Checkpoint Security has discovered that a wormable exploit in Windows Domain Name System Server that could lead to a heap-based buffer overflow which would allow hackers to intercept and interfere with users’ emails and network traffic, tamper with services, steal users’ credentials and more.
Dubbed SigRed, Microsoft explains in CVE-2020-1350 (Windows DNS Server Remote Code Execution Vulnerability):
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.
To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows
Microsoft has scored the vulnerability a 10/10 on the Common Vulnerability Scoring System. Microsoft says they have not seen the vulnerability being exploited in the wild and have fortunately released a patch.
“A DNS server breach is a very serious thing. Most of the time, it puts the attacker just one inch away from breaching the entire organization,” said Omri Herscovici, Check Point’s vulnerability research team leader. “This vulnerability has been in Microsoft code for more than 17 years; so if we found it, it is not impossible to assume that someone else already found it as well.”
Microsoft has released patches for Windows Server 2008 and upwards. Find them at Microsoft here.