Is your organization leaking sensitive Dynamic DNS data? Here’s how to find out

At Black Hat on Wednesday, Wiz researchers disclosed a vulnerability in DNS hosting services that affects millions of corporate endpoints.

1 min read

At Black Hat on Wednesday, Wiz researchers disclosed a vulnerability in DNS hosting services that affects millions of corporate endpoints. AWS and Google have already patched the vulnerability, but many other DNS providers and their customers may still be at risk of leaking sensitive internal network data.

To protect themselves, organizations are advised to ensure their Dynamic DNS settings are configured correctly. To check if your organization is vulnerable, we’ve released the Dynamic DNS Checker, a free online tool that tests DNS configuration.

What is the vulnerability?

The Dynamic DNS Leak is a vulnerability affecting Windows endpoints that can expose Dynamic DNS traffic that should never leave an internal network. A malicious actor could exploit this vulnerability to learn your organization’s computer names, internal and external IP addresses, employee names and locations, and more.

For details on the vulnerability, check out our blog post here.

We're urging DNS providers to fix the underlying nameserver hijacking issue that leaves customers exposed (Amazon Route53 and Google have already done so). But ultimately, customers are responsible for configuring their DNS resolvers properly so dynamic DNS updates do not leave their internal network.  Every organization should take steps to prevent their data from leaking.

How can I check if I am vulnerable?

Our research team created a free tool to check if your domain is vulnerable. The tool checks the SOA record of your domain to see if it is misconfigured. If it is, the tool looks for suspicious domain names on the nameserver to alert customers of an active exploitation risk.

What can I do to fix it?

Organizations should properly configure their SOA records on public DNS providers to point to an invalid domain they own or to a valid internal Dynamic DNS server. Organizations who have their SOA records configured properly are not affected by this vulnerability.

In the figure below you can see a sample configuration that prevents this vulnerability from being exploited.

Tags:
#Research

Secure everything you build and run in the cloud

Organizations of all sizes and industries use Wiz to rapidly identify and remove the most critical risks in AWS, Azure, GCP, OCI, and Kubernetes so they can build faster and more securely.

Continue reading

$100M ARR in 18 months: Wiz becomes the fastest-growing software company ever

Just two years since its launch, Wiz protects hundreds of the world’s leading organizations by enabling them to build faster and more securely in the cloud

Wiz expands board and executive team with top security leaders from DocuSign, Aon, Meta and Okta

Wiz continues momentum with addition of security luminary Emily Heath to board of directors; expands executive team to lead hyper-growth

Meet new Wiz board member Emily Heath

Q&A: Why Wiz caught the attention of DocuSign’s Former CTSO