[Image credit: Check Point Research]
A 17-year-old RCE vulnerability in Windows DNS Server was discovered by Check Point Research’s and disclosed today.
As Check Point Research describes, “SIGRed (CVE-2020-1350) is a wormable, critical vulnerability (CVSS base score of 10.0) in the Windows DNS server that affects Windows Server versions 2003 to 2019, and can be triggered by a malicious DNS response. As the service is running in elevated privileges (SYSTEM), if exploited successfully, an attacker is granted Domain Administrator rights, effectively compromising the entire corporate infrastructure”.
Their post goes into detail how the vulnerability works and a workaround, using a registry edit, to eliminate it.
The good news is that today’s (July 2020) patch Tuesday includes a fix for this critical vulnerability.
July 2020 fixes 123 security flaws across 13 products
It is important to note the July 2020 Patch Tuesday fixes 123 security flaws across 13 products, as reported by ZDNet. More information about the affected products and the list of CVEs can be found in the Microsoft MSRC portal’s July 2020 security updates release notes.