Microsoft has announced that it has patched a 17 year old exploit in Windows Server, the news was announced yesterday in a security update. The security flaw was originally discovered by Check Point.
The exploit was classed as a ‘wormable’ vulnerability which could be used to spread malware, you can find out more details below.
Today we released an update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are not affected.
Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction. Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.
You can find out more information about this security flaw over at Microsoft’s website at the link below.