A crucial system of software company Microsoft appears to have a major security hole. The company released a repair tool on Tuesday and calls on administrators of company computer systems to install it immediately, before malicious parties come in. The general public does not have to do anything.
The problem is in a system called Microsoft DNS. Computer servers use Microsoft DNS to store information. Anyone looking for information is guided by the system to the right place. It is one of the most important building blocks of the internet.
But it turns out to be possible to fool the system. Those who manage to enter a system through the hole can take over complete business systems, intercept emails, and steal credentials. In addition, the hole can be used as a springboard for subsequent attacks, without a victim having to do anything to let the attackers in. Then a chain reaction of infections arises. The hole is called “wormable”.
As far as Microsoft knows now, the hole has not yet been abused. The vulnerability has been given the name SigRed. Microsoft has a method for identifying the vulnerability vulnerability. On a scale of 1 to 10, SigRed scores a 10. The hole has been around for seventeen years, but was only recently discovered by Israeli cybersecurity Check Point.
That warned Microsoft in May. It was then held silent for two months, giving Microsoft time to develop a repair tool.
“Any company, small or large, that uses Microsoft infrastructure is at high security risk” as long as the gap is not closed, says Omri Herscovici of Check Point. The company does not provide full details of the vulnerability, at the request of Microsoft, not to give malicious parties too much information.
Source: Belga
–
