Critical Microsoft Alert and Patching Update

As part of the July “Patch Tuesday”, Microsoft released a total of 123 CVEs (or “Common Vulnerabilities or Exposures”). That comes on the back of a record breaking number of June CVEs totaling 129.

The year on year volume of CVEs from Microsoft is increasing rapidly, with 2020 totaling 657 so far. We are not far from eclipsing the 2019 amount of 741.

There are many reasons for the increases we are seeing. Bounty programs are proving popular and drawing more Network Engineers and Developers into a security consultant role. Commercial Security firms are also spending more time on public announcements to demonstrate their internal team’s core competencies. There is also concern for State sponsored discovery and dark web commercialization of the exploits, both pushing companies to fix an issue once it has been reported.

As our boundaries between work and personal use of technology continue to blend, the depth of software and entry points to Data continues to grow too. This increase in attack vectors also increases the classification of Vulnerabilities when taken into context for a firms data security.

In summary – awareness by ethical hackers and the accountability of Businesses by regulators is driving up the discovery and remediation of Vulnerabilities.

This month, 17 CVEs are classed as critical, one in particular is raising concern for immediate action, ranking at a CVSS (Common Vulnerability Scoring System) Score of 10/10.

Gaining a 10/10 score on CVSS indicates a very high threat of Remote Code Execution (or RCE) , which means the exploit is capable of running an application on the target system and in this scenario, compromising with full privileges. The threat is further increased as the code could also act as a self-sustaining virus known as a ‘worm’, continuing to infect other systems without any User interaction.

To Date – No known exploits are currently available in the wild, however conceptual designs around malformed websites, emails, and documents with links are circulating. Due to the common use of Microsoft Windows DNS Services within a corporate environment, we strongly recommend that either the work around registry key or Microsoft patch be deployed as soon as possible.

 

Implement the security updates:

 

Follow the guidance set forth by Microsoft here, to either patch or prevent the exploit.

For additional information, please visit:

https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/

For additional information about vulnerability management, and how Drawbridge can help, please visit: DrawbridgeConnect-R