Microsoft has patched a major security flaw in Windows DNS server that could be used to execute remote code on machines from outside the network.
The vulnerability had been sitting unnoticed for 17 years until cyber researchers at Checkpoint dove deep into Windows DNS.
Called SIGRed – officially CVE-2020-1350 – the flaw is a buffer overflow caused by a DNS response containing a signature record larger than 64KB.
While the exploitation can be easily leveraged by malicious actors within a network, Checkpoint researchers also found a way to smuggle the malicious DNS packet inside an HTTP payload.
This means a user on an enterprise network could accidentally hand over domain administrator rights to hackers by clicking on a single phishing link.
“As the service is running in elevated privileges (SYSTEM), if exploited successfully, an attacker is granted Domain Administrator rights, effectively compromising the entire corporate infrastructure,” explained security researcher, Sagi Tzadik.
“Successful exploitation of this vulnerability would have a severe impact, as you can often find unpatched Windows Domain environments, especially Domain Controllers.
“In addition, some Internet Service Providers (ISPs) may even have set up their public DNS servers as WinDNS.”
Principal security manager at the Microsoft Security Research Center, Mechele Gruhn, said the security was “wormable” but that it had not yet been exploited in the wild.
“Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction,” Gruhn said.
“Windows DNS Server is a core networking component.
“While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.”
Microsoft’s latest patch has already rolled out to organisations who have automatic updates enabled.
System admins can also make a small registry change as a hotfix before applying the full update.
The registry change simply lowers the maximum DNS response size Windows Server can resolve.