Windows DNS Server Remote Code Execution Vulnerability

To our valued customers
Microsoft has just released a patch for a critical vulnerability in their Windows DNS Server software.
Microsoft has given this vulnerability the maximum score of 10/10 according to the Common Vulnerability Scoring System (CVSS). This means that if it were exploited, an attacker could gain Administrator privileges and quickly spread to other vulnerable computers within a network potentially compromising all critical IT infrastructure within minutes. A proof of concept attack has been successfully demonstrated, which affects all Windows Server 2003 through 2019 running DNS server. Therefore, it is imperative to apply these patches as quickly as possible. Microsoft has just released a patch, and we expect researchers will soon publish the details of their findings making it publicly available to good and bad actors alike. Timely patch management is a simple and effective solution to this and many other potentially devastating emerging threats on the horizon. More information regarding Microsoft’s patch is here, including their internal assessment and CVE (Common Vulnerability & Exploits) score.
For our Managed Services Gold and Silver customers:
Good news! No action is needed – your environment is already patched.
Our current Managed Services and Managed Security Services clients will automatically receive this update as part of their Patch Management or Vulnerability Risk Management programs.
If you are not currently one of our Managed Services or Managed Security Services clients,
We can still remediate these issues for you at your request. With the amount of cyber-attacks steadily increasing, if you’re not yet leveraging Managed Security Services, it may be time to add that to your arsenal. Take action now

Leave a Reply

No comments