This unpatched DNS bug could put ‘well-known’ IoT devices at risk

This unpatched DNS bug could put ‘well-known’ IoT devices at risk

‘It might mean that you’re sitting next to your Windows 10 device, and it might also mean you’re connected to an IoT device and you’re not exactly sure what it is,’ explains Steve Salke, vice president, FIND IoT.

‘We’re confident that in the highly vulnerable IoT system found in Windows 10 and that their DNS vulnerabilities are quite fixed with only a few microseconds of downtime, then security is likely to be as good as it, and it will be one of the most exciting IoT experiences in years.’

The flaw can allow remote code execution for unknown reasons.

In a post on the Bugzilla forum, Salke says he is confident the vulnerability was not discovered by the public until about 8am CET this morning.

‘What we know at the moment is that at least some of these devices are vulnerable,’ he says.

‘In addition to using this flaw as a means of storing malicious code, perhaps if you were connected to the same domain on multiple computers as I am, it may also help to create a’serious’ news story.

‘Most sites exploiting this vulnerability have been cautious about bug sharing, and it can be an indicator of something potentially important going on.’

But the technical risks of a flaw like the one Salke is looking for are still very much in the wild.

If you’re not at a risk, which I do, you’re not going to sell your Linux or Mac computers to the security folks, you’re not going to pay $100 for a laptop or $50 for a tablet – it’s not worth it.

‘It’s not like the government is banning me from using [Microsoft’s Windows 10] apps – it’s just that I have such an ingrained knowledge of Windows 10 that I can’t really protect myself from it.’

Indeed, many of the apps on the market today are vulnerable to the RFS vulnerability – which can allow changes to occur remotely and cause havoc with your Internet connection.

No-one can exploit this flaw without a known vulnerability in the code of the system, according to Salke.

‘However, we don’t know where the actual exploit is, and the same is true for the vulnerabilities we sell,’ he claims.

The risks vary between companies, but security experts are concerned the availability of specific software will pose a significant security risk.

‘For instance, we’ve mentioned that three of our two major vendor (Microsoft) products for this year – Windows 10 Home 12.1 and Windows 10 Premium 8.1, and Windows 10 Mobile 11.1 – are running on devices that don’t have this vulnerability,’ says Salke.

‘It would be wise to make sure you have an adequate firewall on a device, with even stronger underwriting.

‘Do you have an added layer of firewall protection, or does that really take away from your overall security?’

It’s also not uncommon for software to appear in the wrong place at the wrong time.

‘It’s not like we’re all fighting a ‘Virus’ attack on our devices – it’s just that we are working on new software that works correctly for us, and the security aspect of this is extremely important.

‘It’s important to note that we may be putting software backwards from what was because of this vulnerability in the kernel.

‘The reason we’re putting software backward is because there’s a vulnerability that we can exploit that we can’t in fact exploit, so finding out which vulnerability is on Windows is a very important part of doing research.’

Most people can’t.

The Microsoft Edge browser plug-in does, however, allow for some applications to appear on your home computer.

For example, Windows 10 Edge’s company-wide app maker, Gnu Green, can appear on all your computers.

The flaw allows remote code execution for unknown reasons

The flaws

๐Ÿ””ALL TEXT IN THIS POST IS COMPLETELY FAKE AND AI GENERATED๐Ÿ””
Read more about how it’s done here.

Start the discussion