Microsoft fixes 17-year-old critical ‘wormable’ vulnerability in Windows DNS Server

Microsoft has discovered and patched a 17-year-old severe and problematic vulnerability in Windows DNS servers.

The vulnerability, dubbed ‘SigRed’ — discovered by Check Point researchers — allowed attackers to crafted malicious DNS queries to a Windows DNS server and execute arbitrary code against targets, thus gain control of the entire infrastructure. Attackers could intercept and interfere with users’ email and network traffic, as well as disrupt services and steal user credentials.

Microsoft has assigned the vulnerability CVE-2020-1350, the highest possible risk score in the Vulnerability Scoring System. Because the attacks exploiting this vulnerability can spread from computer to computer without any human interaction — similar to the ransomware WannaCry that affected 300,000 computers in 2017. 

SigRed is, therefore, considered “wormable.”

The vulnerability has affected all versions of Windows Server, according to Microsoft itself. Fortunately, Microsoft claims that no hacker has yet exploited the vulnerability.

Although, according to Omri Herscovici — head of Check Point vulnerability research team — “It requires no interaction. And not only that, once you’re inside the domain controller that runs the Windows DNS server, expanding your control to the rest of the network is really easy. It’s basically game over.” — reports Wired

He also added, “Every organization, big or small using Microsoft infrastructure, is at major security risk, if left unpatched. The risk would be a complete breach of the entire corporate network.

The patch has been released outside of Patch Tuesday — the security patch typically released by Microsoft on the first Tuesday of each month. You must update your computer or server since, as we say, it is a very old bug. Download and install the update from Settings.

Bhasker Das
Bhasker Das
Bhasker Das, with a master's in Cybersecurity, is a seasoned editor focusing on online security, privacy, and protection. When not decrypting the complexities of the cyber world, Anu indulges in his passion for chess, seeing parallels in strategy and foresight.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More from this stream