Microsoft patches critical, wormable flaw in Windows DNS Server

Microsoft has released a patch addressing a vulnerability that has been present in Windows Domain Name System (DNS) Server for no fewer than 17 years. Dubbed SIGRed, this critical Remote Code Execution (RCE) vulnerability affects all Windows Server versions 2003 through 2019 and, if exploited, could be used to compromise a company’s entire IT infrastructure.

Tracked as CVE-2020-1350, the vulnerability was classified as “wormable” and earned the highest possible score of 10.0 on the Common Vulnerability Scoring System (CVSS) severity scale.

“Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction,” said Mechele Gruhn, a principal security program manager at Microsoft. “While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible,” she added.

Much the same message was dispatched by the United States Cybersecurity and Infrastructure Security Agency (CISA).

The flaw, which can be triggered by a malicious DNS response, was discovered by Check Point researchers, who reported it to Microsoft in May. According to their detailed write-up, an attacker who can exploit the vulnerability would gain Domain Administrator rights and seize control of the target’s entire IT infrastructure. This could entail accessing and stealing documents and tampering with emails or network traffic. The likelihood of the vulnerability being exploited was deemed high.

SIGRed brings echoes of other wormable vulnerabilities, notably BlueKeep in Remote Desktop Protocol (RDP) as well as the vulnerability in the Server Message Block (SMB) protocol that was exploited by EternalBlue. The patch for the newly-identified vulnerability is part of Microsoft’s Patch Tuesday rollout, which fixed a total of 123 security flaws this month, including 18 rated as critical.