Windows DNS flaw allows hackers to seize control of corporate servers

Businesses are urged to patch the critical 17-year-old bug present in Window Server versions 2003 to 2019

Hackers can exploit a critical vulnerability in the Windows DNS server to gain domain administrator rights over company assets, spread malware silently, and compromise an entire corporate infrastructure.

Companies are being advised to urgently patch their systems to protect against a wormable flaw, assigned CVE-2020-1350, and dubbed SIGRed, which affects Windows Server versions from 2013 to 2019.

The flaw has been rated 10/10 on the CVSS scale too, according to cyber security experts with Check Point Research (CPR), meaning it’s highly dangerous, highly exploitable, and relatively straightforward to execute.

The flaw lies in the way the Windows DNS server parses incoming DNS queries, triggering a heap-based memory buffer overflow. This allows cyber criminals to create malicious DNS queries to Windows DNS servers and take control.

Exploiting the vulnerability can allow hackers to seize control of corporate servers by gaining administrative rights, and eventually compromise a company’s entire IT infrastructure. From here, attackers can intercept and manipulate corporate emails and network traffic, make services unavailable, harvest user credentials, and do much more.

“A DNS server breach is a critical issue,” said CPR’s vulnerability research team leader Omri Herscovici. “Most of the time, it puts the attacker just one inch away from breaching the entire organization.

"There are only a handful of these vulnerability types ever released. Every organization, big or small using Microsoft infrastructure is at major security risk if this flaw is left unpatched.”

Related Resource

Enhancing subscriber services through DNS

Easily expand delivery of value-added security services through a cost-effective DNS-based approach

Download now

The vulnerability has been in Microsoft code for more than 17 years, Herscovici added, meaning that if his team found it, it’s not impossible to assume others with more malicious intent already have as well. His team’s findings also show that no matter how secure enterprises may feel they are, there are always more security issues out there waiting to be discovered and exploited. 

The SIGRed vulnerability is on par with the likes of EternalBlue, also known as WannaCry, and BlueKeep, which exploited Microsoft’s Server Message Block (SMB) and Remote Desktop Protocol (RDP) respectively. Herscovici continued to say businesses should urgently patch their systems to avoid falling victim.  

CPR disclosed its findings to Microsoft on 19 May, before the company acknowledged the security flaw and issued a patch as part of the latest Patch Tuesday, on 14 July 2020. Beside assigning SIGRed the highest possible CVSS score, Microsoft deemed it wormable, meaning the vulnerability is capable of spreading across a network silently and without any user interaction.

Featured Resources

2021 Thales access management index: Global edition

The challenges of trusted access in a cloud-first world

Free download

Transforming higher education for the digital era

The future is yours

Free download

Building a cloud-native, hybrid-multi cloud infrastructure

Get ready for hybrid-multi cloud databases, AI, and machine learning workloads

Free download

The next biggest shopping destination is the cloud

Know why retail businesses must move to the cloud

Free Download

Recommended

Cyber attacks on manufacturing up 300% in a year
Security

Cyber attacks on manufacturing up 300% in a year

11 May 2021

Most Popular

HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021