Skip to main content

Microsoft warns over critical Windows DNS Server bug found to be 'wormable'

(Image credit: Pixabay.com)

Microsoft has issued a patch for a Windows DNS Server vulnerability classified as “wormable”, which could be used by criminals to compromise an entire business network.

The Redmond software giant has urged all administrators to update their systems to the latest version as soon as possible to mitigate the risk of attack. Those with automatic updates turned on do not need to take any action, the company confirmed.

The vulnerability, discovered in May by researchers from cybersecurity firm Check Point, has existed for 17 years and affects all Windows DNS Server versions. According to The Verge, Windows 10 and other client versions of the operating system are not affected by the flaw.

By the Common Vulnerability Scoring System (CVSS), the bug was given a 10/10 score for severity. For comparison, WannaCry was allocated a severity score of 8.5.

“Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction,” explained Mechele Gruhn, Principal Security Program Manager at Microsoft, in a blog post.

“Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.”

Microsoft also detailed a registry-based workaround, for admins unable to update systems immediately.