This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Microsoft users will finally get a fix for a 17-year-old bug that’s existed in the company’s software.
The bug, which was tracked as CVE-2020-1350, was patched out of Microsoft Windows Server on 14 July.
The flaw was rated 10 out of 10 on CVSS, the vulnerability scoring system.
“A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability” Microsoft’s note reads.
“To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server.”
DNS stands for Domain Name System, which translates IP addresses into URLs and is the equivalent of the phone book of the internet.
Windows DNS is one of the most popular kinds of DNS software.
It affects all Windows Server versions, from 2003 to 2019, and had the potential to spread via malware without user interaction.
This could have given hackers the ability to gain access to one machine and use it to access others, similar to the Wannacry bug, which was rated an 8.5 on the CVSS scale.
If a hacker could get access to the local network, via corporate WiFi or an ethernet cable, they could trigger a server takeover.
It is possible such an action could be achieved with a phishing email – an email that pretends to be from a trusted source in order to spread malicious code.
A naïve user clicking that email would give the hacker full control of the DNS server.
The bug “requires no interaction. And not only that, once you’re inside the domain controller that runs the Windows DNS server, expanding your control to the rest of the network is really easy,” Omri Herscovici, Check Point's head of vulnerability research, told Wired. “It’s basically game over.”
“While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible,” Mechele Gruhn, Principal Security Manager, at Microsoft, said.
The bug was discovered by researcher Sagi Tzaik, who works for Israeli security firm Check Point, and has been named SigRed.
Although there is no evidence that the bug has been used, the possibility cannot be ruled out.
“We believe that the likelihood of this vulnerability being exploited is high, as we internally found all of the primitives required to exploit this bug,” Check Point told ZDNet.
“Due to time constraints, we did not continue to pursue the exploitation of the bug (which includes chaining together all of the exploitation primitives), but we do believe that a determined attacker will be able to exploit it.”