The company urges organizations to waste no time in installing updates to fix the vulnerability that rates a ‘perfect’ 10 on the severity scale
Microsoft has released a patch addressing a vulnerability that has been present in Windows Domain Name System (DNS) Server for no fewer than 17 years. Dubbed SIGRed, this critical Remote Code Execution (RCE) vulnerability affects all Windows Server versions 2003 through 2019 and, if exploited, could be used to compromise a company’s entire IT infrastructure.
Tracked as CVE-2020-1350, the vulnerability was classified as “wormable” and earned the highest possible score of 10.0 on the Common Vulnerability Scoring System (CVSS) severity scale.
“Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction,” said Mechele Gruhn, a principal security program manager at Microsoft. “While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible,” she added.
Much the same message was dispatched by the United States Cybersecurity and Infrastructure Security Agency (CISA).
Microsoft has released an update addressing a “wormable” RCE vulnerability, CVE-2020-1350, in Windows DNS Server. Update asap! https://t.co/yjvpIgZbA3 #Cybersecurity #Inf ..
Support the originator by clicking the read the rest link below.