Microsoft vulnerability could affect dental practices using Windows Server as domain controller

The Cybersecurity and Infrastructure Security Agency is encouraging private businesses that use Microsoft Windows Server in a domain controller role to apply a security update released in August. The update addresses a vulnerability that could allow an unauthenticated attacker to obtain domain administrator access, according to an agency alert.

Dental practices that have a Windows Server domain controller in their office environment should work with their technical support resources to make sure this vulnerability is addressed as soon as possible.

On Windows Server operating systems, a domain controller is a server that responds to security authentication requests, such as a request to log on to the server. The vulnerability affects the mechanism for authenticating user accounts, according to Microsoft.

The vulnerability could allow an attacker to impersonate a domain-joined computer, including a domain controller, according to a note on the vulnerability prepared by the Computer Emergency Response Team Coordination Center at Carnegie Mellon University’s Software Engineering Institute. The attacker could then set an empty password for the domain controller's Active Directory computer account, causing a denial of service and potentially allowing the attacker to gain domain administrator privileges.

Active Directory is a directory service included in Windows Server operating systems. The compromise of that infrastructure could have a significant and costly impact, the note states.

Code to exploit the vulnerability was publicly released in early September, leading the Cybersecurity and Infrastructure Security Agency to believe attacks are occurring, according to the agency alert. The agency released an emergency directive Sept. 18 requiring U.S. government executive branch departments and agencies to apply the update, and it also recommends that others, including private businesses and state and local governments, take the same action to patch the vulnerability.