Microsoft has listed the vulnerability as CVE-2020-1350 and brought its fix through its Patch Tuesday release.
Microsoft has asked system administrators to patch the vulnerability as quickly as possible
Microsoft has released a patch to fix a critical, 17-year-old vulnerability in Windows DNS Server that has been classified as a “wormable” flaw. Named “SigRed”, the latest vulnerability is found to have an impact on Windows Server versions 2003 to 2019. It could allow an attacker to compromise a Windows Server-based corporate infrastructure once exploited and can leak emails as well as network traffic of an organisation after receiving malicious domain name system (DNS) queries through a vulnerable server. A single exploit can cause a series of reactions and let attackers gain access from one computer to another.
Check Point researcher Sagi Tzaik discovered the security flaw in the Windows DNS Server and disclosed the findings on May 19 to Microsoft. The software giant acknowledged the issue, which has been listed as CVE-2020-1350, and brought a fix through its Patch Tuesday release on Tuesday. Moreover, Microsoft has assigned the highest possible risk score of 10 on the Common Vulnerability Scoring System (CVSS). This is higher than the 8.5 score given to the flaws resulting in the WannaCry ransomware attack back in May 2017.
“Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction,” noted Mechele Gruhn, Principal Security Program Manager, Microsoft Security Response Center, in a blog post. “While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.”
Microsoft has provided the patch for all Windows DNS Server versions. A registry-based workaround has also been given for system administrators to fix the flaw without requiring to restart their servers. However, the administrators need to take quick action as a short delay could allow bad actors to impact their entire infrastructure and let them gain access to emails and network traffic drive through the server.
As Tzaik detailed in his research, the newly found vulnerability could be triggered by a malicious DNS response sent from a Web browser connected in the local area network (LAN) environment. A single exploit could also allow attackers to compromise multiple systems — one after another — and spread throughout an organisation's network.
“A DNS server breach is a very serious thing,” said Omri Herscovici, Check Point's Vulnerability research team leader, in a prepared statement. “Most of the time, it puts the attacker just one inch away from breaching the entire organisation. There are only a handful of these vulnerability types ever released.”
This is notably the third critical vulnerability Microsoft has fixed in July — following the earlier two CVE-2020-1425 and CVE-2020-1457 vulnerabilities affecting Windows 10 and Windows Server distributions. However, the new vulnerability is limited to Windows DNS Server implementation and has no impact on Windows 10 or its other versions.
Is Mi Notebook 14 series the best affordable laptop range for India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.