+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: Security (https://www.geeks.fyi/forumdisplay.php?fid=68)
+--- Forum: Security Vendors (https://www.geeks.fyi/forumdisplay.php?fid=87)
+---- Forum: Heimdal Security (https://www.geeks.fyi/forumdisplay.php?fid=130)
+----- Forum: Heimdal Security Blog Articles (https://www.geeks.fyi/forumdisplay.php?fid=138)
+----- Thread: Patch Tuesday (July 2020): Microsoft Fixes a 17-Year-Old Flaw Found in Windows DNS Se (/showthread.php?tid=12190)
Patch Tuesday (July 2020): Microsoft Fixes a 17-Year-Old Flaw Found in Windows DNS Se - harlan4096 - 16 July 20
Quote:Continue Reading
The vulnerability has been rated 10.0 in terms of severity
The recurring monthly security updates from Microsoft are now out. In the July 2020 Patch Tuesday, the Redmond giant released updates to fix 123 vulnerabilities found in Windows and other software. The most notable one is a critical, wormable vulnerability spotted in Windows Server versions from 2003 to 2019. According to Microsoft, the flaw could be exploited anytime soon, so it’s crucial for all organizations to patch their systems as soon as possible as an entire organization’s network could become compromised.
Even though none of the vulnerabilities have been spotted being exploited in the wild so far, we urge you to prioritize this serious security issue and apply your updates immediately!
CVE-2020-1350 has been given a CVSS severity score of 10.0
CVE-2020-1350, dubbed SigRed, is the most recent major concern for system administrators in charge of patching. This is a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that has been classified as a wormable (self-propagating) vulnerability.
It has been rated by Microsoft with a CVSS base score of 10.0, being the result of a flaw in Microsoft’s DNS server role implementation. It affects all Windows Server versions (keep in mind that non-Microsoft DNS Servers are not affected). Basically, an exploitable vulnerability in Windows Server could allow attackers to install malware by sending a specially crafted DNS request.
Why is this vulnerability highly dangerous?
All wormable vulnerabilities can be passed on from endpoint to endpoint through malware without the need for any user interaction. The Windows DNS server is the main network component and if a compromised user with elevated privilege becomes compromised, the attacker could also be granted admin rights. In some cases, the vulnerability can be leveraged remotely through the browser. The attacker could take control of the server and perform malicious actions such as gain complete access to the network, steal the employees’ credentials, etc.
No one has reported the weakness having been exploited in the wild (as of yet), but Microsoft still advises everyone to apply the updates.
Quote:“While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible”.
“DNS is a foundational networking component and commonly installed on Domain Controllers, so a compromise could lead to significant service interruptions and the compromise of high-level domain accounts.”, writes Microsoft.
As reported by ZDNet, the issue has been lingering in Microsoft’s code for 17 years, yet there is no evidence that it has ever been abused in the real world.
...
![[Image: heimdal-logo.svg]](https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/heimdal-logo.svg){kind=logo}