Select Page

Cybersecurity researchers today disclosed a new highly critical “wormable” vulnerability—carrying a severity score of 10 out of 10 on the CVSS scale—affecting Windows Server versions 2003 to 2019.

The 17-year-old remote code execution flaw (CVE-2020-1350), dubbed ‘SigRed‘ by Check Point, could allow an unauthenticated, remote attacker to gain domain administrator privileges over targeted servers and seize complete control of an organisation’s IT infrastructure.

A threat actor can exploit SigRed vulnerability by sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution, enabling the hacker to intercept and manipulate users’ emails and network traffic, make services unavailable, harvest users’ credentials and much more.

In a detailed report shared with The Hacker News, the Check Point researcher Sagi Tzadik confirmed that the flaw is wormable in nature, allowing attackers to launch an attack that can spread from one vulnerable computer to another without any human interaction.

“A single exploit can start a chain reaction that allows attacks to spread from vulnerable machine to vulnerable machine without requiring any human interaction,” the researcher said.

“This means that a single compromised machine could be a ‘super spreader,’ enabling the attack to spread throughout an organisation’s network within minutes of the first exploit.”

After the cybersecurity firm responsibly disclosed its findings to Microsoft, the Windows maker prepared a patch for the vulnerability and began rolling it out starting today as part of its July Patch Tuesday, which also includes security updates for 122 other vulnerabilities, with a total 18 flaws listed as critical, and 105 as important in severity.

Microsoft said it found no evidence to show that the bug has been actively exploited by attackers, and advised users to install the patches immediately.

“Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible,” Microsoft said.

images from Hacker News