microsoft Patches 17-Year-Old Windows Vulnerability with CVE 10.0 Score

Silviu STAHIE

July 15, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Microsoft Patches 17-Year-Old Windows Vulnerability with CVE 10.0 Score

Microsoft patched a serious Windows DNS Server vulnerability with a CVE score of 10.0, and the latest indication is that it hasn”t been used in the wild in any current attacks.

Microsoft issues updates each month, usually fixing a variety of security issues and other vulnerabilities. There are always a few critical ones but, unless the vulnerability is used in attacks, Microsoft waits for patch Tuesday.

Since Windows is such a large ecosystem, odds are that many vulnerabilities are still undiscovered, not to mention possible vulnerabilities that have yet to be introduced into the code. What sets the CVE-2020-1350 apart is that it has a CVSS score of 10.0, which is not very common.

It’s a wormable vulnerability in the Windows DNS Server, allowing bad actors to infect other computers, remotely, without user interaction.

“This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are not affected,” says Microsoft. “Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction. Windows DNS Server is a core networking component.”

This type of security issue is the textbook reason why users should always keep their systems up to date. If installing the update is not possible, Microsoft offers a registry-based workaround, although that’s not an ideal situation.

Of course, while it looks like the vulnerability wasn’t used, bad actors will take the patch and figure out how to exploit it. And since the vulnerability is present in all Windows Server versions starting with 2003, it’s likely that numerous users will fail to apply the patch, leaving them exposed to future attacks.

A good example is BleeKeep, a vulnerability found in Microsoft’s Remote Desktop Protocol and patched more than a year ago. To this day, there are numerous Windows machines still vulnerable to BlueKeep.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Phishers Targeting Victims with ‘Free’ PCR Test for Omicron COVID-19 Variant Phishers Targeting Victims with ‘Free’ PCR Test for Omicron COVID-19 Variant
Filip TRUȚĂ

December 03, 2021

2 min read
WordPress Plugin Vulnerability Affected More than 80,000 Websites; Patch Is Now Out WordPress Plugin Vulnerability Affected More than 80,000 Websites; Patch Is Now Out
Silviu STAHIE

December 03, 2021

1 min read
Man charged with Ubiquiti data breach and extortion was employee assigned to investigate hack Man charged with Ubiquiti data breach and extortion was employee assigned to investigate hack
Graham CLULEY

December 03, 2021

2 min read