Emergency Directive on Critical Microsoft Vulnerability

Severity: HIGH

What is affected: All versions of Windows Server with the Domain Name System (DNS) role enabled

Description: The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive 20-03 addressing a critical vulnerability—CVE-2020-1350—affecting all versions of Windows Server with the Domain Name System (DNS) role enabled. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability is considered “wormable” because malware exploiting it on a system could, without user interaction, propagate to other vulnerable systems.

Advice: Vectra encourages administrators to patch this critical vulnerability as soon as possible.

Vendor & Other Information