Microsoft Fixes a Critical Windows DNS Server Vulnerability That Could Let Attackers Steal Corporate Details

Microsoft has released a patch to fix a critical, 17-year-old vulnerability in Windows DNS Server that has been classified as a “wormable” flaw. Named “SigRed”, the latest vulnerability is found to have an impact on Windows Server versions 2003 to 2019. It could allow an attacker to compromise a Windows Server-based corporate infrastructure once exploited and can leak emails as well as network traffic of an organisation after receiving malicious domain name system (DNS) queries through a vulnerable server. A single exploit can cause a series of reactions and let attackers gain access from one computer to another.

Check Point researcher Sagi Tzaik discovered the security flaw in the Windows DNS Server and disclosed the findings on May 19 to Microsoft. The software giant acknowledged the issue, which has been listed as CVE-2020-1350, and brought a fix through its Patch Tuesday release on Tuesday. Moreover, Microsoft has assigned the highest possible risk score of 10 on the Common Vulnerability Scoring System (CVSS). This is higher than the 8.5 score given to the flaws resulting in the WannaCry ransomware attack back in May 2017.

“Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction,” noted  Mechele Gruhn, Principal Security Program Manager, Microsoft Security Response Center, in a blog post. “While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.”

Microsoft has provided the patch for all Windows DNS Server versions. A registry-based workaround has also been given for system administrators to fix the flaw without requiring to restart their servers. However, the administrators need to take quick action as a short delay could allow bad actors to impact their entire infrastructure and let them gain access to emails and network traffic drive through the server.

As Tzaik detailed in his research, the newly found vulnerability could be triggered by a malicious DNS response sent from a Web browser connected in the local area network (LAN) environment. A single exploit could also allow attackers to compromise multiple systems — one after another — and spread throughout an organisation's network.

“A DNS server breach is a very serious thing,” said Omri Herscovici, Check Point's Vulnerability research team leader, in a prepared statement. “Most of the time, it puts the attacker just one inch away from breaching the entire organisation. There are only a handful of these vulnerability types ever released.”

This is notably the third critical vulnerability Microsoft has fixed in July — following the earlier two CVE-2020-1425 and CVE-2020-1457 vulnerabilities affecting Windows 10 and Windows Server distributions. However, the new vulnerability is limited to Windows DNS Server implementation and has no impact on Windows 10 or its other versions.

Is Mi Notebook 14 series the best affordable laptop range for India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.