Threat Watch

Windows DNS Bug Found After 17 Years

Sagi Tzadik of Check Point Research has recently uncovered a 17-year-old flaw within Windows Server’s DNS implementation. The flaw, dubbed SIGRed, was given CVE number CVE-2020-1350 and rated a 10 on the Common Vulnerability Scoring System (CVSS). SIGRed is a wormable exploit affecting Windows Server 2003 all the way through Server 2019 that is triggered through a malicious DNS response. Because the DNS service runs with SYSTEM level privileges, successful attacks could grant an attacker full domain administrator access.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

SIGRed is a critical-level vulnerability that should be patched immediately. Microsoft has released a fix as part of the normal Patch Tuesday cycle. To find the individual patch for a specific version of Windows Server, see Microsoft’s advisory at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350. If you are unable to apply the patch, a workaround was also released that should be used only as a last resort involving a quick registry edit and restarting the DNS service. That workaround can be found at https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability.

Source: https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support