Windows DNS servers susceptible to SigRed flaw worm

July 16, 2020

"A critical 17-year-old vulnerability has been uncovered in all Windows DNS servers, with administrators being urged to apply a workaround or patch from Microsoft as soon as possible.

The vulnerability, which has been given the name SigRed, was uncovered by Check Point Research and assigned the reference CVE-2020-1350.

The vulnerability stems from a flaw in how Windows DNS server handles signature (SIG) record queries.

A malicious SIG record over 64 kilobytes in size causes a heap buffer overflow allowing attackers to execute code with high privileges remotely, and take over vulnerable servers remotely.

Researchers are concerned that the vulnerability is easy to exploit, and that it will be incorporated in self-propagating malware, “worms” that spread uncontrollably."

"Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction,” explains Mechele Gruhn,  a principal security program manager at Microsoft. “Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.”

Researchers at Check Point discovered the security flaw in Windows DNS and reported it to Microsoft back in May. If left unpatched, it leaves Windows servers vulnerable to attacks, although Microsoft notes that it hasn’t found evidence that this flaw is being exploited yet.

A patch to fix the exploit is available across all supported versions of Windows Server today, but the race is on for system administrators to patch servers as quickly as possible before malicious actors create malware based on the flaw."

Sources: itnews and The Verge

Cover Image Courtesy: