Cyber security researchers have uncovered a series of new DNS vulnerabilities which could impact more than 100 million internet connected devices worldwide.
California based software company, Forescout, partnered with JSOF Research, disclosed nine vulnerabilities – collectively known as NAME:WRECK – affecting four popular TCP/IP stacks (FreeBSD, Nucleus NET, IPnet, and NetX).
These vulnerabilities enable either remote code execution or denial of service, with sectors including government, healthcare, manufacturing, and retail at risk.
In the UK alone it is estimated that around 36,000 devices could be affected. Forescout and JSOF have recommended a series of mitigations, which can be found here.
The NCSC has published guidance for the management of public domain names, which has been written for administrators of public and private sector organisations of all sizes.
Information on the NCSC’s Protective DNS (PDNS), including eligibility criteria, can be found here.
NCSC recommends organisations install critical Microsoft Exchange updates
The NCSC has issued an alert this week encouraging organisations to install new security updates released for Microsoft Exchange Server as soon as practicable.
As part of its scheduled update cycle, Microsoft released more than 100 security patches, some of which address critical severity vulnerabilities in versions of Microsoft Exchange Server.
While the NCSC has no information to suggest these vulnerabilities are being actively exploited, the alert recommends that organisations as a first step should install the latest updates immediately. This follows reporting last month of vulnerabilities in Exchange servers being targeted for attackers.
The affected versions of Microsoft Exchange Server are:
- Exchange Server 2013
- Exchange Server 2016
- Exchange Server 2019
Exchange servers were in the news following exploitation of vulnerabilities last month. The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities.
More information about installing the updates for Microsoft Exchange Server can be found on the company’s Exchange Team blog.
UK and US call out Russia for SolarWinds compromise
The UK and US have revealed for the first time that Russia’s Foreign Intelligence Service (SVR) was behind a series of cyber intrusions, including the SolarWinds compromise.
The National Cyber Security Centre (NCSC), a part of GCHQ, assesses that it is highly likely the SVR was responsible for gaining unauthorised access to SolarWinds Orion software and subsequent targeting.
The NCSC has previously published guidance for organisations on this compromise:
You can read the Foreign Secretary’s statement on this action in full on GOV.UK.