Microsoft has discovered and patched a 17-year-old severe and problematic vulnerability in Windows DNS servers.
The vulnerability, dubbed ‘SigRed’ — discovered by Check Point researchers — allowed attackers to crafted malicious DNS queries to a Windows DNS server and execute arbitrary code against targets, thus gain control of the entire infrastructure. Attackers could intercept and interfere with users’ email and network traffic, as well as disrupt services and steal user credentials.
Microsoft has assigned the vulnerability CVE-2020-1350, the highest possible risk score in the Vulnerability Scoring System. Because the attacks exploiting this vulnerability can spread from computer to computer without any human interaction — similar to the ransomware WannaCry that affected 300,000 computers in 2017.
SigRed is, therefore, considered “wormable.”
The vulnerability has affected all versions of Windows Server, according to Microsoft itself. Fortunately, Microsoft claims that no hacker has yet exploited the vulnerability.
Although, according to Omri Herscovici — head of Check Point vulnerability research team — “It requires no interaction. And not only that, once you’re inside the domain controller that runs the Windows DNS server, expanding your control to the rest of the network is really easy. It’s basically game over.” — reports Wired.
He also added, “Every organization, big or small using Microsoft infrastructure, is at major security risk, if left unpatched. The risk would be a complete breach of the entire corporate network.“
The patch has been released outside of Patch Tuesday — the security patch typically released by Microsoft on the first Tuesday of each month. You must update your computer or server since, as we say, it is a very old bug. Download and install the update from Settings.