It seems that 2020 can’t go a couple of weeks without another disaster, but a Common Vulnerabilities and Exposures (CVE) was released to the world on the 14th July 2020, which could have drastic consequences.
A Common Vulnerabilities and Exposures, or CVE, is basically known vulnerabilities in software/hardware that can be exploited for malicious purposes. As a managed support company, we monitor these closely so we can keep everything patched and secure.
CVE-2020-1350 (which looks like has been around for 17 years!) exploits the way that DNS works. Very simply DNS is what turns ‘coffeecupsolutions.com’ into an IP address in which the website lies, it’s basically a postal address so you know how to get to us, it’s used all day every day by everyone, so when there’s potential for it to be used in a malicious way, it’s critical that this is fixed.
Imagine the following scenario (explained perfectly by Tal Be’ery on Twitter);
- You open an email from an attacker
- Theres a picture in the email which makes your DNS server (which for a lot of people in offices will be their Domain Controller) resolve the domain to their malicious DNS server
- Their malicious DNS server sends a response which when returned infects the Domain Controller with malware
- They now have Domain Administrator rights on the server
For clarification sake, a Domain Controller is what controls Active Directory, this essentially is what will manage your business servers, from users, email to file storage. A Domain Administrator as I’m sure you can guess has free reign (very generalised here, things can be locked down in different ways, etc) but generally over your Active Directory.
So what does that mean for our customers? Well, nothing we’ve already applied the workaround to every DNS server we look after and then each server will be patched in accordance to your patch cycle, it’s all silent, behind the scenes protection that we offer to all of our managed support customers. With smart systems in place, it took less than 5minutes to apply the workaround fix to every DNS server we look after.
If you don’t use us for a managed support, it might be worth asking your current IT provider if they’ve protected you, or give us a call on 0118 38 42 175 so we can ensure you stay protected…without having to ask for it!