A "wormable" flaw found in the Windows DNS server, Microsoft urges admins to install the patch ASAP.

Photo: Science in HD

From: Unsplash

Microsft released a security patch for the Windows DNS server to fix a wormable vulnerability that can breach the entire company's infrastructure. Windows warns the system administrators to install the patch immediately as someone can create a malware that can remotely execute a code that can breach the entire corporate network.

Microsoft has also released a workaround if system admins cannot patch the server immediately, once the workaround has implemented some queries to the server can be left unanswered but for a meanwhile its necessary until the servers are patched.

 Mechele Gruhn, Principal Security PM Manager at MSRC wrote in Microsoft's blog  that "Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction. Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible."

Microsoft rated the vulnerability at 10 which is the highest rating a vulnerability can get according to the CVSS base score, which explains the severity of the flaw, however, this vulnerability will not affect non-Microsoft servers or Windows 10 devices.

Also Read: Microsoft Edge surpasses Firefox to become the second most popular web browser

The flaw was first found out by the researchers at Check Point, they took this into Microsoft's notice back in May, Check Point says that this vulnerability has existed in Microsoft servers for 17 years and warns that it is possible that someone is aware of the vulnerability and can create malware to take advantage of the situation.

Check Point’s vulnerability research team leader Omri Herscovici said that "A DNS server breach is a very serious thing, there are only a handful of these vulnerability types ever released. Every organization, big or small using Microsoft infrastructure is at major security risk, if left unpatched. The risk would be a complete breach of the entire corporate network. This vulnerability has been in Microsoft code for more than 17 years; so if we found it, it is not impossible to assume that someone else already found it as well."

However, Microsoft said that it hasn't found a case where a server is exploited because of this vulnerability, Microsoft says that customers who have enabled auto-updates don't have to take any additional steps to fix this issue.

Via, The Verge.