New Case Study: Threat Hunter finds renamed system utilities by file hash to uncover multiple attacks   

Read Case Study

Search

Windows DNS Bug Found After 17 Years

July 15, 2020

Sagi Tzadik of Check Point Research has recently uncovered a 17-year-old flaw within Windows Server’s DNS implementation. The flaw, dubbed SIGRed, was given CVE number CVE-2020-1350 and rated a 10 on the Common Vulnerability Scoring System (CVSS). SIGRed is a wormable exploit affecting Windows Server 2003 all the way through Server 2019 that is triggered through a malicious DNS response. Because the DNS service runs with SYSTEM level privileges, successful attacks could grant an attacker full domain administrator access.

Analyst Notes

SIGRed is a critical-level vulnerability that should be patched immediately. Microsoft has released a fix as part of the normal Patch Tuesday cycle. To find the individual patch for a specific version of Windows Server, see Microsoft’s advisory at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350. If you are unable to apply the patch, a workaround was also released that should be used only as a last resort involving a quick registry edit and restarting the DNS service. That workaround can be found at https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability.

Source: https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/