Checkpoint Security has found {that a} wormable exploit in Windows Domain Name System Server that might result in a heap-based buffer overflow which might permit hackers to intercept and intrude with customers’ emails and community site visitors, tamper with companies, steal customers’ credentials and extra.
Dubbed SigRed, Microsoft explains in CVE-2020-1350 (Windows DNS Server Remote Code Execution Vulnerability):
A distant code execution vulnerability exists in Windows Domain Name System servers once they fail to correctly deal with requests. An attacker who efficiently exploited the vulnerability might run arbitrary code within the context of the Local System Account. Windows servers which can be configured as DNS servers are in danger from this vulnerability.
To exploit the vulnerability, an unauthenticated attacker might ship malicious requests to a Windows
Microsoft has scored the vulnerability a 10/10 on the Common Vulnerability Scoring System. Microsoft says they haven’t seen the vulnerability being exploited within the wild and have fortuitously launched a patch.
“A DNS server breach is a very serious thing. Most of the time, it puts the attacker just one inch away from breaching the entire organization,” stated Omri Herscovici, Check Point’s vulnerability analysis staff chief. “This vulnerability has been in Microsoft code for more than 17 years; so if we found it, it is not impossible to assume that someone else already found it as well.”
Microsoft has launched patches for Windows Server 2008 and upwards. Find them at Microsoft right here.